In this post I would like to talk about shadow credential attack that can be exploited by abusing AddKeyCredentialLink privilege in an Active Directory Infrastructure. 1-What is shadow credential ? It is a technique allowing an...
Category - pentest
Recently, I’ve discovered a new way to escalate privilege on windows through WSUS when HTTP protocol is used instead of HTTPS. In this quick explanation I’ll describe what WSUS is, explain how to detect the vulnerability and...
SQL Injection whitebox approach (final part) Dear readers, in parts 1 and 2, we worked on files and patterns identification, enabling database logging and sending requests with a custom python script. In this 3rd and final...
SQL Injection whitebox approach (part2) In the part 1 of this serie, we worked on : Identification of the files we want to deal with; Defining the pattern we will be looking for in the file, for us to inject our payload (GET...
SQL Injection whitebox approach (part1) Have you ever been in a situation where you have a bunch of code to review ? Let’s take an example of Atutor, a fully working Learning Management System (LMS) available at which...
After many months of updating my privileges escalation skills on Linux, I’ve decided to release a script. I have written this based on my experiences with more than 150 linux boxes. While there is already many scripts for...
Hi people! Here I am writing a quick guide for windows privilege escalation. If you’re learning pentesting, this can help you. This guide is based on my own experience, feel free to customize it. We are assuming you...