CVE-2018-8581

CVE-2018-8581

CVE-2018-8581 这是一个邮箱层面的横向渗透和提权漏洞 它可以在拥有了一个普通权限邮箱账号密码后，完成对其他用户(包括域管理员)邮箱收件箱的委托接管 本EXP脚本是在原PoC基础上修改的增强版一键脚本，它将在配置好相关参数后，自动完成目标邮箱inbox收件箱的添加委托和删除委托操作

Techniques that can be used to get from domain user to domain admin

DomainUserToDomainAdminTechniques Techniques that can be used to get from domain user to domain admin Powerup PowerupSQL Find-InterestingFile Invoke-Kerberoast Get-GPPPassword Bloodhound Find-localadminaccess Domain Password Spray Inveigh - LLMNR NBNS Poisioning Get-ExploitableSystem PowerWebShot Invoke-ShareFinder / Invoke-FileFinder SCCM Matt Nelson

具有SMBv2支持的Metasploit NTLM relay模块

HTTP_NTLMRELAYX A Metasploit module for http->smb relay/reflection Avoid some bugs in impacket, and add features not available in the same type of msf modules Author Exist Installation Drop it in the exploit module directory, for example, exploit/windows/smb/ How to use it? set rhosts 19216811 set rport 445 set rtype SMB_AUTOPWN set ruripath c$\\windows run Op

2018年初整理的一些内网渗透TIPS，后面更新的慢，所以公开出来希望跟小伙伴们一起更新维护~

Author: Evi1cg Blog: evi1cggithubio Table of Contents 信息搜集 开源情报信息收集（OSINT） github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对企业外部相关信息进行搜集 子域名获取 进入内网 基于企业弱账�

2018-2020青年安全圈-活跃技术博主/博客

Security-Data-Analysis-and-Visualization 2018-2020青年安全圈-活跃技术博主/博客 声明 所有数据均来自且仅来自公开信息，未加入个人先验知识，如有疑义，请及时联系root@4o4notfoundorg。 公开这批数据是为了大家一起更快更好地学习，请不要滥用这批数据，由此引发的问题，本人将概不负责。 对这

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Intranet Penetration Tips Modified by: z3r0yu Blog: zeroyuxyz PS: 主要增加的内容是自己在做redteam时候的一些技巧 Table of Contents 信息搜集 开源情报信息收集（OSINT） github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对

做redteam时使用，修改自Ridter的https://github.com/Ridter/Intranet_Penetration_Tips

Intranet Penetration CheetSheets Modified by: z3r0yu Blog: zeroyuxyz Table of Contents 信息搜集 开源情报信息收集（OSINT） github whois查询/注册人反查/邮箱反查/相关资产 google hacking 创建企业密码字典 字典列表 密码生成 邮箱列表获取 泄露密码查询 对企业外部相关信息进行搜集 子域名获取 �

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code adPE

Powershell tool to automate Active Directory enumeration.

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code How

adPEAS adPEAS is a Powershell tool to automate Active Directory enumeration In fact, adPEAS is like a wrapper for different other cool projects like PowerView Empire Bloodhound and some own written lines of code As said, adPEAS is a wrapper for other tools They are almost all written in pure Powershell but some of them are included as compressed binary blob or C# code adPE

Collection of quality safety articles

Project Description Collection of quality safety articles(To be rebuilt) collection-document awesome Some are inconvenient to release Some forget update,can see me star 以前的链接中大多不是优质的 渗透测试部分不再更新 因精力有限，缓慢更新 Author: [tom0li] Blog: tom0ligithubio Table of Contents Github-list 预警&a

active-directory-pentest Table of Contents Discovery Privilege Escalation Defense Evasion Credential Dumping Lateral Movement Persistence Defense & Detection Discovery SPN Scanning SPN Scanning – Service Discovery without Network Port Scanning Active Directory: PowerShell script to list all SPNs used Discovering Service Accounts Without Using Privileges Data

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

https://github.com/infosecn1nja/AD-Attack-Defense

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Project Description Collection of quality safety articles(To be rebuilt) Some are inconvenient to release Some forget update,can see me star collection-document awesome 以前的链接中大多不是优质的 渗透测试部分不再更新 因精力有限，缓慢更新 Author: [tom0li] Blog: tom0ligithubio Projec

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

AD-Attack-Defense

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

CVEs enumerated by FireEye and that should be addressed to limit the effectiveness of leaked the Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Fortigate SSL VPN

vFeed CVEs Vulnerability Indicators that should be addressed to limit the effectiveness of the Leaked FireEye Red Team tools CVE-2019-11510 – pre-auth arbitrary file reading from Pulse Secure SSL VPNs - CVSS 100 CVE-2020-1472 – Microsoft Active Directory escalation of privileges - CVSS 100 CVE-2018-13379 – pre-auth arbitrary file reading from Fortinet Forti

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Attack and defend active directory using modern post exploitation adversary tradecraft activity

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

AD_Pentest 红队|域渗透重要漏洞汇总(持续更新) 欢迎加入免费知识星球《网安成长营》一起交流讨论技术： tzsxqcom/08Ac3CEkC 目录： 可直接拿域控 MS14-068 CVE-2020-1472 CVE-2021-42287&42278 CVE-2021-1675/CVE-2021-34527 CVE-2019-1040 域委派攻击 NTLM Relay ADCS漏洞--ESC8(PetitPotam)(ADCS relay) ADCS漏洞--CVE

AD_Pentest 红队|域渗透重要漏洞汇总(持续更新) 欢迎加入免费知识星球《网安成长营》一起交流讨论技术： tzsxqcom/08Ac3CEkC [TOC] 可直接拿域控 MS14-068 kerberos认证，no PAC 用户在向 Kerberos 密钥分发中心（KDC）申请TGT（由票据授权服务产生的身份凭证）时，可以伪造自己的 Kerberos 票据 �

Active Directory Kill Chain Attack & Defense Summary This document was designed to be a useful, informational asset for those looking to understand the specific tactics, techniques, and procedures (TTPs) attackers are leveraging to compromise active directory and guidance to mitigation, detection, and prevention And understand Active Directory Kill Chain Attack and Mo

PenetrationTesting English Version Github的Readme显示不会超过4000行，而此Repo添加的工具和文章近万行，默认显示不全。当前页面是减配版：工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版：中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

信息收集

RedTeam 信息收集 项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 另一个专门扫描破解的项目 另一个红队资

“网址”传输助手，记载一下平时用到好的在线网址。

Resource-list author：Echocipher mail：echocipher@163com blog：echociphergithubio 项目起因来源于看到别人分享的blog链接大全，于是参考了一下其中的内容形成了本项目，如果侵权，敬请告知。整理了格式，添加了一些自己平时会用到的内容，难免重复或者疏漏，如果您有推荐的相关内容或者其�

PenetrationTesting English Version Github的Readme显示不会超过4000行，而此Repo添加的工具和文章近万行，默认显示不全。当前页面是减配版：工具星数少于200且500天内没更新的不在此文档中显示。 点击这里查看完整版：中文-完整版 目录 工具 新添加的 (854) 新添加的 未分类 人工智能&&a

2019年红队资源链接，资源不是本人整理出来，来自互联网，因为流传的少，特意在此做个备份，做个分享。

项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

Red-Team Attack Guid

项目简介 项目用于收集和归纳Red Team的以下几个方面 Red Team攻击思维 Red Team攻击工具 Red Team攻击方法 精华内容 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学（Cornell University）开放文档 wwwowas

## суть RT -mitre-attackgithubio/ Краткое изложение вики технологии атак от организации miter Technology -[huntingdaygithubio](huntingdaygithubio/) MITER | ATT & CK Chinese station -[arxivorg](arxivorg/) Корнельский университет (Cornell University)

项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

redtool 日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种，缓慢积累中 redtool 文件说明 相关资源列表 攻防测试手册 内网安全文档 学习手册相关资源 checklist和基础安全知识 产品设计文档 学习靶场 漏洞复现 开源漏洞库 �

日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种

redtool 日常积累的一些红队工具及自己写的脚本，更偏向于一些diy的好用的工具，并不是一些比较常用的msf/awvs/xray这种，缓慢积累中 说明 文件名 说明 cve-2017-10271py 漏洞poc cve-2020-0796-scannerzip 漏洞扫描器 HTTP代码爬取zip http代理池中爬取可用代理 Layer子域名挖掘机zip 子域名�

相关资源列表 mitre-attackgithubio/ mitre 科技机构对攻击技术的总结 wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学（Cornell University）开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP 项目 wwwirongeekcom/iphp?page=security/hackingillustrated 国内外安全大会�

项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

目录导航 相关资源列表 攻防测试手册 内网安全文档 学习手册相关资源 Checklist 和基础安全知识 产品设计文档 学习靶场 漏洞复现 开源漏洞库 工具包集合 漏洞收集与 Exp、Poc 利用 物联网路由工控漏洞收集 Java 反序列化漏洞收集 版本管理平台漏洞收集 MS 与 Office 漏洞收集 Kali 环境下拓展�

RedTeam 项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 和一个著名的蓝队项目：githubcom/meitar/awesome-c

项目简介 一个 Red Team 攻击的生命周期，整个生命周期包括： 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、在所有攻击结束之后清理并退出战场。 相关资源列表 mitre-attackgithubio/ mitre科技机构对

简介 RedTeam活动周期各阶段资源整理。 相关资源 mitre-attackgithubio/ mitre科技机构对攻击技术的总结wiki huntingdaygithubio MITRE | ATT&CK 中文站 arxivorg 康奈尔大学（Cornell University）开放文档 wwwowasporgcn/owasp-project/owasp-things OWASP项目 wwwirongeekcom/iphp

项目简介 信息收集、攻击尝试获得权限、持久性控制、权限提升、网络信息收集、横向移动、数据分析（在这个基础上再做持久化控制）、擦痕迹。 安全相关资源列表 arxivorg 康奈尔大学（Cornell University）开放文档 githubcom/sindresorhus/awesome awesome系列 wwwowasporgcn/owasp-pr

hacking tools awesome lists

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents ASP Arduino Assembly AutoHotkey AutoIt Batchfile Boo C C# C++ CMake CSS CoffeeScript Dart Dockerfile Emacs Lisp Erlang Game Maker Language Go HTML Haskell Java JavaScript Jupyter Notebook KiCad Kotlin Logos Lua M Makefile Markdown Mask Max Nginx OCaml Objective-C Objective-C++ Others PHP PLSQL P

信息收集 主机信息收集 敏感目录文件收集 目录爆破 字典 BurpSuite 搜索引擎语法 Google Hack DuckDuckgo 可搜索微博、人人网等屏蔽了主流搜索引擎的网站 Bing js文件泄漏后台或接口信息 快捷搜索第三方资源 findjs robotstxt 目录可访问（ autoindex ） iis短文件名 IIS-ShortName-Scanner

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 961 CVE-2022-0847-

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 975 CVE-2022-0847-

TOP all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things Table of Contents 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2022 star name url des 988 CVE-2022-0847-

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2023 star updated_at name url des 304 2023-03-18T21:10:14Z Windows_LPE_AFD_CVE-2023-21768 githubcom/chompie1337/Wi

Table of Contents 2023 year top total 30 2022 year top total 30 2021 year top total 30 2020 year top total 30 2019 year top total 30 2018 year top total 30 2017 year top total 30 2016 year top total 30 2015 year top total 30 2014 year top total 30 2013 year top total 30 2012 year top total 30 2011 year top total 30 2010 year top total 30 2009 year top total 30 2008 year top to

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr