Exploit Notes
Sticky notes for pentesting. Search hacking techniques and tools for penetration testings, bug bounty, CTF.
Reconnaissance
Linux
Privilege Escalation
- Ansible Playbook Privilege Escalation
- Apache Conf Privilege Escalation
- Bash eq Privilege Escalation
- Buffer Overflow Privilege Escalation
- Chrome Remote Debugger Pentesting
- Linux Privilege Escalation
- Mozilla Pentesting
- OpenSSL Privilege Escalation
- PolKit Privilege Escalation
- Privilege Escalation with Wildcard Injection
- Python Jails Escape
- Python Privilege Escalation
- Python Yaml Privilege Escalation
- Ruby Privilege Escalation
- Snapd Privilege Escalation
- Update-Motd Privilege Escalation
Sudo PrivEsc
- Sudo ClamAV Privilege Escalation
- Sudo Dstat Privilege Escalation
- Sudo Exiftool Privilege Escalation
- Sudo Fail2ban Privilege Escalation
- Sudo Git Privilege Escalation
- Sudo Java Privilege Escalation
- Sudo OpenVPN Privilege Escalation
- Sudo Path Traversal Privilege Escalation
- Sudo Privilege Escalation
- Sudo Privilege Escalation by Overriding Shared Library
- Sudo Reboot Privilege Escalation
- Sudo Screen Privilege Escalation
- Sudo Service Privilege Escalation
- Sudo Shutdown, Poweroff Privilege Escalation
- Sudo Systemctl Privilege Escalation
- Sudo Tee Privilege Escalation
- Sudo Umount Privilege Escalation
- Sudo Vim Privilege Escalation
- Sudo Wall Privilege Escalation
- Sudo Wget Privilege Escalation
- Sudoedit Privilege Escalation
Post Exploitation
Others
Web
Methods
- HTTP Rate Limit Bypass
- Virtual Hosts (VHOSTS) Enumeration
- WAF (Web Application Firewall) Detection
- Web Basic Pentesting
- Web Content Discovery
- Web Login Bypass
Security Risks
- Blind XXE
- Broken Access Control
- Business Logic Attack
- CORS (Cross-Origin Resource Sharing) Attack
- CRLF (Carriage Return Line Feed) Injection
- CSRF (Cross-Site Request Forgery)
- Cookie Hijacking
- Directory (Path) Traversal
- File Inclusion
- File Upload Attack
- HTTP Request Smuggling
- IDOR (Insecure Direct Object References) Attack
- Insecure Deserialization
- JSON.NET Deserialization
- NoSQL Injection
- Node.js Deserialization Attack
- OAuth Attack
- OS Command Injection
- Open Redirect
- PHP Object Injection
- Redis SSRF
- SQL Injection Cheat Sheet
- SQL Injection with Sqlmap
- SSRF (Server-Side Request Forgery)
- SSTI (Server-Side Template Injection)
- XSS (Cross-Site Scripting)
- XSS with Dynamic PDF
- XST (Cross-Site Tracing)
- XXE (XML External Entity)
CMS
- Bolt CMS Pentesting
- CMS (Content Management System) Pentesting
- Cockpit CMS Pentesting
- Concrete CMS Pentesting
- FUEL CMS Pentesting
- Joomla CMS Pentesting
- Mara CMS Pentesting
- Subrion CMS Pentesting
- TYPO3 Pentesting
- WordPress Pentesting
Frameworks
- AJP (Apache JServ Protocol) Pentesting
- Angular Pentesting
- Apache Struts Pentesting
- Django Pentesting
- Flask Jinja2 Pentesting
- Python Pickle RCE
- Spring Cloud Function RCE
- Spring Pentesting
- Werkzeug Pentesting
API
Others
- Apache ActiveMQ Pentesting
- Apache Tomcat Pentesting
- Atlassian Confluence Pentesting
- Browser in the Browser (BITB) Attack
- ClipBucket Pentesting
- Code Deobfuscation
- Codiad Pentesting
- Dompdf RCE
- Dump Git Repository from Website
- Grafana Pentesting
- HashiCorp Consul Pentesting
- JBOSS Pentesting
- JWT (Json Web Token) Pentesting
- Jenkins Pentesting
- Log4j Pentesting
- OpenCATS Pentesting
- PHP Srand Time Abusing
- Restaurant Management System (RMS) Pentesting
- TeamCity Pentesting
- Tiny File Manager Pentesting
- Web Browser Settings for Pentesting
- Web PHP Pentesting
- WebAnno Pentesting
- WebDAV Pentesting
- WebSocket Pentesting
- Webmin Pentesting
Network
Protocols
- Dynamic Host Configuration Protocol (DHCP) Pentesting
- FTP (File Transfer Protocol) Pentesting
- IRC (Internet Relay Chat) Pentesting
- Memcache Pentesting
- Modbus Pentesting
- NFS (Network File System) Pentesting
- NTP (Network Time Protocol) Pentesting
- RTSP (Real Time Streaming Protocol) Pentesting
- Restricted Shell (rbash, rzsh) Bypass
- SNMP (Simple Network Management Protocol) Pentesting
- SSH (Secure Shell) Pentesting
- TFTP (Trivial File Transfer Protocol) Pentesting
- Telnet Pentesting
- UPnP (Universal Plug and Play) Pentesting
- VNC (Virtual Network Computing) Pentesting
- WASTE Pentesting
Port Forwarding
- Port Forwarding with Chisel
- Port Forwarding with Plink
- Port Forwarding with SSH
- Port Forwarding with Socat
Others
Windows
Active Directory
- AD CS (Active Directory Certificate Services) Pentesting
- AS-REP Roasting
- Active Directory Pentesting
- BloodHound SharpHound for Active Directory
- Kerberos Pentesting
- LAPS (Local Administrator Password Solution) Pentesting
- LDAP (Lightweight Directory Access Protocol) Pentesting
- NTLM (New Technology LAN Manager) Pentesting
- Netlogon Elavasion of Privilege
- SMB (Server Message Block) Pentesting
Protocols
- MSRPC (Microsoft Remote Procedure Call) Pentesting
- RDP (Remote Desktop Protocol) Pentesting
- WinRM (Windows Remote Management) Pentesting
Privilege Escalation
- Iperius Backup Service Privilege Escalation
- Mimikatz
- UAC Windows Privilege Escalation
- Windows PrivEsc with Registry Keys
- Windows PrivEsc with SeBackupPrivilege
- Windows PrivEsc with Unquoted Service Path
- Windows Privilege Escalation
Others
Database
Container
Docker
Kubernetes
Cryptography
- AES (Advanced Encryption Standard)
- Atbash Cipher
- Base32, Base64
- Caesar Cipher
- Camellia Cipher
- Certificates
- Cryptography
- Fernet
- GPG (GNU Privacy Guard)
- HMAC
- John the Ripper
- MD4, MD5
- Multi-Tap Cipher
- NTLM, NTLMv2 Cracking
- PEM (Privacy Enhanced Mail) Cracking
- PGP (Pretty Good Privacy) Cracking
- PKCS (Public-Key Cryptography Standards) Cracking
- Padding Oracle Attack
- RAR (Roshal Archive) Cracking
- RIPEMD
- ROT13, ROT47
- RSA (Rivest Shamir Adleman)
- SHA1 Hash Collision Attack
- SHA1, SHA256, SHA512 Cracking
- Transposition Cipher
- Vigenere Cipher