1.
Table of Contents
2.
SSH Hijacking
2.1.
SSH-Agent Forwarding
2.2.
ControlMaster
3.
Reverse Shells
3.1.
Netcat with SSL
3.2.
Upgrading Shells with Magic
4.
C2
4.1.
Stealth
4.1.1.
JA3 Obfuscation
5.
Web
5.1.
Gitlab
5.1.1.
Adding a Backdoor User
5.1.2.
ExifTool DjVu (CVE-2021-22205)
5.1.3.
Visual Studio CSPROJ Reverse Shell
5.2.
PHP
5.2.1.
Basic PHP Webshell Oneliner
5.2.2.
PHP Filter Gadget Chain
5.3.
Apache
5.3.1.
Apache Struts RCE (CVE-2023-50164)
6.
Linux
6.1.
Privilege Escalation
6.1.1.
SUDO/SUID/etc
7.
Windows
7.1.
AMSI Bypass
7.1.1.
Powershell AMSI Bypass
7.2.
Stealth
7.2.1.
Reflective PE Loader
7.3.
Lateral Movement
7.3.1.
PSExec
7.3.2.
MOF Upload
7.3.3.
WinRM
7.3.4.
PrintNightmare (CVE-2021-1675)
7.4.
Persistence
7.4.1.
Invisible Registry Keys
7.5.
Privilege Escalation
7.5.1.
Outlook Client (CVE-2023-23397)
7.6.
UAC Bypass
7.6.1.
Mock Folder + Trusted Executable DLL Hijacking
8.
Active Directory
8.1.
SharpGPOAbuse
8.2.
Certificate Template Abuse
8.3.
Vulnerabilities
8.3.1.
Zerologon (CVE-2020-1472)
9.
Impact
9.1.
Website Defacement
9.2.
GonnaCope
Contributors
Light
Rust
Coal
Navy
Ayu
Matrix
Hacknum-Opus
Table of Contents
Table of Contents
SSH Hijacking
SSH-Agent Forwarding
ControlMaster
Reverse Shells
Netcat with SSL
Upgrading Shells with Magic
C2
Stealth
JA3 Obfuscation
Web
Gitlab
Adding a Backdoor User
ExifTool DjVu (CVE-2021-22205)
Visual Studio CSPROJ Reverse Shell
PHP
Basic PHP Webshell Oneliner
PHP Filter Gadget Chain
Apache
Apache Struts RCE (CVE-2023-50164)
Linux
Privilege Escalation
SUDO/SUID/etc
Windows
AMSI Bypass
Powershell AMSI Bypass
Stealth
Reflective PE Loader
Lateral Movement
PSExec
MOF Upload
WinRM
PrintNightmare (CVE-2021-1675)
Persistence
Invisible Registry Keys
Privilege Escalation
Outlook Client (CVE-2023-23397)
UAC Bypass
Mock Folder + Trusted Executable DLL Hijacking
Active Directory
SharpGPOAbuse
Certificate Template Abuse
Vulnerabilities
Zerologon (CVE-2020-1472)
Impact
Website Defacement
GonnaCope
Contributors