2f:[["$","aside",null,{"data-testid":"table-of-contents","id":"table-of-contents","className":"group text-sm grow-0 shrink-0 basis-full lg:basis-72 lg:page-no-toc:basis-56 relative z-1 lg:sticky lg:mr-12 lg:top-0 lg:h-screen lg:announcement:h-[calc(100vh-4.25rem)] lg:site-header:top-16 lg:site-header:h-[calc(100vh-4rem)] lg:announcement:site-header:h-[calc(100vh-4rem-4.25rem)] lg:site-header-sections:top-27 lg:site-header-sections:h-[calc(100vh-6.75rem)] lg:site-header-sections:announcement:h-[calc(100vh-6.75rem-4.25rem)] lg:[html[style*=\"--toc-top-offset\"]_&]:top-(--toc-top-offset)! lg:[html[style*=\"--toc-height\"]_&]:h-(--toc-height)! lg:page-no-toc:[html[style*=\"--outline-top-offset\"]_&]:top-(--outline-top-offset)! lg:page-no-toc:[html[style*=\"--outline-height\"]_&]:top-(--outline-height)! pt-4 pb-4 lg:sidebar-filled:pr-6 lg:page-no-toc:pr-0 hidden navigation-open:flex! lg:flex lg:page-no-toc:hidden xl:page-no-toc:flex lg:site-header-none:page-no-toc:flex flex-col gap-4 navigation-open:border-b border-tint-subtle","children":[null,["$","div",null,{"className":"lg:-ms-5 relative flex grow flex-col overflow-hidden border-tint-subtle sidebar-filled:bg-tint-subtle theme-muted:bg-tint-subtle [html.sidebar-filled.theme-muted_&]:bg-tint-base [html.sidebar-filled.theme-bold.tint_&]:bg-tint-base [html.sidebar-filled.theme-gradient_&]:border page-no-toc:bg-transparent! page-no-toc:border-none! sidebar-filled:rounded-xl straight-corners:rounded-none page-has-toc:[html.sidebar-filled.circular-corners_&]:rounded-3xl","children":[["$","div",null,{"className":"my-4 flex flex-col space-y-4 px-5 empty:hidden","children":[false,false,null]}],["$","$L3c",null,{"className":"flex grow flex-col p-2 pt-4 lg:pb-20 hide-scrollbar overflow-y-auto","children":[["$","$L3d",null,{"pages":[{"id":"7kvRuqa83P1HnUU0cNfj","title":"README - Preperation","href":"/","emoji":"1f409","pathnames":["","readme-preperation"],"type":"document"},{"id":"1gkwYygJ7Oawk5NSOOuH","title":"Proof","href":"/proof","pathnames":["proof"],"type":"document"},{"id":"SIyg0HMOYYlpOiXy8W10","title":"Services","descendants":[{"id":"p9wcZDFJUbxVcNo77NeB","title":"Inital Scans","href":"/services/inital-scans","pathnames":["services/inital-scans"],"type":"document"},{"id":"lunZzzzGj9RrPpzwuvGs","title":"LDAP ","href":"/services/ldap-less-than-tcp-389-636-greater-than","pathnames":["services/ldap-less-than-tcp-389-636-greater-than"],"type":"document"},{"id":"ucN6aOZVM7FvavpcqOeu","title":"DNS ","href":"/services/dns-less-than-udp-53-greater-than","pathnames":["services/dns-less-than-udp-53-greater-than"],"type":"document"},{"id":"CHjl3MB0nYDHyLquNMr6","title":"FTP ","href":"/services/ftp-less-than-tcp-21-greater-than","pathnames":["services/ftp-less-than-tcp-21-greater-than"],"type":"document"},{"id":"4g2g8DAypMzRJuurF4X3","title":"SMB ","href":"/services/smb-less-than-tcp-445-139-greater-than","pathnames":["services/smb-less-than-tcp-445-139-greater-than"],"type":"document"},{"id":"ar7k3Od04D0V3s1h7cHx","title":"SNMP ","href":"/services/snmp-less-than-udp-161-greater-than","pathnames":["services/snmp-less-than-udp-161-greater-than"],"type":"document"},{"id":"3Y26LMVZGDY6G8fxZb0n","title":"MySQL","href":"/services/mysql-less-than-tcp-3306-greater-than","pathnames":["services/mysql-less-than-tcp-3306-greater-than"],"type":"document"},{"id":"v2ksvgJfhz8UFp6iHVqZ","title":"MSSQL ","href":"/services/mssql-less-than-tcp-1433-greater-than","pathnames":["services/mssql-less-than-tcp-1433-greater-than"],"type":"document"},{"id":"6DmBybiQve4uLm3ru5Ii","title":"SMTP ","href":"/services/smtp-less-than-tcp-25-greater-than","pathnames":["services/smtp-less-than-tcp-25-greater-than"],"type":"document"},{"id":"RQV4TAfnYZPrpIPkCJfK","title":"POP3 ","href":"/services/pop3-less-than-tcp-110-greater-than","pathnames":["services/pop3-less-than-tcp-110-greater-than"],"type":"document"},{"id":"zwdXBI13pjj3m2VUZMc6","title":"IMAP ","href":"/services/imap-less-than-tcp-143-greater-than","pathnames":["services/imap-less-than-tcp-143-greater-than"],"type":"document"},{"id":"hmGz4rOYw2GbkrAQMTex","title":"IDENT ","href":"/services/ident-less-than-tcp-113-greater-than","pathnames":["services/ident-less-than-tcp-113-greater-than"],"type":"document"},{"id":"v1a0YjbaXLMAAGxQqc0J","title":"WEBDAV","href":"/services/webdav","pathnames":["services/webdav"],"type":"document"},{"id":"k90yyNQHVcZJfOBTsHIS","title":"SSH ","href":"/services/ssh-less-than-tcp-22-greater-than","pathnames":["services/ssh-less-than-tcp-22-greater-than"],"type":"document"},{"id":"m4ebE8G0ZRjjqyuDVhk8","title":"Port Knocking","href":"/services/port-knocking","pathnames":["services/port-knocking"],"type":"document"},{"id":"gjJw7ojbsyzKuIDmpdI7","title":"Web Sockets","href":"/services/web-sockets","pathnames":["services/web-sockets"],"type":"document"},{"id":"St2APHaHZoVVdZybAJEq","title":"Misc","href":"/services/misc","pathnames":["services/misc"],"descendants":[{"id":"QlDTPHenPeloj9tEcxTn","title":"PWNCAT","href":"/services/misc/pwncat","pathnames":["services/misc/pwncat"],"type":"document"},{"id":"SV1Q49uLkQW9NmhyXfR1","title":"WordPress","href":"/services/misc/wordpress","pathnames":["services/misc/wordpress"],"type":"document"},{"id":"9UHLaubv8JKqoLM92Jlz","title":"Keepass","href":"/services/misc/keepass","pathnames":["services/misc/keepass"],"type":"document"},{"id":"lSdM3Ta9aNvCtZkm9UiB","title":"Git","href":"/services/misc/git","pathnames":["services/misc/git"],"type":"document"},{"id":"OZopdVpdhQfnuSlxE3Q4","title":"Site Scraping","href":"/services/misc/site-scraping","pathnames":["services/misc/site-scraping"],"type":"document"}],"type":"document"}],"type":"group"},{"id":"DwgrLPbfMrTTRAtuBn56","title":"Web Applications","descendants":[{"id":"jZT4lOVgBd4nTe6vfT1a","title":"Checklist","href":"/web-applications/checklist","pathnames":["web-applications/checklist"],"type":"document"},{"id":"6nBAqZMhcWzbF2MmiId3","title":"SQL Injection","href":"/web-applications/sql-injection","pathnames":["web-applications/sql-injection"],"descendants":[{"id":"sK114vEM6QXCJYFQaSOb","title":"MySQL Cheatsheet","href":"/web-applications/sql-injection/mysql-cheatsheet","pathnames":["web-applications/sql-injection/mysql-cheatsheet"],"type":"document"},{"id":"JkVh5v5IjlmcvEfk53Zh","title":"MSSQL Cheatsheet","href":"/web-applications/sql-injection/mssql-cheatsheet","pathnames":["web-applications/sql-injection/mssql-cheatsheet"],"type":"document"},{"id":"iglt0MTZsBpFArqwXRPv","title":"Postgres Cheatsheet","href":"/web-applications/sql-injection/postgres-cheatsheet","pathnames":["web-applications/sql-injection/postgres-cheatsheet"],"type":"document"},{"id":"dvKKy2UtyvbPZrHFLa18","title":"Payloads","href":"/web-applications/sql-injection/payloads","pathnames":["web-applications/sql-injection/payloads"],"type":"document"},{"id":"dEcxir0e0y6QvotYfwQp","title":"SQLMap","href":"/web-applications/sql-injection/sqlmap","pathnames":["web-applications/sql-injection/sqlmap"],"type":"document"},{"id":"W6RJFfPMVE3rNQRD8yjV","title":"Page","href":"/web-applications/sql-injection/page","pathnames":["web-applications/sql-injection/page"],"type":"document"}],"type":"document"},{"id":"a9e3HYSPc5OXYsj0yTqv","title":"File Upload","href":"/web-applications/file-upload","pathnames":["web-applications/file-upload"],"type":"document"},{"id":"DVfn1jdHcqkMtvNPDQxK","title":"Directory Traversal","href":"/web-applications/directory-traversal","pathnames":["web-applications/directory-traversal"],"type":"document"},{"id":"V68r71VVNHRjU18c7Kth","title":"LFI & RFI","href":"/web-applications/lfi-and-rfi","pathnames":["web-applications/lfi-and-rfi"],"descendants":[{"id":"uQqIO7rUVJRotrgT77LK","title":"PHP Wrappers","href":"/web-applications/lfi-and-rfi/php-wrappers","pathnames":["web-applications/lfi-and-rfi/php-wrappers"],"type":"document"}],"type":"document"},{"id":"gb83uChg1rSpKfqVSVdQ","title":"SSRF","href":"/web-applications/ssrf","pathnames":["web-applications/ssrf"],"type":"document"},{"id":"gyjiMkNV95fxNZecc5jl","title":"Command injection","href":"/web-applications/command-injection","pathnames":["web-applications/command-injection"],"type":"document"},{"id":"Dk95rg7aRBBxMxzjYI9x","title":"XXS","href":"/web-applications/xxs","pathnames":["web-applications/xxs"],"type":"document"},{"id":"ZpRajniDO2RPktrJSkw6","title":"APIs","href":"/web-applications/apis","pathnames":["web-applications/apis"],"type":"document"},{"id":"OEM56uZtGGx7tWl8drdM","title":"PHP Applications","href":"/web-applications/php-applications","pathnames":["web-applications/php-applications"],"type":"document"},{"id":"2wdBTB2XbajIeXGQLVas","title":"Source Code","href":"/web-applications/source-code","pathnames":["web-applications/source-code"],"type":"document"},{"id":"R6bxha8VrZA8gcu8FQMa","title":"Brute Forcing and Spraying","href":"/web-applications/brute-forcing-and-spraying","pathnames":["web-applications/brute-forcing-and-spraying"],"type":"document"},{"id":"qkArSNpFKZulC8G790hS","title":"Payloads","href":"/web-applications/payloads","pathnames":["web-applications/payloads"],"type":"document"},{"id":"ELwag4icz1MrBbPCsauA","title":"Compiling Exploits","href":"/web-applications/compiling-exploits","pathnames":["web-applications/compiling-exploits"],"type":"document"},{"id":"lG9qiOVsiOS7rRnEyYmd","title":"Foothold","href":"/web-applications/foothold","pathnames":["web-applications/foothold"],"type":"document"},{"id":"DDKhxB5pD41kS2SLp9EK","title":"Node.js","href":"/web-applications/node.js","pathnames":["web-applications/node.js"],"type":"document"},{"id":"D7UCmSQ3zcOmTiB4L7zm","title":"Misc","href":"/web-applications/misc","pathnames":["web-applications/misc"],"type":"document"}],"type":"group"},{"id":"afaE7hDxH4zBosIfnptx","title":"Active Directory","descendants":[{"id":"rQCeHTzHjCPQ4peR0T8d","title":"Checklist","href":"/active-directory/checklist","pathnames":["active-directory/checklist"],"type":"document"},{"id":"LobAbzYiSFtZi8Un3uHQ","title":"Initial Attack Strategy","href":"/active-directory/initial-attack-strategy","pathnames":["active-directory/initial-attack-strategy"],"descendants":[{"id":"WOWbBEwK3jEl5zVjwiON","title":"LLMNR Poisoning","href":"/active-directory/initial-attack-strategy/llmnr-poisoning","pathnames":["active-directory/initial-attack-strategy/llmnr-poisoning"],"type":"document"},{"id":"PicBL1twZusIx8BqDMwL","title":"SMB Relay","href":"/active-directory/initial-attack-strategy/smb-relay","pathnames":["active-directory/initial-attack-strategy/smb-relay"],"type":"document"},{"id":"XyV96UFYlrH5uwdUMnnA","title":"Shell Acess","href":"/active-directory/initial-attack-strategy/shell-acess","pathnames":["active-directory/initial-attack-strategy/shell-acess"],"type":"document"},{"id":"Rk2JdmDRx3VnHlfacX8j","title":"IPv6 Attacks","href":"/active-directory/initial-attack-strategy/ipv6-attacks","pathnames":["active-directory/initial-attack-strategy/ipv6-attacks"],"type":"document"},{"id":"5akKn44E2mMiJwojzNOB","title":"Kerbrute","href":"/active-directory/initial-attack-strategy/kerbrute","pathnames":["active-directory/initial-attack-strategy/kerbrute"],"type":"document"},{"id":"rnBwnY90BORBAg0Yy7g8","title":"AS-REP Roasting","href":"/active-directory/initial-attack-strategy/as-rep-roasting","pathnames":["active-directory/initial-attack-strategy/as-rep-roasting"],"type":"document"},{"id":"7bC8d7n4o6G9Jqy3TCpe","title":"RPC","href":"/active-directory/initial-attack-strategy/rpc","pathnames":["active-directory/initial-attack-strategy/rpc"],"type":"document"},{"id":"wBC12viWq54N9SOzlP1l","title":"Passback Attack","href":"/active-directory/initial-attack-strategy/passback-attack","pathnames":["active-directory/initial-attack-strategy/passback-attack"],"type":"document"},{"id":"cSXmrgMvUhCDjLYs7Ebf","title":"Misc","href":"/active-directory/initial-attack-strategy/misc","pathnames":["active-directory/initial-attack-strategy/misc"],"type":"document"}],"type":"document"},{"id":"xGKxhd4J6ZlYSCoK4DGl","title":"Post-Compromise Enumeration","href":"/active-directory/post-compromise-enumeration","pathnames":["active-directory/post-compromise-enumeration"],"descendants":[{"id":"rnRfCGlZpAVu9tO40fcL","title":"ldapsearch","href":"/active-directory/post-compromise-enumeration/ldapsearch","pathnames":["active-directory/post-compromise-enumeration/ldapsearch"],"type":"document"},{"id":"DD90uos7cy21cK6zMQiK","title":"Ldapdomaindump","href":"/active-directory/post-compromise-enumeration/ldapdomaindump","pathnames":["active-directory/post-compromise-enumeration/ldapdomaindump"],"type":"document"},{"id":"vCPWyi15Hkz2ifXnlDeV","title":"Bloodhound","href":"/active-directory/post-compromise-enumeration/bloodhound","pathnames":["active-directory/post-compromise-enumeration/bloodhound"],"descendants":[{"id":"1QPHdogikaZq8kEWNWIX","title":"Attack Paths","href":"/active-directory/post-compromise-enumeration/bloodhound/attack-paths","pathnames":["active-directory/post-compromise-enumeration/bloodhound/attack-paths"],"type":"document"}],"type":"document"},{"id":"UezeA9fiAGQfoOdSiKW6","title":"Plumhound","href":"/active-directory/post-compromise-enumeration/plumhound","pathnames":["active-directory/post-compromise-enumeration/plumhound"],"type":"document"}],"type":"document"},{"id":"PLPFGm9QgQHytINCgfha","title":"Lateral Movement","href":"/active-directory/lateral-movement","pathnames":["active-directory/lateral-movement"],"descendants":[{"id":"nkufEjns1MlafPxSbrvg","title":"DCOM","href":"/active-directory/lateral-movement/dcom","pathnames":["active-directory/lateral-movement/dcom"],"type":"document"},{"id":"eXscWAnPlDiTAWnxczBJ","title":"Pass the Hash","href":"/active-directory/lateral-movement/pass-the-hash","pathnames":["active-directory/lateral-movement/pass-the-hash"],"type":"document"},{"id":"RWI0erjtPmGebnQbPjT9","title":"Pass the Ticket","href":"/active-directory/lateral-movement/pass-the-ticket","pathnames":["active-directory/lateral-movement/pass-the-ticket"],"type":"document"},{"id":"rvixvoMvio7lEJ5U4Zg5","title":"Overpass the Hash","href":"/active-directory/lateral-movement/overpass-the-hash","pathnames":["active-directory/lateral-movement/overpass-the-hash"],"type":"document"},{"id":"IpAM1z3asqwtqFm1C132","title":"LOTL WMI and WinRM","href":"/active-directory/lateral-movement/lotl-wmi-and-winrm","pathnames":["active-directory/lateral-movement/lotl-wmi-and-winrm"],"type":"document"}],"type":"document"},{"id":"YQVrnEeAPRQGGgEBgK6Q","title":"Post-Compromise Attacks","href":"/active-directory/post-compromise-attacks","pathnames":["active-directory/post-compromise-attacks"],"descendants":[{"id":"bPB1UDiJuRIUI0gRbzdv","title":"Kerberoasting","href":"/active-directory/post-compromise-attacks/kerberoasting","pathnames":["active-directory/post-compromise-attacks/kerberoasting"],"type":"document"},{"id":"OyVZB1dT4dUZiNrILVmB","title":"Silver Ticket","href":"/active-directory/post-compromise-attacks/silver-ticket","pathnames":["active-directory/post-compromise-attacks/silver-ticket"],"type":"document"},{"id":"L2tMKJwqUjgd44yfYhbn","title":"noPac or noCap ?","href":"/active-directory/post-compromise-attacks/nopac-or-nocap","pathnames":["active-directory/post-compromise-attacks/nopac-or-nocap"],"type":"document"},{"id":"qZ4Or7k7frgcf4yn78IL","title":"RPC Password Change","href":"/active-directory/post-compromise-attacks/rpc-password-change","pathnames":["active-directory/post-compromise-attacks/rpc-password-change"],"type":"document"},{"id":"0DWENbSUmk5h15oIxSC1","title":"Mimikatz","href":"/active-directory/post-compromise-attacks/mimikatz","pathnames":["active-directory/post-compromise-attacks/mimikatz"],"type":"document"},{"id":"l6sGl8DVbqNrgD9oJ095","title":"Knock and Pass Kerberos","href":"/active-directory/post-compromise-attacks/knock-and-pass-kerberos","pathnames":["active-directory/post-compromise-attacks/knock-and-pass-kerberos"],"type":"document"},{"id":"EXYaSLiju3NGQjs2v7mG","title":"Dumping and Cracking Hashes","href":"/active-directory/post-compromise-attacks/dumping-and-cracking-hashes","pathnames":["active-directory/post-compromise-attacks/dumping-and-cracking-hashes"],"type":"document"},{"id":"DjcTivhemytZkBBkQ5tn","title":"Token Impersonation","href":"/active-directory/post-compromise-attacks/token-impersonation","pathnames":["active-directory/post-compromise-attacks/token-impersonation"],"type":"document"},{"id":"UOSEvcw9oLlUnsvIzuWf","title":"LNK File Attacks","href":"/active-directory/post-compromise-attacks/lnk-file-attacks","pathnames":["active-directory/post-compromise-attacks/lnk-file-attacks"],"type":"document"},{"id":"On3R5PWYtvSHfPGaRY0v","title":"GPP / cPassword Attacks","href":"/active-directory/post-compromise-attacks/gpp-cpassword-attacks","pathnames":["active-directory/post-compromise-attacks/gpp-cpassword-attacks"],"type":"document"},{"id":"BqyKaCdRecqWLmyeSNFJ","title":"AD CS Attacks","href":"/active-directory/post-compromise-attacks/ad-cs-attacks","pathnames":["active-directory/post-compromise-attacks/ad-cs-attacks"],"type":"document"},{"id":"xRpgOm6DXXT1huozRgBZ","title":"misc","href":"/active-directory/post-compromise-attacks/misc","pathnames":["active-directory/post-compromise-attacks/misc"],"type":"document"}],"type":"document"},{"id":"JyIXM5HAlydeEoyAKNyU","title":"Post-Domain Compromise","href":"/active-directory/post-domain-compromise","pathnames":["active-directory/post-domain-compromise"],"descendants":[{"id":"OVBb7dHJZ4kI6ddzbtjW","title":"Dumping the NTDS.dit","href":"/active-directory/post-domain-compromise/dumping-the-ntds.dit","pathnames":["active-directory/post-domain-compromise/dumping-the-ntds.dit"],"type":"document"},{"id":"nbWW1BTWMUa7I1lGOIOz","title":"Golden Ticket Attack","href":"/active-directory/post-domain-compromise/golden-ticket-attack","pathnames":["active-directory/post-domain-compromise/golden-ticket-attack"],"type":"document"},{"id":"gwnNvbLlRNvd0537WRKh","title":"Shadow Copies","href":"/active-directory/post-domain-compromise/shadow-copies","pathnames":["active-directory/post-domain-compromise/shadow-copies"],"type":"document"},{"id":"2n7AP4sUgG0gaFl1TyLu","title":"SAM Cleanup","href":"/active-directory/post-domain-compromise/sam-cleanup","pathnames":["active-directory/post-domain-compromise/sam-cleanup"],"type":"document"}],"type":"document"},{"id":"DNTxWeih4YpNaAle402a","title":"Critical Active Directory CVE's","href":"/active-directory/critical-active-directory-cves","pathnames":["active-directory/critical-active-directory-cves"],"descendants":[{"id":"1KIwEc36dQvm23JtinrB","title":"Zerologon","href":"/active-directory/critical-active-directory-cves/zerologon","pathnames":["active-directory/critical-active-directory-cves/zerologon"],"type":"document"},{"id":"TsgoElsBpGNAb7y2PN4i","title":"PrintNightmare","href":"/active-directory/critical-active-directory-cves/printnightmare","pathnames":["active-directory/critical-active-directory-cves/printnightmare"],"type":"document"}],"type":"document"}],"type":"group"},{"id":"H3WFqvZI6fLZznvy3TpI","title":"Windows Privilege Escalation","descendants":[{"id":"AHDvO9oiHJya57sLOeag","title":"Checklist","href":"/windows-privilege-escalation/checklist","pathnames":["windows-privilege-escalation/checklist"],"type":"document"},{"id":"asQPQUL7qpZN43QDd7ul","title":"Initial Enumeration Manual","href":"/windows-privilege-escalation/initial-enumeration-manual","pathnames":["windows-privilege-escalation/initial-enumeration-manual"],"descendants":[{"id":"tSLzCSEUrM94AggIDLJJ","title":"System Enumeration","href":"/windows-privilege-escalation/initial-enumeration-manual/system-enumeration","pathnames":["windows-privilege-escalation/initial-enumeration-manual/system-enumeration"],"type":"document"},{"id":"sjQ29MIsfK2I4mKLW4wo","title":"User Enumeration","href":"/windows-privilege-escalation/initial-enumeration-manual/user-enumeration","pathnames":["windows-privilege-escalation/initial-enumeration-manual/user-enumeration"],"type":"document"},{"id":"fjMiVSPb0ymlBJN74bgH","title":"Network Enumeration","href":"/windows-privilege-escalation/initial-enumeration-manual/network-enumeration","pathnames":["windows-privilege-escalation/initial-enumeration-manual/network-enumeration"],"type":"document"},{"id":"KWF2halny6Nm9qD7oypS","title":"Password Hunting","href":"/windows-privilege-escalation/initial-enumeration-manual/password-hunting","pathnames":["windows-privilege-escalation/initial-enumeration-manual/password-hunting"],"type":"document"},{"id":"yXJI79sFIlMtW7IiHWha","title":"AV and Firewall Enumeration","href":"/windows-privilege-escalation/initial-enumeration-manual/av-and-firewall-enumeration","pathnames":["windows-privilege-escalation/initial-enumeration-manual/av-and-firewall-enumeration"],"type":"document"}],"type":"document"},{"id":"A8Lbr54tGy9oW8lb1aMz","title":"Initial Enumeration Automated","href":"/windows-privilege-escalation/initial-enumeration-automated","pathnames":["windows-privilege-escalation/initial-enumeration-automated"],"descendants":[{"id":"Q8DfLjKQzns9lqvG09xR","title":"Methodology > Tools","href":"/windows-privilege-escalation/initial-enumeration-automated/methodology-greater-than-tools","pathnames":["windows-privilege-escalation/initial-enumeration-automated/methodology-greater-than-tools"],"type":"document"}],"type":"document"},{"id":"Ufz7TPVKg98JI8E91OvA","title":"Kernel Exploits","href":"/windows-privilege-escalation/kernel-exploits","pathnames":["windows-privilege-escalation/kernel-exploits"],"type":"document"},{"id":"hjFtnBsHmmWmy6vr5Tvm","title":"DLL Hijacking","href":"/windows-privilege-escalation/dll-hijacking","pathnames":["windows-privilege-escalation/dll-hijacking"],"type":"document"},{"id":"pYlE2SIAkCzXTRzHdKmA","title":"Service Permissions","href":"/windows-privilege-escalation/service-permissions","pathnames":["windows-privilege-escalation/service-permissions"],"descendants":[{"id":"XTn9w77iEx312htsFXa8","title":"Binary Paths","href":"/windows-privilege-escalation/service-permissions/binary-paths","pathnames":["windows-privilege-escalation/service-permissions/binary-paths"],"type":"document"},{"id":"XjWd231z8CZOT1PA2eOJ","title":"Unquoted Service Paths","href":"/windows-privilege-escalation/service-permissions/unquoted-service-paths","pathnames":["windows-privilege-escalation/service-permissions/unquoted-service-paths"],"type":"document"}],"type":"document"},{"id":"Dm3cdV6xoFgfGfUZvquz","title":"Impersonation and Potato Attacks","href":"/windows-privilege-escalation/impersonation-and-potato-attacks","pathnames":["windows-privilege-escalation/impersonation-and-potato-attacks"],"type":"document"},{"id":"JQq5rSXgLFmsrpGxalkW","title":"Registy","href":"/windows-privilege-escalation/registy","pathnames":["windows-privilege-escalation/registy"],"descendants":[{"id":"BGfdWciCAbBkI38c1aI2","title":"AutoRuns","href":"/windows-privilege-escalation/registy/autoruns","pathnames":["windows-privilege-escalation/registy/autoruns"],"type":"document"},{"id":"IcYI66ZaACr5bfWFYonH","title":"AlwaysInstallElevated","href":"/windows-privilege-escalation/registy/alwaysinstallelevated","pathnames":["windows-privilege-escalation/registy/alwaysinstallelevated"],"type":"document"},{"id":"QZuino8i4DYD9drwrfAa","title":"Regsvc ACL","href":"/windows-privilege-escalation/registy/regsvc-acl","pathnames":["windows-privilege-escalation/registy/regsvc-acl"],"type":"document"}],"type":"document"},{"id":"Mfrbtu5yxKWUBFjcibz4","title":"whoami /priv","href":"/windows-privilege-escalation/whoami-priv","pathnames":["windows-privilege-escalation/whoami-priv"],"descendants":[{"id":"8WKecR19TCgk7JgATNOu","title":"SeManageVolumePrivilege","href":"/windows-privilege-escalation/whoami-priv/semanagevolumeprivilege","pathnames":["windows-privilege-escalation/whoami-priv/semanagevolumeprivilege"],"type":"document"},{"id":"lmYZBUzCq2X6WeIFrf9I","title":"SeBackupPrivilege","href":"/windows-privilege-escalation/whoami-priv/sebackupprivilege","pathnames":["windows-privilege-escalation/whoami-priv/sebackupprivilege"],"type":"document"},{"id":"VSUorPezUFm0WxyqjBeK","title":"SeRestorePrivilege","href":"/windows-privilege-escalation/whoami-priv/serestoreprivilege","pathnames":["windows-privilege-escalation/whoami-priv/serestoreprivilege"],"type":"document"}],"type":"document"},{"id":"SDuCcdynJeHFljCpevwy","title":"Scheduled tasks","href":"/windows-privilege-escalation/scheduled-tasks","pathnames":["windows-privilege-escalation/scheduled-tasks"],"type":"document"},{"id":"oOmDvtvtXTmSJyZ3ZP6X","title":"xampp","href":"/windows-privilege-escalation/xampp","pathnames":["windows-privilege-escalation/xampp"],"type":"document"},{"id":"Rg7sf5buWdkvbf7a8OO1","title":"Stored Passwords and Port Forwarding","href":"/windows-privilege-escalation/stored-passwords-and-port-forwarding","pathnames":["windows-privilege-escalation/stored-passwords-and-port-forwarding"],"type":"document"},{"id":"GrPOLqA7IcFm6UpcNacQ","title":"RunAs","href":"/windows-privilege-escalation/runas","pathnames":["windows-privilege-escalation/runas"],"type":"document"},{"id":"OJP9tA8YQLfxI11AcB9b","title":"User Switching","href":"/windows-privilege-escalation/user-switching","pathnames":["windows-privilege-escalation/user-switching"],"type":"document"},{"id":"BuXqAgknZIwUfaTh3XN6","title":"Executable Files","href":"/windows-privilege-escalation/executable-files","pathnames":["windows-privilege-escalation/executable-files"],"type":"document"},{"id":"FYPpI5gilgkmEoGnh7xb","title":"Startup Applications","href":"/windows-privilege-escalation/startup-applications","pathnames":["windows-privilege-escalation/startup-applications"],"type":"document"},{"id":"Dd4f2PmKMpaO2YRt5t2r","title":"getsystem","href":"/windows-privilege-escalation/getsystem","pathnames":["windows-privilege-escalation/getsystem"],"type":"document"},{"id":"UYnpvZa1kfqiX9xjsSdu","title":"Windows Subsystem for Linux","href":"/windows-privilege-escalation/windows-subsystem-for-linux","pathnames":["windows-privilege-escalation/windows-subsystem-for-linux"],"type":"document"},{"id":"tiEokEfU5hpFZ5X4pLYq","title":"CVE-2019-1388","href":"/windows-privilege-escalation/cve-2019-1388","pathnames":["windows-privilege-escalation/cve-2019-1388"],"type":"document"},{"id":"fKSRy2hFlSd55jPG7av4","title":"CVE-2024-26229 (new)","href":"/windows-privilege-escalation/cve-2024-26229-new","pathnames":["windows-privilege-escalation/cve-2024-26229-new"],"type":"document"}],"type":"group"},{"id":"4Ka3ATnj0u3Ez4HBrPyo","title":"Linux Privilege Escalation","descendants":[{"id":"Z9wzID8WgK9J8bDRqzV3","title":"Checklist","href":"/linux-privilege-escalation/checklist","pathnames":["linux-privilege-escalation/checklist"],"type":"document"},{"id":"bNsuX8p7OPjRlZLfzm0Q","title":"Initial Enumeration","href":"/linux-privilege-escalation/initial-enumeration","pathnames":["linux-privilege-escalation/initial-enumeration"],"descendants":[{"id":"FCLtazDCyaWu00sbUGws","title":"System Enumeration","href":"/linux-privilege-escalation/initial-enumeration/system-enumeration","pathnames":["linux-privilege-escalation/initial-enumeration/system-enumeration"],"type":"document"},{"id":"Y40kykk6Rc4jUx4XG4Cw","title":"User Enumeration","href":"/linux-privilege-escalation/initial-enumeration/user-enumeration","pathnames":["linux-privilege-escalation/initial-enumeration/user-enumeration"],"type":"document"},{"id":"kzXxDHoSUmPMvPAK1KDO","title":"Network Enumeration","href":"/linux-privilege-escalation/initial-enumeration/network-enumeration","pathnames":["linux-privilege-escalation/initial-enumeration/network-enumeration"],"type":"document"},{"id":"K2pylfUfeKiXvrHhfNKu","title":"Password Hunting","href":"/linux-privilege-escalation/initial-enumeration/password-hunting","pathnames":["linux-privilege-escalation/initial-enumeration/password-hunting"],"type":"document"}],"type":"document"},{"id":"hbHTG9oGB4hwPVdVjgXo","title":"Automated tools","href":"/linux-privilege-escalation/automated-tools","pathnames":["linux-privilege-escalation/automated-tools"],"type":"document"},{"id":"07zl4oyIfmBWbmjhJnyI","title":"Kernel Exploits","href":"/linux-privilege-escalation/kernel-exploits","pathnames":["linux-privilege-escalation/kernel-exploits"],"type":"document"},{"id":"N9y2zlQtiJnsgiosIPC9","title":"Passwords & File Permissions","href":"/linux-privilege-escalation/passwords-and-file-permissions","pathnames":["linux-privilege-escalation/passwords-and-file-permissions"],"descendants":[{"id":"gYFxPoWCFY7qy3f7xOOF","title":"Passwords","href":"/linux-privilege-escalation/passwords-and-file-permissions/passwords","pathnames":["linux-privilege-escalation/passwords-and-file-permissions/passwords"],"type":"document"},{"id":"7g674NUXLL92U1JmZnUM","title":"Weak File Permissions","href":"/linux-privilege-escalation/passwords-and-file-permissions/weak-file-permissions","pathnames":["linux-privilege-escalation/passwords-and-file-permissions/weak-file-permissions"],"type":"document"},{"id":"KTkKIkz3C1LEmgRETQOr","title":"SSH Keys","href":"/linux-privilege-escalation/passwords-and-file-permissions/ssh-keys","pathnames":["linux-privilege-escalation/passwords-and-file-permissions/ssh-keys"],"type":"document"}],"type":"document"},{"id":"LVvfjZJz5pcXOUoQp5Sr","title":"Sudo","href":"/linux-privilege-escalation/sudo","pathnames":["linux-privilege-escalation/sudo"],"descendants":[{"id":"9Q0WuoDgtG5hADBOMEro","title":"Shell Escaping","href":"/linux-privilege-escalation/sudo/shell-escaping","pathnames":["linux-privilege-escalation/sudo/shell-escaping"],"type":"document"},{"id":"QA2lIknDnERu3kxioMnm","title":"Intended Functionality","href":"/linux-privilege-escalation/sudo/intended-functionality","pathnames":["linux-privilege-escalation/sudo/intended-functionality"],"type":"document"},{"id":"iwLlI8jjfOIOLU8nI8Be","title":"LD_PRELOAD","href":"/linux-privilege-escalation/sudo/ld_preload","pathnames":["linux-privilege-escalation/sudo/ld_preload"],"type":"document"},{"id":"chNd2EL5Hkc3tD6jFZlq","title":"Simple CTF","href":"/linux-privilege-escalation/sudo/simple-ctf","pathnames":["linux-privilege-escalation/sudo/simple-ctf"],"type":"document"},{"id":"vBGLwr2EmoA8QrekPjSZ","title":"CVE-2019-14287 (sudo -u#-1 /bin/bash)","href":"/linux-privilege-escalation/sudo/cve-2019-14287-sudo-u-1-bin-bash","pathnames":["linux-privilege-escalation/sudo/cve-2019-14287-sudo-u-1-bin-bash"],"type":"document"},{"id":"PmldJ5f88QGmcG7uXMxY","title":"CVE-2019-18634 (pwfeedback)","href":"/linux-privilege-escalation/sudo/cve-2019-18634-pwfeedback","pathnames":["linux-privilege-escalation/sudo/cve-2019-18634-pwfeedback"],"type":"document"}],"type":"document"},{"id":"JVXsDMNCAcpSTAZDDKv9","title":"SUID","href":"/linux-privilege-escalation/suid","pathnames":["linux-privilege-escalation/suid"],"descendants":[{"id":"rD7FYqi1rIjVQtClDvpu","title":"Vulnversity","href":"/linux-privilege-escalation/suid/vulnversity","pathnames":["linux-privilege-escalation/suid/vulnversity"],"type":"document"}],"type":"document"},{"id":"EhBwph1V6WpL3Rok4Gbj","title":"Capabilities","href":"/linux-privilege-escalation/capabilities","pathnames":["linux-privilege-escalation/capabilities"],"type":"document"},{"id":"zBn50wMjv26alqi2gPNr","title":"Cron jobs","href":"/linux-privilege-escalation/cron-jobs","pathnames":["linux-privilege-escalation/cron-jobs"],"type":"document"},{"id":"OKP6iAP7qDOkBAsZVgx7","title":"/etc/passwd override","href":"/linux-privilege-escalation/etc-passwd-override","pathnames":["linux-privilege-escalation/etc-passwd-override"],"type":"document"},{"id":"ETw7KqbpAmpd24RsjG9k","title":"NFS Root Squashing","href":"/linux-privilege-escalation/nfs-root-squashing","pathnames":["linux-privilege-escalation/nfs-root-squashing"],"type":"document"},{"id":"ijEVenGWn2Cr5u2saOfN","title":"Docker","href":"/linux-privilege-escalation/docker","pathnames":["linux-privilege-escalation/docker"],"type":"document"},{"id":"WUsSpesrMUNy3SkFrAkm","title":"Path Variables","href":"/linux-privilege-escalation/path-variables","pathnames":["linux-privilege-escalation/path-variables"],"type":"document"},{"id":"Ag47wWYyBHY0v7GBomQd","title":"Groups","href":"/linux-privilege-escalation/groups","pathnames":["linux-privilege-escalation/groups"],"descendants":[{"id":"eZdaONI2aq4Hz5G9TnZB","title":"Disk","href":"/linux-privilege-escalation/groups/disk","pathnames":["linux-privilege-escalation/groups/disk"],"type":"document"},{"id":"evxOi5XhNCUQ5SfTgl1p","title":"LXD/LXC","href":"/linux-privilege-escalation/groups/lxd-lxc","pathnames":["linux-privilege-escalation/groups/lxd-lxc"],"type":"document"},{"id":"f8V75zmTv5hzXjET0QdF","title":"mlocate","href":"/linux-privilege-escalation/groups/mlocate","pathnames":["linux-privilege-escalation/groups/mlocate"],"type":"document"}],"type":"document"},{"id":"agF6x4RhrYD3BFfSYQdD","title":"Nginx","href":"/linux-privilege-escalation/nginx","pathnames":["linux-privilege-escalation/nginx"],"type":"document"},{"id":"AYng51tpQ5aPmcdWOyMn","title":"Misc","href":"/linux-privilege-escalation/misc","pathnames":["linux-privilege-escalation/misc"],"descendants":[{"id":"NIlxo1RhiJ0DCiYW48Tx","title":"Wild Cards","href":"/linux-privilege-escalation/misc/wild-cards","pathnames":["linux-privilege-escalation/misc/wild-cards"],"type":"document"},{"id":"RkMPBOivRWxwRXy08AFT","title":"Abusing scripts","href":"/linux-privilege-escalation/misc/abusing-scripts","pathnames":["linux-privilege-escalation/misc/abusing-scripts"],"type":"document"},{"id":"iGaIiYpKj8lzL6DvTYOw","title":"Restricted shell escaping","href":"/linux-privilege-escalation/misc/restricted-shell-escaping","pathnames":["linux-privilege-escalation/misc/restricted-shell-escaping"],"type":"document"},{"id":"xQUpSw0vDeIkaYF39zh1","title":"Library Hijacking","href":"/linux-privilege-escalation/misc/library-hijacking","pathnames":["linux-privilege-escalation/misc/library-hijacking"],"type":"document"},{"id":"PfhjHfAnaQ3ksPvTXQET","title":"PHP Web Applications","href":"/linux-privilege-escalation/misc/php-web-applications","pathnames":["linux-privilege-escalation/misc/php-web-applications"],"type":"document"},{"id":"K3Z07VYIcw2kjDfXTiZy","title":"FreeBSD","href":"/linux-privilege-escalation/misc/freebsd","pathnames":["linux-privilege-escalation/misc/freebsd"],"type":"document"}],"type":"document"}],"type":"group"},{"id":"UO0DSydknoG8Yzku1u0O","title":"Post Exploitation","descendants":[{"id":"rrEhrvsilCRnLd6RQBT1","title":"C2","href":"/post-exploitation/c2","pathnames":["post-exploitation/c2"],"type":"document"},{"id":"ArY5oPmbziqGA02FM174","title":"AV Evasion","href":"/post-exploitation/av-evasion","pathnames":["post-exploitation/av-evasion"],"descendants":[{"id":"XKLi88HuzmHi2bXFiyOR","title":"Bypassing AMSI","href":"/post-exploitation/av-evasion/bypassing-amsi","pathnames":["post-exploitation/av-evasion/bypassing-amsi"],"type":"document"},{"id":"iBjMTALG0vn9GqfAZVVi","title":"Bypassing UAC","href":"/post-exploitation/av-evasion/bypassing-uac","pathnames":["post-exploitation/av-evasion/bypassing-uac"],"type":"document"},{"id":"Ve6rdXBl3m30wCb9ZxAi","title":"Disabling Windows Defender","href":"/post-exploitation/av-evasion/disabling-windows-defender","pathnames":["post-exploitation/av-evasion/disabling-windows-defender"],"type":"document"},{"id":"bqPJTgF0bIKSq26IQ8CT","title":"Executable Obfuscation","href":"/post-exploitation/av-evasion/executable-obfuscation","pathnames":["post-exploitation/av-evasion/executable-obfuscation"],"type":"document"},{"id":"359n8ob52XwrPFIIGazn","title":"Compiling Code","href":"/post-exploitation/av-evasion/compiling-code","pathnames":["post-exploitation/av-evasion/compiling-code"],"type":"document"}],"type":"document"},{"id":"nwucna0rLc1DHwoqqq47","title":"Exfiltration","href":"/post-exploitation/exfiltration","pathnames":["post-exploitation/exfiltration"],"descendants":[{"id":"SxfKYvfScXGftLEequDX","title":"Windows - Pickle","href":"/post-exploitation/exfiltration/windows-pickle","pathnames":["post-exploitation/exfiltration/windows-pickle"],"type":"document"},{"id":"2RjBwTIeufFgPUJpy8MB","title":"Mimikatz","href":"/post-exploitation/exfiltration/mimikatz","pathnames":["post-exploitation/exfiltration/mimikatz"],"type":"document"}],"type":"document"},{"id":"YJEnl6Zd4plPrWnbmyIP","title":"Pivoting","href":"/post-exploitation/pivoting","pathnames":["post-exploitation/pivoting"],"descendants":[{"id":"A756nCaVLIoRiQGfWXXZ","title":"Eumeration","href":"/post-exploitation/pivoting/eumeration","pathnames":["post-exploitation/pivoting/eumeration"],"type":"document"},{"id":"wkvbs9op3FS122ll25Fl","title":"Chisel","href":"/post-exploitation/pivoting/chisel","pathnames":["post-exploitation/pivoting/chisel"],"type":"document"},{"id":"48cVUhB15wGsS0up82Qc","title":"SSHuttle","href":"/post-exploitation/pivoting/sshuttle","pathnames":["post-exploitation/pivoting/sshuttle"],"type":"document"},{"id":"YmKF4pghMPg9Gfy77wbU","title":"Double Pivot","href":"/post-exploitation/pivoting/double-pivot","pathnames":["post-exploitation/pivoting/double-pivot"],"type":"document"},{"id":"XxaQZmwowspB9mq29Vzh","title":"Good to Know","href":"/post-exploitation/pivoting/good-to-know","pathnames":["post-exploitation/pivoting/good-to-know"],"descendants":[{"id":"wncHSfkFXAu66PHmyF3E","title":"Tunneling","href":"/post-exploitation/pivoting/good-to-know/tunneling","pathnames":["post-exploitation/pivoting/good-to-know/tunneling"],"type":"document"},{"id":"P4Z5n9g7WGMAgIKoangg","title":"Plink.exe","href":"/post-exploitation/pivoting/good-to-know/plink.exe","pathnames":["post-exploitation/pivoting/good-to-know/plink.exe"],"type":"document"},{"id":"cCnb1heIvgfextRBYGFY","title":"Port Forwarding via ~C","href":"/post-exploitation/pivoting/good-to-know/port-forwarding-via-c","pathnames":["post-exploitation/pivoting/good-to-know/port-forwarding-via-c"],"type":"document"},{"id":"h2rIi0kMZn9QRplnd080","title":"Socat","href":"/post-exploitation/pivoting/good-to-know/socat","pathnames":["post-exploitation/pivoting/good-to-know/socat"],"type":"document"},{"id":"4D5K3xsMg3swCP4enUES","title":"Metasploit","href":"/post-exploitation/pivoting/good-to-know/metasploit","pathnames":["post-exploitation/pivoting/good-to-know/metasploit"],"type":"document"}],"type":"document"}],"type":"document"},{"id":"e32qRbv8rpt8Pc2FafXi","title":"File Transfers","href":"/post-exploitation/file-transfers","pathnames":["post-exploitation/file-transfers"],"type":"document"},{"id":"Q7n5hdjkqIQpP5Giasg4","title":"DNS Tunneling","href":"/post-exploitation/dns-tunneling","pathnames":["post-exploitation/dns-tunneling"],"type":"document"},{"id":"H2Q63KcBfdYdEDlLiwwo","title":"Persistence","href":"/post-exploitation/persistence","pathnames":["post-exploitation/persistence"],"type":"document"},{"id":"yDWni9Ys99ojBLyktNdf","title":"PGP/ASC","href":"/post-exploitation/pgp-asc","pathnames":["post-exploitation/pgp-asc"],"type":"document"},{"id":"INcfq8WZYELWcMG4O7Nj","title":"Putty","href":"/post-exploitation/putty","pathnames":["post-exploitation/putty"],"type":"document"},{"id":"TzpQnPpNVX5UuSG7pCo5","title":"Cleanup","href":"/post-exploitation/cleanup","pathnames":["post-exploitation/cleanup"],"type":"document"}],"type":"group"},{"id":"KgkD7SkZeubq82z0AIw0","title":"Cool!","descendants":[{"id":"rYrktONHYrdnThupcItK","title":"Client-side Attacks","href":"/cool/client-side-attacks","pathnames":["cool/client-side-attacks"],"descendants":[{"id":"QR1z8dwuG9zVfs2Bcqq7","title":"Code execution via Windows Library","href":"/cool/client-side-attacks/code-execution-via-windows-library","pathnames":["cool/client-side-attacks/code-execution-via-windows-library"],"type":"document"},{"id":"nLHqO9ITohohT7NU3ok3","title":"Evil Icon","href":"/cool/client-side-attacks/evil-icon","pathnames":["cool/client-side-attacks/evil-icon"],"type":"document"},{"id":"36pn3xCimZl7YHiyJwjB","title":"ODT Files","href":"/cool/client-side-attacks/odt-files","pathnames":["cool/client-side-attacks/odt-files"],"type":"document"}],"type":"document"},{"id":"5Id2leFltBfRNuWgIOOy","title":"Custom Wordlists","href":"/cool/custom-wordlists","pathnames":["cool/custom-wordlists"],"type":"document"},{"id":"l1PeiBkTXl1FLQD9l2Dh","title":"Fixing Exploits","href":"/cool/fixing-exploits","pathnames":["cool/fixing-exploits"],"type":"document"},{"id":"OLM8924p3hMcDqvl0pch","title":"Decrypting Secure Strings","href":"/cool/decrypting-secure-strings","pathnames":["cool/decrypting-secure-strings"],"type":"document"},{"id":"fZXZ0YQL832FPKPheUia","title":"tmux","href":"/cool/tmux","pathnames":["cool/tmux"],"type":"document"},{"id":"f9XYHt2rpWnIjYe68AcS","title":"Random","href":"/cool/random","pathnames":["cool/random"],"type":"document"}],"type":"group"},{"id":"Hi2drmaZ0enoPa0a4Zco","title":"Report Writing","descendants":[{"id":"tP46GmD0EYqSzQ9B72ij","title":"Findings Report","href":"/report-writing/findings-report","pathnames":["report-writing/findings-report"],"type":"document"},{"id":"ikVzgRPSM4XN0cjhA0zK","title":"Common Legal Documents","href":"/report-writing/common-legal-documents","pathnames":["report-writing/common-legal-documents"],"type":"document"}],"type":"group"}],"isRoot":true,"style":"page-no-toc:hidden border-tint-subtle sidebar-list-line:border-l"}],"$L3e"]}]]}]]}],"$L3f"]

Command Injection w/ Scripts