Documentation Index
Fetch the complete documentation index at: https://rootea.es/llms.txt
Use this file to discover all available pages before exploring further.
Anubis
| · | · |
|---|---|
| Operating system | Windows |
| Difficulty | Insane |
| IP | 10.10.11.102 |
| Retirement date | — |
| Skills | SSL Certificate Inspection - OpenSSL XSS (Cross-Site Scripting) ASP SSTI (Server Side Template Injection) (HackingDream ASP Resource) [RCE] InvokePowerShellTcp.ps1 - PowerShell Reverse Shell ConPtyShell (AntonioCoco Utility) - Shell Improvement Certificate Signing Request Inspection - OpenSSL Chisel + Remote Port Forwarding + Proxychains - Creating a SOCKS5 tunnel Abusing Software Portal Traffic inspection with Tcpdump and Tshark URL Host Manipulation Attack + Intercepting authentications with Netcat Playing with Responder to get a Net-NTLMv2 hash Cracking Hashes SMB enumeration with authenticated user Jamovi <=1.6.18 Exploitation - Malicious OMV File (XSS Vulnerability - Cross-Site Scripting Attack) XSS + NodeJS Command Injection + InvokePowerShellTcp.ps1 (Nishang) Reverse Shell ConPtyShell (AntonioCoco Utility) - Shell Improvement Abusing Certificate Services Playing with Certify.exe to find vulnerable templates PowerView.ps1 + ADCS.ps1 in order to generate a certificate request and get it approved by the CA ADCS.ps1 script manipulation (userprincipalname/samaccountname [Substitution Applied]) Listing certificates with gci command Attempting to obtain credentials with Rubeus (asktgt mode) [ERROR - No longer working] Exploiting CVE-2021-42278/CVE-2021-42287 (noPac.py) through Proxychains [Alternative Exploitation] Synchronizing our time with DC time (rdate) - Headers Information Leakage Getting an interactive console as the administrator user on the DC (noPac.py) |