Lateral Movement
ProxyChains SOCKS Tunnel A victim machine could be a jumpbox with two NICs, such as 10.10.10.5 and 192.168.0.20. By leveraging Chisel (or ChiselNG in this case) and ProxyChains, we can target the...
File Transfer
During an engagement, traditional file transfer methods could be blocked. Filesharing sites such as Google Drive or Dropbox can be blocked by firewalls. Ports dedicated for file transfer such as...
Thu 11 June 2026
post_exploitation
Escaping Restricted Shell
Overview When performing host enumeration after gaining initial access, echo $SHELL may return /bin/rbash. This is a special shell that further restricts a standard user from executing commands....
Thu 04 June 2026
post_exploitation
Web Enumeration
Overview Websites are their own dedicated beast when it comes to enumeration. There are countless combinations of ports, web server configurations, and applications that could be the weakness onto...
Sun 31 May 2026
information_gathering
Host Enumeration (PrivEsc)
Overview These commands are typically used during the post-exploitation phase of information gathering. Once access to a host is obtained, further information about the target itself is required...
Fri 05 June 2026
information_gathering