Web Application:
- Unrestricted File upload (ASPX)
- SQL Injection
- Server Side Template Injection
- RFI
- LFI
- Web Service
- BruteForce
- CVE
- Phishing
- Code Exec
MSSQL:
- Linked Servers
- Priv Esc
- Enable Shell
- Code Exec
- Relay netv2 hash
Privilege Escalation:
-
Windows
-
PowerUP
-
LinPeas
-
Creds in Config Files
-
SEimpersonation (PrintSpoofer,Spooler,etc)
-
ShadowCopy
-
Hivenightmare
-
Mimikatz
-
UAC
-
MSSQL
-
Listening Services
-
Kernel
-
Linux
-
Shared Library
-
Sudo
-
Groups
-
Listening Services
-
Ansible (Unix)
-
lse / Linpeas
-
JFROG
Lateral Movement:
- LAPS
- Unconstrained Delegation
- Constrained Delegation
- Resource Based Constrained Delegation
- MSSQL Linked Servers
- Pass The Hash
- Relay The Hash
- Crack the Hash
- RDP / SharpRDP
- Web Application
- Fileless Lateral Movement
- Mimikatz
- Proxychains / Autoroute / SSH (Port Fowarding)
- Bloodhound
- JFROG
- KEYTAB (Kerberos)
- SSH
- Ansible
- SPOOLSS