Mastering mssqlclient.py for Pentesters mssqlclient.py is part of the Impacket collection, and it’s one of the go-to tools for enumerating and interacting with Microsoft SQL Servers during a pentest. When you land credentials to a SQL Server or discover an exposed database instance, this tool can open the door to privilege escalation, lateral movement, or […]
Downloading Files from a Web Server in PowerShell & CMD 🔹 1. CertUtil (CMD-based, built-in since Windows XP) 🔹 2. Invoke-WebRequest (PowerShell) 🔹 3. Invoke-RestMethod (PowerShell) 🔹 4. BitsAdmin (Deprecated, but still present on many systems) 🔹 5. PowerShell WebClient (Legacy Method) Tips
Hashcat: GPU Cracking at Scale Hashcat is the world’s fastest password recovery tool. Designed for brute-force and rule-based attacks, it leverages your GPU to crack passwords faster than any CPU-based tool can dream of. When you need to process massive hash dumps or custom password formats at scale, Hashcat is the go-to weapon. In this
John the Ripper: John the Ripper (or just “John”) is a legendary password cracker. It’s smart, flexible, and built for real-world hash cracking — from Linux password files to Windows NTLM hashes and beyond. This post covers everything you need to know to use John effectively during pentests: how to identify hash types, load them,
LinPEAS: Automating Linux Privilege Escalation Enumeration Once you’ve landed on a Linux machine during a penetration test, your goal is simple: escalate privileges. Whether you’re stuck in a restricted shell or sitting as a low-privileged user, your mission is to become root. That’s where LinPEAS comes in. What Is LinPEAS? LinPEAS is part of the
Rubeus for Pentesters: Introduction Kerberos is a cornerstone of authentication in modern Windows environments, especially within Active Directory domains. But it’s also full of opportunities for abuse — if you know where to look. Rubeus is one of the most powerful tools for post-exploitation Kerberos abuse. Written in C#, it allows attackers and red teamers
PowerSploit Framework: The Swiss Army Knife of Post-Exploitation Overview PowerSploit is a modular post-exploitation framework written in PowerShell, designed for penetration testers and red teamers to interact with Windows environments after gaining initial access. It focuses on privilege escalation, credential access, persistence, reconnaissance, and bypassing security defenses — all using native PowerShell. Developed by the
Mimikatz & Kiwi: Weaponizing Credentials in Windows In the world of Windows post-exploitation, Mimikatz is your scalpel and Kiwi is your Swiss army knife. These tools help you extract, impersonate, and abuse credentials from user hashes to domain secrets, in ways that can flip the whole network in your favor. This guide breaks down how
BloodHound: Mapping Active Directory If Active Directory is a jungle, BloodHound is your thermal vision. When you breach a domain-joined machine, the real challenge begins — finding a path to Domain Admin. Active Directory environments are complex, with hundreds of users, groups, computers, permissions, trusts, and policies all tangled together. BloodHound was built to make
