Cardboard Iguana Security
Search
Search
Search
Explorer
Commentaries
Notes from HOPE and DEF CON
Trying (and failing) to deploy a smart contract using an iPad Pro
Spellbook
Admin-like Windows permissions
AIX
ARP
AS-REP roasting
Bash
Burp Suite
certutil
CIFS
Cisco IOS
Classic Windows login and lock screen hacks
Common IPv4 addresses
Cross-site scripting (XSS) attacks
Custom rules in John the Ripper
Evil-WinRM
ffmpeg
find
find file metadata flags
FTP (protocol)
fuff
gdb
“Gemini compatible” Markdown
Get-WinEvent
Get-WinEvent FilterHashtable
Hashcat
How to automate Netlify builds with IFTTT
How to bypass the PowerShell execution policy
How to compact VM disk images
How to create a GPG Key (with SSH support!)
How to disable AMSI
How to exploit Python pickles
How to exploit Windows services
How to exploit Windows tasks
How to get an SSL certificate
How to load a shell with a simple executable
How to manipulate local Windows services
How to manipulate local Windows tasks
How to manipulate remote Windows services
How to match files to packages
How to remotely install a Windows package with PowerShell
How to remove duplicate lines in Bash
How to retrieve AIX fileset information
How to run a remote Windows command using PowerShell
How to set the PATH in a session
How to set up WMI in PowerShell
How to use an alternate SSH key with Git
How to use Mimikatz to dump Kerberos tickets
How to use a Raspberry Pi 4B as hacking accessory
How to use Windows Remote Management
HTML applications
HTTP
Hydra
Impacket
Invoke-Mimikatz
iOS quirks
iOS Shortcuts quirks
IPv4
Java
John the Ripper
JSON Web Tokens (JWTs)
Kerberoasting
Kerberos
Kerberos authentication process
Kerbrute
Linux
Linux reconnaissance
Local file inclusion (LFI) attacks
Local port forwarding with SSH
Metasploit
Metasploit module usage basics
meterpreter
Mimikatz
msfconsole
msfvenom
MS SQL
ncat
net
netcat reverse shells
NFS
Nmap
Nmap flags
NTLM hashes
OWASP ZAP
PHP
PHP local file inclusion attacks
Poison null byte attack
Polkit
Powercat
PowerShell
PowerView
Python
Rubeus
Server donfiguration data IPv4 address
SIP
SIP methods
smbclient
socat
SQL injection attacks
SSH
TCP
TCP headers
TCP model
UNIX permissions
Useful scripts for Windows reconnaissance
ViM
Visual Basic
Visual Basic for Applications
Windows
Windows event logs
Windows reconnaissance with PowerShell
Windows services
Wireshark
wmic
XML external entity (XXE) attacks
youtube-dl
spells
Abusing wildcard expansion in Bash
Adding and setting variables in iOS Shortcuts
Aircrack-NG
All-in-one Windows reverse shell with Powercat
ARP scanning
AS-REP roasting with Impacket
AS-REP roasting With Rubeus
awk
basenc
Bash reverse shell
Bash scripting
Boolean-based SQLi
Burp Suite Decoder
Burp Suite Intruder Battering Ram attacks
Burp Suite Intruder Cluster Bomb attacks
Burp Suite Intruder Pitchfork attacks
Burp Suite Intruder Sniper attacks
Burp Suite keyboard shortcuts
Burp Suite macros
cat
cewl
CIFS reconnaissance with Nmap
Cisco IOS general configuration commands
Cisco IOS interface configuration commands
Cisco IOS line (login) configuration commands
Cisco IOS system information commands
Common HTTP headers
Common meterpreter commands
Common msfconsole commands
Common Nmap long flags
Common Nmap short flags
Common video resolutions
Common Windows user types
Comparison of the TCP and OSI models
crackmapexec
CUPP
CVE-2021-3560
CVE-2021-4034 (“Pwnkit”)
DCERPC
Debugging Bash scripts
Default CIFS shares
Different IP address representations
dig
dir
Domain enumeration with PowerView
DRSUAPI
Dynamic port forwarding with SSH
Easy reverse DNS lookups
enum4linux
Equivalent Burp Suite and OWASP ZAP functionality
Equivalent socat and netcat commands
Equivalent Windows and *NIX commands
Error-based SQLi
Evading anti-XSS filtering
File transfers in Evil-WinRM
Filter files based on file permissions in find
Filter files based on ownership in find
Filter files based on size in find
Filter files based on timestamp in find
find shell escape
findstr
finger
ftp (application)
FTP commands
FTPS
General gdb commands
Get-FileHash
Get-WinEvent FilterHashtable keywords
Get-WinEvent FilterHashtable log levels
gobuster
Golden and silver tickets
grep
Harvester
Hashcat combinator
Hashcat password hash types
Helpful Metasploit modules to use with meterpreter
How to access the Windows Registry using PowerShell
How to add Windows users at the command line
How to attack JSON APIs with Hydra
How to automatically stabilize a reverse shell with socat
How to avoid dropping privileges with SUID Bash
How to backdoor Visual Basic Scripts
How to brute force HTTP logins with Hydra
How to brute force login credentials with fuff
How to brute force virtual host entries with fuff
How to brute force weak JWT secrets
How to bulk edit Windows permissions
How to bypass Windows antivirus with C#
How to calculate a file hash on Windows with certutil
How to call Mimikatz from a meterpreter shell
How to change a branch name in Git
How to change a key passphrase with OpenSSL
How to change an SSH Key passphrase
How to change a user’s password with Rubeus
How to compact a libVirt disk image
How to compact a VirtualBox Linux guest disk image
How to compact a VirtualBox Windows guest disk image
How to confirm the existence of a Gmail address
How to convert from M4A to MP3 using ffmpeg
How to convert from MP4 to GIF using ffmpeg
How to convert from MP4 to WebP using ffmpeg
How to create a gold or silver ticket with Mimikatz
How to create a KDC skeleton key with Mimikatz
How to dump cleartext passwords with Mimikatz
How to dump NTLM hashes from the local SAM with Mimikatz
How to dump NTLM hashes from LSASS with Mimikatz
How to encrypt a reverse shell connection with socat
How to enumerate AD CS templates with certutil
How to enumerate services and shares using smbclient
How to enumerate URL paths with fuff
How to enumerate URL paths with OWASP ZAP
How to enumerate users with fuff
How to escalate privileges from SUID ViM
How to exploit ASP scripts with msfvenom
How to exploit the Bash PS4 (debugging) prompt
How to exploit JSP Scripts with msfvenom
How to exploit JWTs signed using a public key
How to exploit JWTs that support the NONE signature algorithm
How to exploit LD_LIBRARY_PATH
How to exploit LD_PRELOAD
How to exploit Linux ELF executables with msfvenom
How to exploit Log4Shell
How to exploit macOS MACH-O executables with msfvenom
How to exploit Perl scripts with msfvenom
How to exploit PHP scripts with msfvenom
How to exploit Python scripts with msfvenom
How to exploit shell scripts with msfvenom
How to exploit VBA scripts with msfvenom
How to exploit weak /etc/passwd permissions
How to exploit weak /etc/shadow permissions
How to exploit the Windows DLL search order
How to exploit Windows executables with msfvenom
How to exploit the Windows “Feature on Demand” Helper
How to exploit Windows file associations
How to exploit Windows HTML applications with msfvenom
How to exploit Windows MSI installers with msfvenom
How to exploit Windows shortcut files
How to exploit the WinLogon initialization sequence
How to export highlights and annotations from Kobo eReaders
How to extract the webpage title from a URL
How to find executables with SUID capabilities
How to find and replace a single line in a large text file
How to find SUID and SGID executables with find
How to find world-accessible and world-modifiable folders with find
How to fix EXIF data on Google Photos exports
How to forward a port with netcat
How to generate a self-signed SSL certificate
How to get iOS Shortcuts to show up in the share sheet after reinstallation
How to get a shell from ViM
How to get an SSL certificate from a real registrar
How to harvest Kerberos tickets with Rubeus
How to hide Windows tasks using PsExec
How to impersonate a user with meterpreter
How to load drivers in Windows
How to look up unicode and emoji symbols
How to manipulate remote Windows tasks
How to manipulate users and groups at the Windows command line using net
How to match files to packages in Debian-based operating systems
How to match files to packages in Red Hat-based operating systems
How to pass the hash with Mimikatz
How to pass the key with Mimikatz
How to pass the ticket with Mimikatz
How to pop a SYSTEM shell on the Windows login screen using sticky keys
How to pop a SYSTEM shell on the Windows login screen using Utilman
How to port scan with netcat
How to pull SSL certificates from an external server
How to quickly bypass ssh-agent
How to quickly find the canonical path of a file
How to read a file beginning with a dash (-)
How to remotely install a Windows package with wmic
How to remove all but the first occurrence of a line in Bash
How to remove all but the last occurrence of a line in Bash
How to remove duplicate lines in Bash when line order isn’t important
How to retrieve AIX system information
How to run commands directly with PowerShell
How to run a remote command with wmic
How to send a command using OpenSSL
How to set the PATH in a session on UNIX-like operating systems
How to set the PATH in a session on Windows
How to specify an alternate SSH key as a Git config directive
How to specify an alternate SSH key using the GIT_SSH_COMMAND variable
How to specify an alternate SSH key with git using ssh-agent
How to spider websites and APIs with OWASP ZAP
How to start a netcat client
How to start a netcat server
How to start PowerShell from a meterpreter session
How to transfer files over FTP using netcat
How to upgrade PostgreSQL
How to use Bash functions to “backdoor” executables
How to use Burp Suite with Firefox
How to use Burp Suite with mobile apps
How to use a certificate to request a ticket with Rubeus
How to use curl and jq with web APIs
How to use Hashcat for brute force password guessing
How to use Hydra
How to use msfvenom to generate a binary that launches any command as root
How to use netcat as a replacement for telnet
How to use OpenSSL to encrypt and decrypt files
How to use smbclient
How to use SQLi to bypass authentication
How to use the Windows Firewall to relay ports
How to use WinRM with PowerShell
How to work with base64 encoding using PowerShell
How to work with remote services using WMI and PowerShell
How to work with remote tasks using WMI and PowerShell
icacls
ICMP
iftop
IIS configuration data
IMAP
Impacket PsExec reimplementation
Injecting JavaScript using iframe and image tags
Invoke-WebRequest
ipconfig
IPSec
IPv4 address representations for localhost
Issue definitions in Burp Suite
Java reverse shell
John the Ripper helper applications
John the Ripper single crack mode
Kerberoasting with Impacket
Kerberoasting with Rubeus
Kerberos teminology
Keylogging with cross-site scripting
kirbi files
less
mac addresses
Magic numbers
man
Metasploit CIFS modules
Metasploit exploit modules
Metasploit MS SQL modules
Metasploit scanner modules
Minimal request HTTP request
MITRE ATT&CK emulation plans
more
MySQL
Nano
nbtscan
netsh
netstat
NFS reconnaissance with Nmap
NFS root squashing
Nikto
Nmap host discovery flags
Nmap output flags
Nmap port states
Nmap scan type flags
Nmap scripting engine categories
Nmap shell escape
Node.js
nslookup
OneDrive iOS quirks
Oracle SQL Server
OSI model
Out-of-band SQLi
Pass the ticket attacks
Password spraying with Rubeus
Perl
PHP reverse shell
PHP web shell
ping
Poison null byte in PHP
POP3
Port scanning with Bash
POSIX process signals
PowerShell history file
PowerShell reverse shell
Process migration in meterpreter
ps
Python reverse shell
Quick-n-dirty Python web server
RCE via XXE in PHP
reg
Regex metacharacters
Remote port forwarding with SSH
Reverse dynamic port forwarding with SSH
Ruby
runas
Scoping in Burp Suite
Shell stabilization
SIP response codes
smbget
smbmap
SMTP
SQLi defense
SQLMap
ss
Stealing cookies with cross-site scripting
sudo
systemctl
systeminfo
tar
TCP acknowledgement number
tcpdump
TCP header flags
TCP initial round trip time
TCP options
TCP window size
Telnet
Time-based SQLi
Tips for writing cross-site scripting (XSS) attacks
tmux
UDP
unbuffer
Uniform resource locators (URLs)
Union-based SQLi
UNIX file descriptors
UNIX password hashes
UNIX permission representation
Unquoted path handling in Windows
Useful built-in commands for Linux reconnaissance
Useful built-in commands for Windows reconnaissance
Useful netcat flags
Useful net commands
Website defacement with cross-site scripting
wfuzz
whoami
Wi-Fi
Windows DLL search order
Windows event IDs
Windows local service accounts
Windows logon scripts
Windows permissions
Windows remote management
Windows Run and RunOnce Registry keys
Windows Scripting Host
Windows SeBackup and SeRestore permissions
Windows SeImpersonate and SeAssignPrimaryToken permissions
Windows service ACLs
Windows service security
Windows SeTakeOwnership permission
Windows Startup folder
Windows unattended installation data
winrs
Wireshark filters
Working with gdb breakpoints
Working with gdb watchpoints
Working with services in PowerShell
XFreeRDP
xp_cmdshell
Xterm
xxd
Tales
Bandit
Pickle Rick
Basic pentesting
Ice
Blaster
Overpass 2: Hacked
Attacktive Directory
Retro
Tools‘R’us
Inclusion
Jurassic Park
Net sec challenge
Union
Home
❯
spells
❯
How to change an SSH Key passphrase
How to change an SSH Key passphrase
July 31, 2024
1 min read
ssh-keygen
-p
-f
$SSH_PRIVATE_KEY_FILE
Graph View
Backlinks
SSH