1. Introduction
  2. Methodology Flowchart
  3. 1. Methodology Flowchart
  4. CVE Database
  5. 2. CVE Database
  6. Recon & Scanning
  7. 3. Recon & Scanning
  8. Port Enumeration
  9. 4. Port Enumeration
    ❱
    1. 4.1. FTP (21)
    2. 4.2. SSH (22)
    3. 4.3. DNS (53)
    4. 4.4. SMTP (25/465/587)
    5. 4.5. POP3 (110/995) / IMAP (143/993)
    6. 4.6. SMB (139/445)
    7. 4.7. SNMP (161 UDP)
    8. 4.8. LDAP (389/636)
    9. 4.9. NFS (2049)
    10. 4.10. RPC (111/135)
    11. 4.11. MySQL (3306)
    12. 4.12. MSSQL (1433)
    13. 4.13. RDP (3389)
    14. 4.14. WinRM (5985/5986)
    15. 4.15. Redis (6379)
  10. Web Enumeration
  11. 5. Web Enumeration
  12. Web Attacks
  13. 6. Web Attacks
    ❱
    1. 6.1. LOCAL FILE INCLUSION (LFI)
    2. 6.2. REMOTE FILE INCLUSION (RFI)
    3. 6.3. SQL INJECTION
    4. 6.4. COMMAND INJECTION
    5. 6.5. FILE UPLOAD ATTACKS
    6. 6.6. AUTHENTICATION ATTACKS
    7. 6.7. SERVER-SIDE TEMPLATE INJECTION (SSTI)
    8. 6.8. XML EXTERNAL ENTITY (XXE)
    9. 6.9. DESERIALIZATION
    10. 6.10. REVERSE SHELLS & PAYLOADS
  14. Common Applications
  15. 7. Common Applications
    ❱
    1. 7.1. Web Servers & Frameworks
      ❱
      1. 7.1.1. Apache / Nginx
      2. 7.1.2. IIS
      3. 7.1.3. Node.js / Express
      4. 7.1.4. Flask / Django
      5. 7.1.5. PHP
    2. 7.2. CMS Platforms
      ❱
      1. 7.2.1. WordPress
      2. 7.2.2. Drupal
      3. 7.2.3. Joomla
      4. 7.2.4. CMS Made Simple
      5. 7.2.5. Magento
      6. 7.2.6. Moodle
    3. 7.3. Application Servers & Admin Panels
      ❱
      1. 7.3.1. Apache Tomcat
      2. 7.3.2. Jenkins
      3. 7.3.3. GitLab
      4. 7.3.4. Webmin
      5. 7.3.5. Grafana
      6. 7.3.6. phpMyAdmin
      7. 7.3.7. PostgreSQL / pgAdmin
      8. 7.3.8. Elasticsearch / Kibana
      9. 7.3.9. Nagios
      10. 7.3.10. Splunk
      11. 7.3.11. Docker API
    4. 7.4. Service-Specific Exploits
      ❱
      1. 7.4.1. ProFTPD
      2. 7.4.2. vsftpd 2.3.4
      3. 7.4.3. Samba
      4. 7.4.4. Exim
      5. 7.4.5. Dovecot
      6. 7.4.6. OpenSSH
      7. 7.4.7. CUPS (Printing)
  16. Linux Privilege Escalation
  17. 8. Linux Privilege Escalation
    ❱
    1. 8.1. AUTOMATED ENUMERATION
    2. 8.2. SYSTEM INFORMATION
    3. 8.3. SUDO
    4. 8.4. SUID / SGID BINARIES
    5. 8.5. CRON JOBS
    6. 8.6. FILE PERMISSIONS & CAPABILITIES
    7. 8.7. PATH HIJACK & LIBRARY HIJACKING
    8. 8.8. WILDCARD INJECTION
    9. 8.9. KERNEL EXPLOITS
    10. 8.10. DOCKER / LXD / CONTAINER ESCAPE
    11. 8.11. NFS & INTERNAL SERVICES
  18. Windows Privilege Escalation
  19. 9. Windows Privilege Escalation
    ❱
    1. 9.1. AUTOMATED ENUMERATION
    2. 9.2. SYSTEM INFORMATION
    3. 9.3. TOKEN PRIVILEGES (POTATO ATTACKS)
    4. 9.4. SERVICE MISCONFIGURATIONS
    5. 9.5. SERVICE CREATION & PERSISTENCE
    6. 9.6. REGISTRY & AUTOLOGON
    7. 9.7. CREDENTIAL HUNTING
    8. 9.8. SCHEDULED TASKS
    9. 9.9. KERNEL EXPLOITS
  20. Active Directory
  21. 10. Active Directory
    ❱
    1. 10.1. AD ENUMERATION (FROM FOOTHOLD)
    2. 10.2. BLOODHOUND
    3. 10.3. KERBEROASTING
    4. 10.4. AS-REP ROASTING
    5. 10.5. PASSWORD SPRAYING
    6. 10.6. NTLM RELAY & RESPONDER
    7. 10.7. LATERAL MOVEMENT
    8. 10.8. DELEGATION ATTACKS
    9. 10.9. PRINTNIGHTMARE (CVE-2021-1675)
    10. 10.10. DOMAIN ESCALATION TO DA
    11. 10.11. TICKET ATTACKS (GOLDEN / SILVER)
    12. 10.12. POST-EXPLOITATION (AFTER DA)
  22. Pivoting & Tunneling
  23. 11. Pivoting & Tunneling
    ❱
    1. 11.1. IDENTIFY PIVOT TARGETS
    2. 11.2. SSH TUNNELING
    3. 11.3. CHISEL (NO SSH NEEDED)
    4. 11.4. LIGOLO-NG (ADVANCED PIVOTING)
    5. 11.5. WINDOWS PORT FORWARDING
    6. 11.6. PROXYCHAINS CONFIGURATION
  24. Buffer Overflow
  25. 12. Buffer Overflow
  26. Password Attacks
  27. 13. Password Attacks
  28. Payload Generation
  29. 14. Payload Generation
  30. Client-Side Attacks
  31. 15. Client-Side Attacks
  32. File Transfers
  33. 16. File Transfers
  34. Compiling Exploits
  35. 17. Compiling Exploits
  36. Restricted Shell Escapes
  37. 18. Restricted Shell Escapes
  38. Port Knocking
  39. 19. Port Knocking
  40. Steganography
  41. 20. Steganography
  42. Persistence
  43. 21. Persistence
  44. Quick Reference
  45. 22. Quick Reference
  46. Speed Hacks
  47. 23. Speed Hacks
    ❱
    1. 23.1. PARALLEL SCANNING
    2. 23.2. ONE-LINER CHAINS
    3. 23.3. SMART WORDLIST SELECTION
    4. 23.4. SHORTCUTS & TRICKS
  48. Decision Trees
  49. 24. Decision Trees
  50. Rabbit Hole Warnings
  51. 25. Rabbit Hole Warnings
  52. Credential Tracking
  53. 26. Credential Tracking
  54. Vulnerability Research
  55. 27. Vulnerability Research

Offensive Security Resources

💉 Web Attacks

Exploitation techniques for web application vulnerabilities.


  • LOCAL FILE INCLUSION (LFI)
  • REMOTE FILE INCLUSION (RFI)
  • SQL INJECTION
  • COMMAND INJECTION
  • FILE UPLOAD ATTACKS
  • AUTHENTICATION ATTACKS
  • SERVER-SIDE TEMPLATE INJECTION (SSTI)
  • XML EXTERNAL ENTITY (XXE)
  • DESERIALIZATION
  • REVERSE SHELLS & PAYLOADS