Hacker RoadmapHacker Roadmap (opens in a new tab)Contact ↗Contact ↗ (opens in a new tab)
GitHubGitHub (opens in a new tab)DiscordDiscord (opens in a new tab)
  • Hacking Notes | Welcome đź‘‹
  • 🔵 BlueTeam
    • 1.CVE
      • Cvss
    • 2.Email-Analysis
      • Emails Analysis
    • 3.File-Analysis
      • Cyber Chef
      • File Hash (Analysis)
    • 4.Log-Analysis
      • Linux
      • Windows
      • Tools
        • Splunk
    • 5.Malware-Analysis
      • Malware
      • Type of Malware
      • Tools
        • 1.flare Vm
        • 2.detect It Easy
        • 3.decode Malware Package
        • 4.capa
        • 5.process Monitor
        • 6.floss
    • 6.Forensics-Analysis
      • Ftk Imager
      • Memory-Forensics-Analysis
        • Memory Forensics
        • Tools
          • Volatility
    • 7.Packets-Analysis
      • Packets Analysis Overview
      • Tcpdump
      • Tshark
      • Wireshark
    • 8.System-Monitoring
      • Canary Tokens
    • Others
      • Regular-Expressions
        • Regular Expression
  • đź”´ RedTeam
    • 0.Bookmark
      • Redteam Approach
      • Webapp Approach
    • 1.Information-Gathering
      • 1.Passive-Reconnaissance
        • Censys
        • Flavicon
        • Shodan
        • Whois
        • DNS
          • Dig
          • Dnsdumper
          • Nslookup
          • Shodan
          • Ssl Tls Certificates
      • 2.Active-Reconnaissance
        • Amass
        • Curl
        • Dnsenum
        • Netcat
        • Ping
        • Sn1per
        • Telnet
        • Traceroute
        • Whatweb
    • 2.Scanning-and-Enumeration
      • 1.Scanner
        • MassScan
          • Commands
        • Nmap
          • Commands
          • More Information
      • 2.Enumeration
        • Directory
          • Dirhunt
          • Gobuster
        • Javascript Library
          • Discovery & Enumeration
        • Parameters
          • Gospider
        • Subdomain
          • Amass
          • Fofa
          • Gobuster
          • Google Dorking
          • Subdomainizer
          • Wayback Crawler
        • Vulnerability
          • Nikto
          • Nuclei
      • 3.Ports
        • Table
        • Ports-Links
          • 110-POP3
            • Pop3
          • 111-RPCbind-NSF
            • Nsf
            • Rpcbind
          • 135-MSRPC
            • Msrpc
          • 139-and-445-SMB
            • Crackmapexec
            • Samba
            • Smb
          • 143-IMAP
            • Imap
          • 20-and-21-FTP
            • Ftp
            • Proftpd
          • 22-SSH
            • Ssh
          • 23-Telnet
            • Telnet
          • 25-and-587-SMPT
            • Smtp
          • 3026-and-3389-RDP
            • Rdp
          • 3306-SQL
            • Mysql
          • 389-and-636-LDAP
            • Ldap
          • 53-DNS
            • DNS
          • 5900-and-5901-VNC
            • Vnc
          • 88-Kerberos
            • Kerberos
          • EXTRA
            • Outlook Web Access
      • Others
        • Next.js
        • Urls
    • 3.Web-Hacking
      • 0.Web-proxy
        • BurpSuite
          • Notes
          • Modules
            • Ntlm and Ntlm2 Setup
      • 1.Brute-Force
        • 2.Fuzz
          • Ffuf
          • Gobuster
          • Hydra
          • Wfuzz
      • 2.Cryptography
        • Hash Identifier
        • 1.Cracking-Tools
          • Token Cracking
          • Hashcat
            • Commands
            • Gpu Renting
            • Informations
          • John-The-Ripper
            • Commands
            • Informations
          • fcrackzip
            • Commands
        • 2.Encoding
          • Create-Encoding
            • Base64
            • Openssl
            • Shasum
          • Create-Hash
            • File Hash
            • Mkpasswd
          • JWT
            • JWT
            • Tools
              • Cookie Monster
              • JWT Website
              • Jwtool
          • UUID
            • Uuid V1
        • 3.Obfuscation
          • Notes
        • 4.Notes
          • Information Encryption
          • Information Hash
          • Information Steganography
      • 3.Business-Logic
        • Access-Control-Vulnerabilities
          • Notes
            • 1.what Is Access Control
            • 2.vertical Privilege Escalation
            • 3.horizontal Privilege Escalation
            • 4.how to Prevent Access Control
        • Authentification-Vulnerability
          • Notes
            • 1.what Is Authentification Vulnerability
            • 2.multi Factor Authentication
            • 3.password Based Login
            • 4.resetting Passwords
            • 5.restricted Files
            • 6.secure Authentication Mechanisms
        • Information-Disclosure
          • Notes
            • 1.what Is Information Disclosure
            • 2.testing for Information Disclosure
            • 3.common Sources of Information Disclosure
            • 4.how to Prevent Information Disclosure
        • Open-Source-Search
          • GitHub Search
        • Serialization-and-Deserialization
          • Notes
            • Serialization and Deserialization
      • 4.Injection
        • Payload All the Things
        • CSRF
          • Commands
          • Notes
            • 1.testing Csrf Token
            • 2.testing Csrf Token and Cookie
            • What Is Cross Site Request Forgery
        • Cookies
          • SQL Injection
        • Directory-Traversal
          • Commands
          • Tools
          • Notes
            • 1.what Is Directory Transversal
            • 2.common Obstacles and Bypass
            • 3.how to Prevent Directory Traversal Attacks
        • Email Atom
          • Commands
          • Notes
        • File-Inclusion
          • Local
          • Remote
        • File-Upload
          • Commands
          • Notes
            • 1.overwriting
            • Client Side
            • Server Side
        • HTML
          • Notes
        • HTTP-Request
          • Forging Mail Header Password Reset
          • HTTP Request Smuggling
        • OS-Commands
          • Commands
          • Tools
          • Notes
            • 1.what Is Os Command Injection
            • 2.blind Os Command Injection Vulnerabilities
            • 3.ways of Injecting Os Commands
            • 4.prevent Os Command Injection Attacks
        • Parameter
          • Parameter Tampering and Idor
          • Redirection
        • Request Smuggling
          • HTTP-1.1
            • Notes
          • HTTP-2
            • Notes
        • SQL
          • Cheatsheet
          • Commands
            • Commands
            • SQL-Injection-Vectors
              • 1 Database
              • 2 Login Form
              • 3 Xml
              • 4 Ajax
            • SQL-injection
              • 1 Retrieving Hidden Data
              • 3 Retrieving Data from Other Database Tables
              • 4 Examining the Database
              • 5 Listening the Contents of the Database
              • 6 Blind SQL Injection
              • 7 Union Attacks
          • Language
            • SQL Language
          • Notes
            • 1.prevent SQL Injection
            • Top 10 SQL Injection
          • Tools
            • Ghauri
            • Sqlitebrowser
            • Sqlmap
        • SSRF
          • Commands
          • Notes
            • 1.what Is Server Side Request Vulnerability
            • 2.common Attacks
            • 3.bypassing Ssrf Defenses
            • 4.blind Ssrf
        • Tools
          • Paramspider
        • XSS
          • Commands
          • Tools
          • Notes
            • 1.xss
            • 2.reflected Xss
            • 3.stored Xss
            • 4.blind Xss
            • 5.dom Xss
        • XXE
          • Iis Xxe
          • Commands
            • 1.xxe Retrieve Files
            • 2.xxe Ssrf Attacks
            • 3.xxe Blind
            • 4.xxe File Upload
            • 5.xxe Xinclude
            • Commands
            • Testing and Prevention
          • Notes
            • 1.what Is Xee Vulnerability
      • 5.Others
        • Clickjaking
        • Race Condition
    • 4.Exploitation
      • Searchsploit
      • Buffer-Overflow
        • Buffer Overflow
      • Command-and-Control-C2
        • Framework
          • Cobalt Strike
          • Villain
      • Metasploit
        • Commands
          • 1.msfconsole
          • 2.meterpreter
        • Modules
          • Add-on
            • Auto Migration
            • Pass the Hash
          • Services
            • Postgres
            • Proxy
            • Ssh
        • Notes
          • 1.metasploit Introduction
          • 2.metasploit Exploitation
          • 3.metasploit Meterpreter
      • Scanner
        • Joomla Scanner
        • Nuclei
        • Wpscan
        • General
          • Wapiti
          • Whatweb
      • Server
        • Ngrok Server External
        • Python Server Local
        • Python Upload Server
      • Shell-and-Reverse-Shell
        • 1.Payloads-Windows-and-Linux
          • Linux
            • • Msfvenom
          • Windows
            • • Msfvenom
            • Macros Payloads (Ms World, Excel, ...)
        • 2.Listeners
          • General Information
          • Multi Handler
          • Netcat
          • Socat Encrypted
    • 5.Machine
      • 1.Linux
        • General
          • Commands
            • General Commands
          • Exploitation
            • Commands
            • 1.Privilege-Escalation
              • 1.credential Hunting
              • 2.suid Sudo Right Abuse
              • 3.cron Job Abuse
              • 4.path Abuse
              • 5.kernel Exploits
              • 6.vulnerable Services
              • 7.wildcard Abuse
              • General Privs Esc
            • 2.Persistence
              • 1.account Manipulation
              • 2.create Priv Local Account
              • 3.unix Shell Configuration
              • 4.web Shell Backdoor
              • 5.cron Jobs
              • General Persistence
            • AV-Detection-Evasion
              • Evasion-Techniques
                • General
                • Tools
                  • Libprocesshider
          • Hide
            • Clear Logs and History
            • Hiding Search
          • Tools
            • Enum4linux
            • Linenum
            • Linpeas
            • Linux Exploitation Suggester
            • Linux Priv Checker
            • Linux Smart Enumeration
        • Notes
          • REVIEW
            • Miscellaneous Techniques
            • Privileged Groups
            • Shared Libraries
            • Shared Object Hijacking
      • 2.Windows
        • General
          • Commands
            • General Commands
          • Exploitation
            • Commands
            • Exploitation
          • Hide
            • Clear Logs
            • Hiding Search
          • Tools
            • Mimikatz
            • Ntlm Theft
            • Powerup
            • Privesccheck
            • Windows Exploit Suggester
            • Winpeas
            • TOP
              • 1.crackmapexec
              • 2.impacket
              • 3.responder
              • 4.bloodhound
        • Notes
          • 1.general Windows Info
          • 2.automated Enumeration
          • 3.kernel Exploits
          • 4.manual Enumeration
          • 5.password and Port Forwarding
          • 6.getsystem
          • REVIEW
            • Alwaysinstallelevated
            • Autoruns
            • Binpath
            • Dll Hijacking
            • Regsvc
            • Token Impersonation
            • Unquoted Service Paths
          • Specific-Topics
            • Env Variables and Alias
            • Kerberos
            • Ldap
            • Ntlm and Ntlm2
      • 3.Active-Directory
        • Mindmap
        • General
          • Commands
            • Commands
          • Exploitation
            • 1.Initial-exploitation
              • 1.scheduled Tasks
              • 2.service Misconfiguration
              • 3.tokens and Migration
              • 4.unattended Windows Installations
              • 5.powershell History
              • 6.iis Configuration
              • 7.saved Windows Credentials
            • 2.Breaching-AD
              • 1.ntlm Brute Force
              • 2.ldap Rogue Server
              • 3.authentication Relays Responder
              • 4.mdt and Sccm Pxe Boot Image
              • 5.configuration Files
            • 3.Enumeration-AD
              • 1.ad Credential Login
              • 2.credential Injection and DNS
              • 3.enumeration through Mmc
              • 4.enumeration through Cmd
              • 5.enumeration through Powershell
              • 6.enumeration through Bloodhound
              • 7.additional Enumeration Techniques
            • 4.Lateral Movement-AD
              • 1.spawning Processes Remotely
              • 2.moving Laterally Using Wmi
              • 3.alternate Authentication
              • 4.abusing User Behaviour
            • 5.Exploiting-AD
              • 1.exploiting Permission Delegation
              • 2.exploiting Kerberos Delegation
              • 3.exploiting Automated Relays
              • 4.exploiting Ad Users
              • 5.exploiting Gpos
              • 6.exploiting Certificates
              • 7.exploiting Domain Trusts
              • Specific-Topics
                • Bypassing Uac
                • Kernel Exploits
                • Token Impersonation
            • 6.Persistence-AD
              • 1.persistence through Credentials
              • 2.persistence through Tickets
              • 3.persistence through Certificates
              • 4.persistence through Sid History
              • 5.persistence through Group Membership
              • 6.persistence through Acls
              • 7.persistence through Gpos
              • 8.other Techniques
            • 7.Credentials-Harvesting-AD
              • 1.credential Access
              • 2.local Windows Credentials
              • 3.local Security Authority Subsystem Service
              • 4.windows Credential Manager
              • 5.domain Controller
              • 6.local Administrator Password Solution
              • 7.others Attacks
              • General
            • AV-Detection-and-Evasion
              • Detection-Methods
                • Behavior Based Detection
                • Heuristic Based Detection
                • Signature Based Detection
              • Evasion-Techniques
                • General
                • Tools
                  • Evasion Invoke Obfuscation
                  • Evasion Shellter
            • General
              • 1.external Recon and Enumeration Principles
              • 2.1.initial Domain Enumeration
              • 2.initial Users Enumeration
              • Shema of Exploitation
          • Hide
            • Clear Logs
            • Hiding Search
          • Tools
            • Evil Winrm
            • Mimikatz
            • Ntlm Theft
            • Powerup
            • Privesccheck
            • Sweet Potato
            • Windows Exploit Suggester
            • Winpeas
            • TOP
              • 1.crackmapexec
              • 2.impacket
              • 3.responder
              • 4.bloodhound
              • 5.ldap Hierarchical Tree
        • Notes
          • Specific-Topics
            • Env Variables and Alias
            • Kerberos
            • Ldap
            • Ntlm and Ntlm2
          • Tyler
            • 1.password Spraying
            • 2.enumerating Security Controls
            • 3.kerberoasting
            • 4.access Control Lists
            • 5.stacking the Deck
            • 6.domain Trusts
            • 7.breaking down Barriers
      • Others
        • File Sharing Windows and Linux
        • Port-Forwarding-Pivoting
          • Ligolo
          • Socat Port Forwarding
          • Ssh Port Forwarding
    • Others
      • API
        • Notes
          • 1.Information-Gathering
            • Active Reconnaissance API
            • Passive Reconnaissance API
          • 2.Scanning-and-Enumeration
            • Endpoint Analysis
            • Scanning API
          • 3.Exploitation
            • API Authentication Attacks
            • Exploiting API Authorization
            • Exploiting Ssrf
            • Improper Assets Management
            • Injection Attack
            • Mass Assignment Attacks
          • 4.Evasion
            • Evasive Maneuvers
            • Waf Evasion
          • Type-of-API-and-Privacy
            • 1.type and Privacy
            • 2.restful
            • 3.GraphQL
        • Tools
          • Google Maps API Scanner
          • Porch Pirate
          • Postman
          • Swaggerjacker Enum
      • Breach Records
        • Breach Records
      • Bypass
        • Auth by Ip
        • Otp
        • Recaptcha
        • Unicode
        • WAF
          • Bypass 403 Waf
      • Car-Hacking
        • Evil Crow
        • Obdii
      • Cloud
        • CloudEnum
          • Cloudenum
        • Firebase
          • Firebaseenum
        • S3
          • Video
          • Tools
            • Lazys3
            • S3scanner
      • Docker
        • Docker
      • Git
        • Notes
      • Hardware
        • HardDrive
          • Data Retrievement
          • Tools
        • Raspberry Pi
          • Raspberry Pi Lte Setup
      • Hosting-and-Server
        • Bullet Proof Hosting
        • Honeypot
      • Mac-Address
        • Changing Mac Address
      • Network
        • Mitm6
        • Ntlmrelayx6
      • OSINT
        • Dorking
          • Google Dorking
        • Email
          • Notes
            • 1.emails Analysis
          • Tools
            • The Harvester
        • Social
          • Tools
            • Instagram Osint
        • Website
          • Flavicon Database
      • Phone
        • 1.android Hacking
        • Tools
          • Apk Leaks
          • Mitmproxy and Burpsuite
          • Mobsf
      • Physical-Pentesting
        • Kon Boot
      • Radio
        • Gps Spoofing
      • Regular Expressions
        • Regular Expression
      • Spamming
        • SMTP
          • Smtp Mailer and PHP Mailer
      • Wordlist
        • 1.generate
        • 2.combine
        • 3.remove Duplication
  • Hacking Notes | Welcome đź‘‹
  • 🔵 BlueTeam
    • 1.CVE
      • Cvss
    • 2.Email-Analysis
      • Emails Analysis
    • 3.File-Analysis
      • Cyber Chef
      • File Hash (Analysis)
    • 4.Log-Analysis
      • Linux
      • Windows
      • Tools
        • Splunk
    • 5.Malware-Analysis
      • Malware
      • Type of Malware
      • Tools
        • 1.flare Vm
        • 2.detect It Easy
        • 3.decode Malware Package
        • 4.capa
        • 5.process Monitor
        • 6.floss
    • 6.Forensics-Analysis
      • Ftk Imager
      • Memory-Forensics-Analysis
        • Memory Forensics
        • Tools
          • Volatility
    • 7.Packets-Analysis
      • Packets Analysis Overview
      • Tcpdump
      • Tshark
      • Wireshark
    • 8.System-Monitoring
      • Canary Tokens
    • Others
      • Regular-Expressions
        • Regular Expression
  • đź”´ RedTeam
    • 0.Bookmark
      • Redteam Approach
      • Webapp Approach
    • 1.Information-Gathering
      • 1.Passive-Reconnaissance
        • Censys
        • Flavicon
        • Shodan
        • Whois
        • DNS
          • Dig
          • Dnsdumper
          • Nslookup
          • Shodan
          • Ssl Tls Certificates
      • 2.Active-Reconnaissance
        • Amass
        • Curl
        • Dnsenum
        • Netcat
        • Ping
        • Sn1per
        • Telnet
        • Traceroute
        • Whatweb
    • 2.Scanning-and-Enumeration
      • 1.Scanner
        • MassScan
          • Commands
        • Nmap
          • Commands
          • More Information
      • 2.Enumeration
        • Directory
          • Dirhunt
          • Gobuster
        • Javascript Library
          • Discovery & Enumeration
        • Parameters
          • Gospider
        • Subdomain
          • Amass
          • Fofa
          • Gobuster
          • Google Dorking
          • Subdomainizer
          • Wayback Crawler
        • Vulnerability
          • Nikto
          • Nuclei
      • 3.Ports
        • Table
        • Ports-Links
          • 110-POP3
            • Pop3
          • 111-RPCbind-NSF
            • Nsf
            • Rpcbind
          • 135-MSRPC
            • Msrpc
          • 139-and-445-SMB
            • Crackmapexec
            • Samba
            • Smb
          • 143-IMAP
            • Imap
          • 20-and-21-FTP
            • Ftp
            • Proftpd
          • 22-SSH
            • Ssh
          • 23-Telnet
            • Telnet
          • 25-and-587-SMPT
            • Smtp
          • 3026-and-3389-RDP
            • Rdp
          • 3306-SQL
            • Mysql
          • 389-and-636-LDAP
            • Ldap
          • 53-DNS
            • DNS
          • 5900-and-5901-VNC
            • Vnc
          • 88-Kerberos
            • Kerberos
          • EXTRA
            • Outlook Web Access
      • Others
        • Next.js
        • Urls
    • 3.Web-Hacking
      • 0.Web-proxy
        • BurpSuite
          • Notes
          • Modules
            • Ntlm and Ntlm2 Setup
      • 1.Brute-Force
        • 2.Fuzz
          • Ffuf
          • Gobuster
          • Hydra
          • Wfuzz
      • 2.Cryptography
        • Hash Identifier
        • 1.Cracking-Tools
          • Token Cracking
          • Hashcat
            • Commands
            • Gpu Renting
            • Informations
          • John-The-Ripper
            • Commands
            • Informations
          • fcrackzip
            • Commands
        • 2.Encoding
          • Create-Encoding
            • Base64
            • Openssl
            • Shasum
          • Create-Hash
            • File Hash
            • Mkpasswd
          • JWT
            • JWT
            • Tools
              • Cookie Monster
              • JWT Website
              • Jwtool
          • UUID
            • Uuid V1
        • 3.Obfuscation
          • Notes
        • 4.Notes
          • Information Encryption
          • Information Hash
          • Information Steganography
      • 3.Business-Logic
        • Access-Control-Vulnerabilities
          • Notes
            • 1.what Is Access Control
            • 2.vertical Privilege Escalation
            • 3.horizontal Privilege Escalation
              • Horizontal Privilege Escalation
            • 4.how to Prevent Access Control
        • Authentification-Vulnerability
          • Notes
            • 1.what Is Authentification Vulnerability
            • 2.multi Factor Authentication
            • 3.password Based Login
            • 4.resetting Passwords
            • 5.restricted Files
            • 6.secure Authentication Mechanisms
        • Information-Disclosure
          • Notes
            • 1.what Is Information Disclosure
            • 2.testing for Information Disclosure
            • 3.common Sources of Information Disclosure
            • 4.how to Prevent Information Disclosure
        • Open-Source-Search
          • GitHub Search
        • Serialization-and-Deserialization
          • Notes
            • Serialization and Deserialization
      • 4.Injection
        • Payload All the Things
        • CSRF
          • Commands
          • Notes
            • 1.testing Csrf Token
            • 2.testing Csrf Token and Cookie
            • What Is Cross Site Request Forgery
        • Cookies
          • SQL Injection
        • Directory-Traversal
          • Commands
          • Tools
          • Notes
            • 1.what Is Directory Transversal
            • 2.common Obstacles and Bypass
            • 3.how to Prevent Directory Traversal Attacks
        • Email Atom
          • Commands
          • Notes
        • File-Inclusion
          • Local
          • Remote
        • File-Upload
          • Commands
          • Notes
            • 1.overwriting
            • Client Side
            • Server Side
        • HTML
          • Notes
        • HTTP-Request
          • Forging Mail Header Password Reset
          • HTTP Request Smuggling
        • OS-Commands
          • Commands
          • Tools
          • Notes
            • 1.what Is Os Command Injection
            • 2.blind Os Command Injection Vulnerabilities
            • 3.ways of Injecting Os Commands
            • 4.prevent Os Command Injection Attacks
        • Parameter
          • Parameter Tampering and Idor
          • Redirection
        • Request Smuggling
          • HTTP-1.1
            • Notes
          • HTTP-2
            • Notes
        • SQL
          • Cheatsheet
          • Commands
            • Commands
            • SQL-Injection-Vectors
              • 1 Database
              • 2 Login Form
              • 3 Xml
              • 4 Ajax
            • SQL-injection
              • 1 Retrieving Hidden Data
              • 3 Retrieving Data from Other Database Tables
              • 4 Examining the Database
              • 5 Listening the Contents of the Database
              • 6 Blind SQL Injection
              • 7 Union Attacks
          • Language
            • SQL Language
          • Notes
            • 1.prevent SQL Injection
            • Top 10 SQL Injection
          • Tools
            • Ghauri
            • Sqlitebrowser
            • Sqlmap
        • SSRF
          • Commands
          • Notes
            • 1.what Is Server Side Request Vulnerability
            • 2.common Attacks
            • 3.bypassing Ssrf Defenses
            • 4.blind Ssrf
        • Tools
          • Paramspider
        • XSS
          • Commands
          • Tools
          • Notes
            • 1.xss
            • 2.reflected Xss
            • 3.stored Xss
            • 4.blind Xss
            • 5.dom Xss
        • XXE
          • Iis Xxe
          • Commands
            • 1.xxe Retrieve Files
            • 2.xxe Ssrf Attacks
            • 3.xxe Blind
            • 4.xxe File Upload
            • 5.xxe Xinclude
            • Commands
            • Testing and Prevention
          • Notes
            • 1.what Is Xee Vulnerability
      • 5.Others
        • Clickjaking
        • Race Condition
    • 4.Exploitation
      • Searchsploit
      • Buffer-Overflow
        • Buffer Overflow
      • Command-and-Control-C2
        • Framework
          • Cobalt Strike
          • Villain
      • Metasploit
        • Commands
          • 1.msfconsole
          • 2.meterpreter
        • Modules
          • Add-on
            • Auto Migration
            • Pass the Hash
          • Services
            • Postgres
            • Proxy
            • Ssh
        • Notes
          • 1.metasploit Introduction
          • 2.metasploit Exploitation
          • 3.metasploit Meterpreter
      • Scanner
        • Joomla Scanner
        • Nuclei
        • Wpscan
        • General
          • Wapiti
          • Whatweb
      • Server
        • Ngrok Server External
        • Python Server Local
        • Python Upload Server
      • Shell-and-Reverse-Shell
        • 1.Payloads-Windows-and-Linux
          • Linux
            • • Msfvenom
          • Windows
            • • Msfvenom
            • Macros Payloads (Ms World, Excel, ...)
        • 2.Listeners
          • General Information
          • Multi Handler
          • Netcat
          • Socat Encrypted
    • 5.Machine
      • 1.Linux
        • General
          • Commands
            • General Commands
          • Exploitation
            • Commands
            • 1.Privilege-Escalation
              • 1.credential Hunting
              • 2.suid Sudo Right Abuse
              • 3.cron Job Abuse
              • 4.path Abuse
              • 5.kernel Exploits
              • 6.vulnerable Services
              • 7.wildcard Abuse
              • General Privs Esc
            • 2.Persistence
              • 1.account Manipulation
              • 2.create Priv Local Account
              • 3.unix Shell Configuration
              • 4.web Shell Backdoor
              • 5.cron Jobs
              • General Persistence
            • AV-Detection-Evasion
              • Evasion-Techniques
                • General
                • Tools
                  • Libprocesshider
          • Hide
            • Clear Logs and History
            • Hiding Search
          • Tools
            • Enum4linux
            • Linenum
            • Linpeas
            • Linux Exploitation Suggester
            • Linux Priv Checker
            • Linux Smart Enumeration
        • Notes
          • REVIEW
            • Miscellaneous Techniques
            • Privileged Groups
            • Shared Libraries
            • Shared Object Hijacking
      • 2.Windows
        • General
          • Commands
            • General Commands
          • Exploitation
            • Commands
            • Exploitation
          • Hide
            • Clear Logs
            • Hiding Search
          • Tools
            • Mimikatz
            • Ntlm Theft
            • Powerup
            • Privesccheck
            • Windows Exploit Suggester
            • Winpeas
            • TOP
              • 1.crackmapexec
              • 2.impacket
              • 3.responder
              • 4.bloodhound
        • Notes
          • 1.general Windows Info
          • 2.automated Enumeration
          • 3.kernel Exploits
          • 4.manual Enumeration
          • 5.password and Port Forwarding
          • 6.getsystem
          • REVIEW
            • Alwaysinstallelevated
            • Autoruns
            • Binpath
            • Dll Hijacking
            • Regsvc
            • Token Impersonation
            • Unquoted Service Paths
          • Specific-Topics
            • Env Variables and Alias
            • Kerberos
            • Ldap
            • Ntlm and Ntlm2
      • 3.Active-Directory
        • Mindmap
        • General
          • Commands
            • Commands
          • Exploitation
            • 1.Initial-exploitation
              • 1.scheduled Tasks
              • 2.service Misconfiguration
              • 3.tokens and Migration
              • 4.unattended Windows Installations
              • 5.powershell History
              • 6.iis Configuration
              • 7.saved Windows Credentials
            • 2.Breaching-AD
              • 1.ntlm Brute Force
              • 2.ldap Rogue Server
              • 3.authentication Relays Responder
              • 4.mdt and Sccm Pxe Boot Image
              • 5.configuration Files
            • 3.Enumeration-AD
              • 1.ad Credential Login
              • 2.credential Injection and DNS
              • 3.enumeration through Mmc
              • 4.enumeration through Cmd
              • 5.enumeration through Powershell
              • 6.enumeration through Bloodhound
              • 7.additional Enumeration Techniques
            • 4.Lateral Movement-AD
              • 1.spawning Processes Remotely
              • 2.moving Laterally Using Wmi
              • 3.alternate Authentication
              • 4.abusing User Behaviour
            • 5.Exploiting-AD
              • 1.exploiting Permission Delegation
              • 2.exploiting Kerberos Delegation
              • 3.exploiting Automated Relays
              • 4.exploiting Ad Users
              • 5.exploiting Gpos
              • 6.exploiting Certificates
              • 7.exploiting Domain Trusts
              • Specific-Topics
                • Bypassing Uac
                • Kernel Exploits
                • Token Impersonation
            • 6.Persistence-AD
              • 1.persistence through Credentials
              • 2.persistence through Tickets
              • 3.persistence through Certificates
              • 4.persistence through Sid History
              • 5.persistence through Group Membership
              • 6.persistence through Acls
              • 7.persistence through Gpos
              • 8.other Techniques
            • 7.Credentials-Harvesting-AD
              • 1.credential Access
              • 2.local Windows Credentials
              • 3.local Security Authority Subsystem Service
              • 4.windows Credential Manager
              • 5.domain Controller
              • 6.local Administrator Password Solution
              • 7.others Attacks
              • General
            • AV-Detection-and-Evasion
              • Detection-Methods
                • Behavior Based Detection
                • Heuristic Based Detection
                • Signature Based Detection
              • Evasion-Techniques
                • General
                • Tools
                  • Evasion Invoke Obfuscation
                  • Evasion Shellter
            • General
              • 1.external Recon and Enumeration Principles
              • 2.1.initial Domain Enumeration
              • 2.initial Users Enumeration
              • Shema of Exploitation
          • Hide
            • Clear Logs
            • Hiding Search
          • Tools
            • Evil Winrm
            • Mimikatz
            • Ntlm Theft
            • Powerup
            • Privesccheck
            • Sweet Potato
            • Windows Exploit Suggester
            • Winpeas
            • TOP
              • 1.crackmapexec
              • 2.impacket
              • 3.responder
              • 4.bloodhound
              • 5.ldap Hierarchical Tree
        • Notes
          • Specific-Topics
            • Env Variables and Alias
            • Kerberos
            • Ldap
            • Ntlm and Ntlm2
          • Tyler
            • 1.password Spraying
            • 2.enumerating Security Controls
            • 3.kerberoasting
            • 4.access Control Lists
            • 5.stacking the Deck
            • 6.domain Trusts
            • 7.breaking down Barriers
      • Others
        • File Sharing Windows and Linux
        • Port-Forwarding-Pivoting
          • Ligolo
          • Socat Port Forwarding
          • Ssh Port Forwarding
    • Others
      • API
        • Notes
          • 1.Information-Gathering
            • Active Reconnaissance API
            • Passive Reconnaissance API
          • 2.Scanning-and-Enumeration
            • Endpoint Analysis
            • Scanning API
          • 3.Exploitation
            • API Authentication Attacks
            • Exploiting API Authorization
            • Exploiting Ssrf
            • Improper Assets Management
            • Injection Attack
            • Mass Assignment Attacks
          • 4.Evasion
            • Evasive Maneuvers
            • Waf Evasion
          • Type-of-API-and-Privacy
            • 1.type and Privacy
            • 2.restful
            • 3.GraphQL
        • Tools
          • Google Maps API Scanner
          • Porch Pirate
          • Postman
          • Swaggerjacker Enum
      • Breach Records
        • Breach Records
      • Bypass
        • Auth by Ip
        • Otp
        • Recaptcha
        • Unicode
        • WAF
          • Bypass 403 Waf
      • Car-Hacking
        • Evil Crow
        • Obdii
      • Cloud
        • CloudEnum
          • Cloudenum
        • Firebase
          • Firebaseenum
        • S3
          • Video
          • Tools
            • Lazys3
            • S3scanner
      • Docker
        • Docker
      • Git
        • Notes
      • Hardware
        • HardDrive
          • Data Retrievement
          • Tools
        • Raspberry Pi
          • Raspberry Pi Lte Setup
      • Hosting-and-Server
        • Bullet Proof Hosting
        • Honeypot
      • Mac-Address
        • Changing Mac Address
      • Network
        • Mitm6
        • Ntlmrelayx6
      • OSINT
        • Dorking
          • Google Dorking
        • Email
          • Notes
            • 1.emails Analysis
          • Tools
            • The Harvester
        • Social
          • Tools
            • Instagram Osint
        • Website
          • Flavicon Database
      • Phone
        • 1.android Hacking
        • Tools
          • Apk Leaks
          • Mitmproxy and Burpsuite
          • Mobsf
      • Physical-Pentesting
        • Kon Boot
      • Radio
        • Gps Spoofing
      • Regular Expressions
        • Regular Expression
      • Spamming
        • SMTP
          • Smtp Mailer and PHP Mailer
      • Wordlist
        • 1.generate
        • 2.combine
        • 3.remove Duplication
  • Hacker Roadmap (opens in a new tab)
  • Contact ↗ (opens in a new tab)

On This Page

  • Horizontal Privilege Escalation
Question? Give us feedback → (opens in a new tab)Edit this page
RedTeam
3.Web-Hacking
3.Business-Logic
Access-Control-Vulnerabilities
Notes
3.horizontal Privilege Escalation

Horizontal Privilege Escalation

  • Modify the "id" parameter to access a different account: https://insecure-website.com/myaccount?id=123 (opens in a new tab)

  • This attack can be used to go from horizontal to vertical by taking over a privileged account

2.vertical Privilege Escalation4.how to Prevent Access Control
Hacking Notes Docs