Skip to content

skoving

Foothold

skoving

SkoveNet
SkoveNet
- Tutorials
  Tutorials
- Reference
  Reference
  - Architecture
    Architecture
    
    Overview
    
    Networking
    
    Security
  - Features
    Features
    
    Discovery
    
    Commands
    
    MCP
  - Development
    Development
    
    Adding Commands
  - Why SkoveNet
Writeups
Writeups
- C2
  C2
  - Sliver - Uno Reverse
- Chain
  Chain
  - MCP Security
- Web
  Web
  - FTPbox Hardcoded Credentials
  - JavaScript Recon to PII Exposure
- Maldev
  Maldev
  - Payload Hiding
Notes
Notes
- Windows Internals
  Windows Internals
  - DLL
  - PE Structure
  - Processes
  - Security
  - Memory
    Memory
    
    Memory Mapping
- Active Directory
  Active Directory
- Red Team
  Red Team
  - Proxying
  - Windows
    Windows
    
    Active Directory Techniques
    
    Initial Access (0%)
    Initial Access (0%)
    
    AD Enumeration
    
    Zero
    
    Send Payload
    
    Foothold (10%)
    Foothold (10%)
    
    Foothold Foothold
    Table of contents
    
    username + password (or hash)
    
    Post Exploitation (70%)
    Post Exploitation (70%)
    
    Enumeration
    
    Exfiltration
    
    Privilege Escalation
    
    Lateral Movement
    
    OPSEC
    
    Persistence
    Persistence
    
    AD Persistence
    
    General Persistence
- Web Security
  Web Security
Whoami

Foothold

username + password (or hash)¶

SMB / Admin Shares → psexec.py, smbexec.py, wmiexec.py, PsExec.exe PowerShell Invoke-WmiMethod
WinRM (PS Remoting) → evil-winrm, Enter-PSSession, Invoke-Command
SSH -> ssh
DCOM → Invoke-DCOM.ps1, MMC20.Application, ShellWindows, dcomexec.py
Scheduled Tasks → schtasks.exe, at.exe
SCM (Services) → sc.exe, PsExec technique
MSSQL → mssqlclient.py, xp_cmdshell
LDAP / Kerberos (Domain) → ldapsearch, Impacket Kerberos tools
VPN / Web Portals (OWA, etc.) → reuse creds for remote access
RDP → xfreerdp, rdesktop, mstsc