PenTestLab was designed with the idea of helping ethical penetration testers to build their own private lab,to develop their skills in a safe environment and to learn existing and new exploitation techniques.
It is very common during penetration tests where domain administrator access has been achieved to extract the password hashes of all the domain users for offline cracking and analysis. These hashes are stored in a database file in the domain controller (NTDS.DIT) with some additional information like group memberships and users. The NTDS.DIT file is […]
Covering arbitrary commands through legitimate traffic is a must for every red team engagement. The majority of the command and control tools are implementing a stealthy technique that it will allow red teams to hide their activities as data exfiltration is part of the goals. David Kennedy developed a command and control tool called TrevorC2 […]