# Red Teaming - [Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration.md) - [Service Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration.md) - [SMTP (Port 25)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/smtp-port-25.md) - [Samba (Port 139, 445)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/samba-port-139-445.md) - [SNMP (Port 161,162,10161,10162)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/snmp-port-161-162-10161-10162.md) - [rsync (Port 873)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/rsync-port-873.md) - [NFS (Port 2049)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/nfs-port-2049.md) - [Apache JServ Protocol (Port 8081)](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/apache-jserv-protocol-port-8081.md): Ghostcat - [NetBIOS](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/service-enumeration/netbios.md): Network Basic Input/Output System - [Nmap](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/nmap.md): Search for hosts on a network - [Gobuster / Feroxbuster / FUFF / Wfuzz](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/gobuster-feroxbuster-fuff-wfuzz.md) - [Drupal](https://ret2basic.gitbook.io/ctfnote/red-teaming/enumeration/drupal.md) - [Exploitation](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation.md): Hack The Planet - [Public Exploits](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/public-exploits.md): searchsploit, Github - [PHP Webshells](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/php-webshells.md): wso, p0wny - [Reverse Shell](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/reverse-shell.md) - [TTY](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/tty.md) - [File Transfer](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/file-transfer.md) - [Metasploit](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/metasploit.md) - [Password Spray](https://ret2basic.gitbook.io/ctfnote/red-teaming/exploitation/password-spray.md) - [Buffer Overflow](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow.md) - [Step 0: Spiking (Optional)](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-0-spiking-optional.md): generic\_send\_tcp - [Step 1: Fuzzing](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-1-fuzzing.md): AAAAAAAA - [Step 2: Finding the Offset](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-2-finding-the-offset.md): pattern\_create and pattern\_offset - [Step 3: Overwriting the EIP](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-3-overwriting-the-eip.md): EIP=0x42424242 - [Step 4: Finding Bad Characters](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-4-finding-bad-characters.md): badchars - [Step 5: Finding the Right Module](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-5-finding-the-right-module.md): JMP ESP - [Step 6: Generating Shellcode and Gaining Root](https://ret2basic.gitbook.io/ctfnote/red-teaming/buffer-overflow/step-6-generating-shellcode-and-gaining-root.md): msfvenom - [Privilege Escalation](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation.md) - [Linux Privilege Escalation](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation.md) - [Linux Permissions](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/linux-permissions.md): rwx - [Manual Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/manual-enumeration.md): System, user, network, and password - [Automated Tools](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/automated-tools.md): LinPEAS! - [Kernel Exploits](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/kernel-exploits.md): Dirty Cow! - [Passwords and File Permissions](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/passwords.md): Plaintext passwords vs. password hashes - [SSH Keys](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/ssh-keys.md): id\_rsa, id\_rsa.pub, authorized\_keys - [Sudo](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/sudo.md): sudo -l - [SUID](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/suid.md): find / -perm -u=s -type f 2>/dev/null - [Capabilities](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/capabilities.md): "Better" than SUID but vulnerable in the same way - [Cron Jobs](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/cron-jobs.md): /etc/crontab - [NFS Root Squashing](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/nfs-root-squashing.md): no\_root\_sqush - [Docker](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/docker.md): docker run -v /:/mnt --rm -it bash chroot /mnt sh - [GNU C Library](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/gnu-c-library.md): ldd --version - [Exim](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/exim.md): which exim - [Linux Privilege Escalation Course Capstone](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/linux-privilege-escalation/linux-privilege-escalation-course-capstone.md): Five boxes from TryHackMe - [Windows Privilege Escalation](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation.md) - [Manual Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/manual-enumeration.md): System, user, network, password, and AV - [Automated Tools](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/tools.md): WinPEAS! - [Kernel Exploits](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/kernel-exploits.md): Kitrap0d! - [Passwords and Port Forwarding](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/passwords-and-port-forwarding.md): plink.exe - [WSL](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/windows-subsystem-for-linux.md): Windows Subsystem for Linux - [Token Impersonation and Potato Attacks](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/token-impersonation-and-potato-attacks.md) - [Meterpreter getsystem](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/meterpreter-getsystem.md): Easy win??? Not really. - [Runas](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/runas.md) - [UAC Bypass](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/uac-bypass.md) - [Registry](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/registry.md) - [Executable Files](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/executable-files-1.md) - [Startup Applications](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/startup-applications.md) - [DLL Hijacking](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/dll-hijacking.md) - [Service Permissions (Paths)](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/service-permissions-paths.md) - [CVE-2019-1388](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/cve-2019-1388.md) - [HiveNightmare](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/hivenightmare.md): aka SeriousSam or CVE-2021–36934 - [Bypass Space Filter](https://ret2basic.gitbook.io/ctfnote/red-teaming/privilege-escalation/windows-privilege-escalation/crazy-stuff.md): C:\PROGRA~2 - [Post Exploitation](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation.md) - [Linux Post Exploitation](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/linux-post-exploitation.md) - [Add a User](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/linux-post-exploitation/add-a-user.md) - [SSH Key](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/linux-post-exploitation/ssh-key.md) - [Windows Post Exploitation](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/windows-post-exploitation.md) - [windows-resources](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/windows-resources.md) - [Add a User](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/add-a-user.md) - [RDP](https://ret2basic.gitbook.io/ctfnote/red-teaming/post-exploitation/windows-post-exploitation/rdp.md) - [Pivoting](https://ret2basic.gitbook.io/ctfnote/red-teaming/pivoting.md) - [Windows: Chisel](https://ret2basic.gitbook.io/ctfnote/red-teaming/pivoting/windows-chisel.md) - [Linux: sshuttle](https://ret2basic.gitbook.io/ctfnote/red-teaming/pivoting/linux-sshuttle.md) - [Active Directory (AD)](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad.md) - [Initial Compromise](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise.md) - [HTA Phishing](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise/hta-phishing.md) - [VBA Macro Phishing](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise/vba-macro-phishing.md) - [LLMNR Poisoning](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise/llmnr-poisoning.md) - [SMB Relay](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise/smb-relay.md) - [GPP / cPassword](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/initial-compromise/gpp-cpassword.md): gpp-decrypt - [Domain Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/domain-enumeration.md) - [Manual Enumeration](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/domain-enumeration/manual-enumeration.md) - [PowerView](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/domain-enumeration/powerview.md) - [BloodHound](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/domain-enumeration/bloodhound.md) - [Lateral Movement](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement.md) - [PsExec](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/psexec.md) - [WMI](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/wmi.md) - [Runas](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/runas.md) - [Pass the Hash](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/pass-the-hash.md) - [Overpass the Hash](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/overpass-the-hash.md) - [Pass the Ticket](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/lateral-movement/pass-the-ticket.md) - [Kerberos](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/kerberos.md) - [Kerberoast](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/kerberos/kerberoast.md) - [AS-REP Roast](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/kerberos/as-rep-roast.md) - [MS SQL Server](https://ret2basic.gitbook.io/ctfnote/red-teaming/active-directory-ad/ms-sql-server.md) - [Command & Control (C2)](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2.md) - [Cobalt Strike](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike.md) - [Bypassing Defences](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences.md) - [Artifact Kit](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/artifact-kit.md) - [Resource Kit](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/resource-kit.md) - [AMSI Bypass](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/amsi-bypass.md) - [PowerPick](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/bypassing-defences/powerpick.md) - [Extending Cobalt Strike](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike.md) - [Elevate Kit](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike/elevate-kit.md) - [Malleable C2 Profile](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/cobalt-strike/extending-cobalt-strike/malleable-c2-profile.md) - [Metasploit](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/metasploit.md) - [Payloads](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/metasploit/payloads.md) - [Post Exploitation](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/metasploit/post-exploitation.md) - [Automation](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/metasploit/automation.md) - [C2 Development](https://ret2basic.gitbook.io/ctfnote/red-teaming/command-and-control-c2/c2-development.md) - [Malware Development](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development.md) - ["Hot Dropper"](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/hot-dropper.md) - [PE Format](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/pe-format.md) - [Overview](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/pe-format/overview.md) - [Process Injection](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/process-injection.md) - [Reflective DLL](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/reflective-dll.md) - [x86 <=> x64](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/x86-less-than-greater-than-x64.md) - [Hooking](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/hooking.md) - [VeraCry](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/veracry.md) - [Offensive C#](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/offensive-c.md) - [AV Evasion](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/av-evasion.md) - [AV Evasion with C# and PowerShell](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/av-evasion/av-evasion-with-c-and-powershell.md) - [AMSI Bypass](https://ret2basic.gitbook.io/ctfnote/red-teaming/malware-development/av-evasion/amsi-bypass.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ret2basic.gitbook.io/ctfnote/red-teaming.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.