bump

Enumeration/SMB.md

@@ -1,5 +1,7 @@
 # SMB
 
+Start your enumeration with [enum4linux](https://github.com/CiscoCXSecurity/enum4linux.git) or alternative tools to get possible usernames and groups.
+
 ## SMBClient
 
 * Use `smbclient` to list the share
@@ -27,11 +29,13 @@ smbmap -u "admin" -p "password" -H "10.10.10.10" -x 'ipconfig'
 ## Enumerate Domain Users
 
 List users of the domain through leaked credentials of an SMB user
+
 ```sh
 crackmapexec smb example.com -u lowperm_user -p 'securepassword!' --users
 ```
 
 Continue trying the found password on the users discovered in the step before
+
 ```sh
 crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue-on-success
 ```
@@ -39,6 +43,16 @@ crackmapexec smb example.com -u domain_users.txt -p 'securepassword!' --continue
 ## Enumerate Writeable SMB shares
 
 List writeable SMB shares for found domain users via impacket's psexec
+
 ```sh
 psexec.py example.com/domain.user@example.com
 ```
+
+## Download Directories
+
+Single files can be downloaded by any client like smbclient via `get`.
+Directories can be downloaded via 
+
+```sh
+smbget -R smb://$TARGET_IP/directory
+```

Enumeration/Websites.md

@@ -60,7 +60,7 @@ Fuzz HTTP POST values in the following way
 ffuf -u http://<IP> -c -w /usr/share/seclists/Passwords/Leaked-Databases/hak5.txt -X POST -d 'uname=Dummy&passwd=FUZZ&submit=Submit' -fs 1435 -H 'Content-Type: application/x-www-form-urlencoded'
 ```
 
-#### Fuzz Users and use Bruteforce
+#### Fuzz Users and Use Bruteforce
 
 Fuzz users and write the results to a file as output
 
@@ -92,6 +92,14 @@ ffuf -u http://test.com -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1m
 
 * `-replay-proxy <IP>` or `-x <ProxyIP>`
 
+#### FUZZ Saved Request
+
+A stored request can be fuzzed using ffuf, remember to set the parameter value you want to fuzz to `FUZZ` inside the file.
+
+```sh
+ffuf -request req.txt -w pin.txt -fs 89 -t 70 > output
+```
+ 
 ### Gobuster
 
 [Repo](https://github.com/OJ/gobuster.git)