pentest.blog Open in urlscan Pro
104.21.83.51 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Submission: On May 07 via api (May 7th 2021, 12:20:40 am UTC) from CA

Summary HTTP 75 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 19 IPs in 3 countries across 11 domains to perform 75 HTTP transactions. The main IP is 104.21.83.51, located in San Francisco, United States and belongs to CLOUDFLARENET, US. The main domain is pentest.blog.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 29th 2020. Valid for: a year.

This is the only time pentest.blog was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	104.21.83.51 104.21.83.51	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:813::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:811::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:829::200e	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:802::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
3	199.232.196.134 199.232.196.134	54113 (FASTLY) (FASTLY)
2	2a00:1450:400... 2a00:1450:4001:808::200e	15169 (GOOGLE) (GOOGLE)
3	192.0.77.48 192.0.77.48	2635 (AUTOMATTIC) (AUTOMATTIC)
12	2606:4700::68... 2606:4700::6812:a813	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	151.101.128.134 151.101.128.134	54113 (FASTLY) (FASTLY)
6	151.101.114.49 151.101.114.49	54113 (FASTLY) (FASTLY)
2	2a03:2880:f00... 2a03:2880:f008:8:face:b00c:0:1	32934 (FACEBOOK) (FACEBOOK)
2	2a00:1450:400... 2a00:1450:4001:802::200e	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::200d	15169 (GOOGLE) (GOOGLE)
1	2a03:2880:f10... 2a03:2880:f108:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2a00:1450:400... 2a00:1450:4001:803::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:802::200d	15169 (GOOGLE) (GOOGLE)
75	19

29 104.21.83.51 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

pentest.blog	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:813::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:829::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:802::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 199.232.196.134 (United States)

ASN54113 (FASTLY, US)

pentestblog.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
referrer.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.77.48 (United States)

ASN2635 (AUTOMATTIC, US)
PTR: s.w.org

s.w.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:a813 (United States)

ASN13335 (CLOUDFLARENET, US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.101.128.134 (United States)

ASN54113 (FASTLY, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 151.101.114.49 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

a.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f008:8:face:b00c:0:1 (Milan, Italy)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

apis.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f108:83:face:b00c:0:25de (Milan, Italy)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ssl.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:802::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	pentest.blog pentest.blog	554 KB
18	disquscdn.com c.disquscdn.com a.disquscdn.com	513 KB
8	disqus.com pentestblog.disqus.com disqus.com referrer.disqus.com	66 KB
5	gstatic.com fonts.gstatic.com ssl.gstatic.com	117 KB
4	google.com apis.google.com accounts.google.com	40 KB
3	w.org s.w.org	2 KB
3	google-analytics.com www.google-analytics.com	19 KB
2	facebook.net connect.facebook.net	64 KB
1	facebook.com www.facebook.com
1	googletagmanager.com www.googletagmanager.com	35 KB
1	googleapis.com fonts.googleapis.com	1 KB
75	11

	Domain	Requested by
29	pentest.blog	pentest.blog
12	c.disquscdn.com	pentestblog.disqus.com disqus.com c.disquscdn.com
6	a.disquscdn.com	c.disquscdn.com
5	disqus.com	pentestblog.disqus.com c.disquscdn.com
4	fonts.gstatic.com	fonts.googleapis.com
3	s.w.org	pentest.blog
3	www.google-analytics.com	pentest.blog www.google-analytics.com
2	accounts.google.com	apis.google.com ssl.gstatic.com
2	apis.google.com	c.disquscdn.com apis.google.com
2	connect.facebook.net	c.disquscdn.com connect.facebook.net
2	pentestblog.disqus.com	pentest.blog
1	referrer.disqus.com
1	ssl.gstatic.com	accounts.google.com
1	www.facebook.com	c.disquscdn.com
1	www.googletagmanager.com	pentest.blog
1	fonts.googleapis.com	pentest.blog
75	16

This site contains links to these domains. Also see Links.

Domain
msdn.microsoft.com
www.rapid7.com
www.microsoft.com
technet.microsoft.com
www.virustotal.com
www.invictuseurope.com
github.com
www.mehmetince.net
blog.feedspot.com
colorlib.com
wordpress.org

Subject Issuer	Validity	Valid
pentest.blog Cloudflare Inc ECC CA-3	`2020-08-29` - `2021-08-29`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2020-04-20` - `2022-05-09`	2 years	crt.sh
*.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh
*.w.org Sectigo RSA Domain Validation Secure Server CA	`2019-12-19` - `2021-12-18`	2 years	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2020-08-15` - `2021-08-15`	a year	crt.sh
*.disquscdn.com GlobalSign Atlas R3 DV TLS CA 2020	`2021-03-22` - `2022-04-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2021-04-06` - `2021-07-03`	3 months	crt.sh
*.apis.google.com GTS CA 1C3	`2021-04-13` - `2021-07-06`	3 months	crt.sh
accounts.google.com GTS CA 1O1	`2021-04-13` - `2021-07-06`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
Frame ID: 0DA3ED02BDF7BC31A8DB8BB76D41ADF9
Requests: 47 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
Frame ID: CDC8E5050981BCE0F49CEC9C76646B53
Requests: 26 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: EE4F82FC4BA993E3B6F6C6E4FC2E364D
Requests: 3 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Page Statistics

75
Requests

100 %
HTTPS

72 %
IPv6

11
Domains

16
Subdomains

19
IPs

3
Countries

1411 kB
Transfer

3250 kB
Size

5
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682425(v=vs.85).aspx
Title: this article

Search URL Search Domain Scan URL

URL: https://www.rapid7.com/db/modules/exploit/windows/local/trusted_service_path
Title: exploit/windows/local/trusted_service_path

Search URL Search Domain Scan URL

URL: https://www.microsoft.com/en-us/download/details.aspx?id=23510
Title: SubInACL

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/sysinternals/accesschk.aspx
Title: AccessChk

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
Title: SysInternals Suite

Search URL Search Domain Scan URL

URL: https://www.rapid7.com/db/modules/exploit/windows/local/service_permissions
Title: exploit/windows/local/service_permissions

Search URL Search Domain Scan URL

URL: https://www.rapid7.com/db/modules/exploit/windows/local/always_install_elevated
Title: exploit/windows/local/always_install_elevated

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/ff919712(v=vs.85).aspx
Title: This

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx
Title: Dynamic-Link Library Search Order

Search URL Search Domain Scan URL

URL: https://technet.microsoft.com/en-us/sysinternals/processmonitor.aspx
Title: Procmon

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/tr/file/c904c6a47434e67fe10064964619d2d0568b1976e6e3ccacccf87d8e7d7d1732/analysis/1484771308/
Title: flagged by almost all Anti-Viruses

Search URL Search Domain Scan URL

URL: https://www.invictuseurope.com/

Search URL Search Domain Scan URL

URL: https://github.com/EgeBalci
Title: Ege Balci

Search URL Search Domain Scan URL

URL: http://www.mehmetince.net/
Title: Mehmet İnce

Search URL Search Domain Scan URL

URL: https://blog.feedspot.com/pentest_blogs/

Search URL Search Domain Scan URL

URL: http://colorlib.com/
Title: Colorlib

Search URL Search Domain Scan URL

URL: http://wordpress.org/
Title: WordPress

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

75 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
pentest.blog/windows-privilege-escalation-methods-for-pentesters/ 88 KB
20 KB 300ms
190ms Document
text/html 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1bfb6f2343446cef6183476a8e72ac1833ca9e9375f03dcee452b1ba08ab72d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:method: GET
:authority: pentest.blog
:scheme: https
:path: /windows-privilege-escalation-methods-for-pentesters/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: none
sec-fetch-mode: navigate
sec-fetch-user: ?1
sec-fetch-dest: document
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822; expires=Sun, 06-Jun-21 00:20:22 GMT; path=/; domain=.pentest.blog; HttpOnly; SameSite=Lax
link: <https://pentest.blog/wp-json/>; rel="https://api.w.org/" <https://pentest.blog/wp-json/wp/v2/posts/454>; rel="alternate"; type="application/json" <https://pentest.blog/?p=454>; rel=shortlink
x-frame-options: SAMEORIGIN
x-xss-protection: 1
cf-cache-status: DYNAMIC
cf-request-id: 09e5cb77c800004c6db02a5000000001
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
report-to: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=eFNBlTZ5BAxC0%2Bq%2F%2FxxNc4ENn75LXm7I%2BUNPwfg%2BBTmBHu2d2jyKfUyP2hgDxqPxAN744C7WRIoSmEUt5PMp3vfD7ecT%2BzLN4iiD1Tc%3D"}]}
nel: {"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=15552000; includeSubDomains; preload
server: cloudflare
cf-ray: 64b648393e0a4c6d-AMS
content-encoding: br
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400

GET
H3-29 200 0I43Bxg6NSCFiP6ZrmEK6USGESM.js Show response
pentest.blog/cdn-cgi/apps/head/ 7 KB
3 KB 120ms
61ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

81bc56a45a26c9708def87a97e682483fcb6b959b492aca792b1f57b7df0096c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

:path: /cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1173757
content-type: application/javascript; charset=utf-8
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 55GVAXP3F054ZYZ7
x-amz-id-2: 16s9ApR0rC54fchFZj4Nd8NNCd8nXKF2Rc2tkhadGM/hULRvzswJu9vsdQ3eMVXhL7jjcS7WHpA=
last-modified: Tue, 12 Sep 2017 11:59:56 GMT
server: cloudflare
etag: W/"fbf1f72c31c7fa28593a2cd1956ffe53"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=tpvryIr8mTw0cV1oy04PxWnRC8M%2BbeDAn0MdmY4PStW26Ss8Iidy96njRUleQNA%2B5E%2FSZ6pR%2BGNOcLonLAVzhHKlM6FXZCEr5m9OSAM%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: kepm_nuPj0cUSjPrZMbiua9zwlPiWeF6
cache-control: public, max-age=31536000
cf-request-id: 09e5cb78c700001eb5f5284000000001
cf-ray: 64b6483add521eb5-AMS

GET
H3-29 200 style.min.css
pentest.blog/wp-includes/css/dist/block-library/ 57 KB
8 KB 121ms
62ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/css/dist/block-library/style.min.css?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/css/dist/block-library/style.min.css?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c500001eb5ce357000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-e358"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=5g61PezG04cCeytgAeC75gOkr%2FiC6h4WI7nhtRVRb7bRo0QPmxHxwy9E8U8NxOCHe1HZM7h4%2F6Pr3HsnncXbN05%2B0oRaRa5%2FFO3DjYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add4b1eb5-AMS

GET
H3-29 200 bootstrap.min.css
pentest.blog/wp-content/themes/sparkling/assets/css/ 118 KB
18 KB 173ms
114ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c800001eb5f4861000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-1d970"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=XnGuz0ndvXNFrh2EjkYIzvQwofWeZ%2B8yHKuNAzgWQ1IzcESml9KiMRZGNtNFQC8BlnjfQ6hsMA2VoR1Gf0%2FG2X77aI78ppwK0JkYxvw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add561eb5-AMS

GET
H3-29 200 fontawesome-all.min.css
pentest.blog/wp-content/themes/sparkling/assets/css/ 38 KB
8 KB 172ms
113ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3bce9f7694e1e5ae61f21bdf51af4e502ced317f0471b6b3609b3000dd3d408

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c700001eb5fd304000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-9697"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HIOS28omjxM3%2FA%2FgtCcopEdtd%2BKeNX%2BHx8ftPr92BFFbOVkiCReSs6uN5NITDJnhKVyvbnkG2DFArUIHB8%2F9LIWyy5R6ih2PvMlhXOo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add551eb5-AMS

GET
H2 200 css
fonts.googleapis.com/ 14 KB
1 KB 30ms
28ms Stylesheet
text/css 2a00:1450:4001:813::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

70f45edb4312dd24f37106cd7503989dcf72662e74c704dc3c8b7b696981c49b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Thu, 06 May 2021 23:58:50 GMT
server: ESF
date: Fri, 07 May 2021 00:20:22 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 07 May 2021 00:20:22 GMT

GET
H3-29 200 style.css
pentest.blog/wp-content/themes/sparkling/ 36 KB
7 KB 329ms
271ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/style.css?ver=2.4.2

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7b11eb90259a2ae13dbaf0d042b8fd154e57e4abffb629d7ca9509f6f6f996a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/style.css?ver=2.4.2
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
cf-polished: origSize=50725
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c700001eb5298b4000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-c625"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=2TNLPn66USphb6yuVEC8Him8ITkaZ7Ixia4dNDh343evNlTnUBu3bHjHezb3teUialcj8HwIsdu%2F0XPwOZqB7hi0m8r6%2FqqNMq1zgyI%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add531eb5-AMS
cf-bgj: minify

GET
H3-29 200 enlighterjs.min.css
pentest.blog/wp-content/plugins/enlighter/cache/ 78 KB
9 KB 171ms
113ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=AnSUBgw4zD87Qup

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/plugins/enlighter/cache/enlighterjs.min.css?ver=AnSUBgw4zD87Qup
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c700001eb5f985f000000001
last-modified: Fri, 19 Mar 2021 12:50:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549e26-13686"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=A2Hxm6cs4LxWn%2BdIW5p5QEMerg3IUFXAD9hE2Vfkta5QDZ5wBKcOJGv1qpyYCZbDQoM7BvmZcth0gB1aH%2B3bDHvvtcFMftH9UJ5%2FYEY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add541eb5-AMS

GET
H3-29 200 jquery.min.js Show response
pentest.blog/wp-includes/js/jquery/ 87 KB
30 KB 330ms
272ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/js/jquery/jquery.min.js?ver=3.5.1

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/js/jquery/jquery.min.js?ver=3.5.1
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78cc00001eb5f4862000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-15d98"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=v3WdfXqjV9TI18ue6Se0E%2FeZ8npfIW0CbYAmVMPrasJo4nTi%2FYXO67JfWeIErOFYw8cQMcoB7%2Bpo4LcSxJY%2F0gd%2FwC7xc%2Boga9JIq3I%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add571eb5-AMS

GET
H3-29 200 jquery-migrate.min.js Show response
pentest.blog/wp-includes/js/jquery/ 11 KB
4 KB 117ms
60ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c600001eb512b38000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-2bd8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=1efP%2BO0sbyGF%2FSRSj%2FOoP%2FxM%2BS4iK7wrK29qa3hqeZlotWQi0mie3c7Ym8GD%2BepF88nRKDp%2Fsh%2FSj6n2lA77dch7gO2NlSnO7zaRTec%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add4f1eb5-AMS

GET
H3-29 200 bootstrap.min.js Show response
pentest.blog/wp-content/themes/sparkling/assets/js/vendor/ 36 KB
10 KB 223ms
166ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/js/vendor/bootstrap.min.js?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/assets/js/vendor/bootstrap.min.js?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c600001eb5d4aec000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-90b5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=h94dFIrWebHgtf6Nt38sVkHtBhpSJRJ79kmktjvxhETIWUuLs8055HOigBsEW4qIs%2F5O%2FIrocIFDbxqR1pfFau7UvrV2%2BIpjAwITtI4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add4e1eb5-AMS

GET
H3-29 200 functions.js Show response
pentest.blog/wp-content/themes/sparkling/assets/js/ 2 KB
1 KB 118ms
62ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/js/functions.js?ver=20180503

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a70001940d43804b9ce5a960780ca25aca8df10800126046fe4e9634e309aad3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/assets/js/functions.js?ver=20180503
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
cf-polished: origSize=2473
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c600001eb5ed350000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-9a9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=bojIiQreiPKZXWK%2FCxsM3b4C0u8%2FilTTN97ZYOwIrVFIe%2BQQ6PUNqBoWzgm8rOd2nv%2FX2dV0F%2Ft8OfxeSGHIU2PbvhL%2FANzPC3rZ9t4%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add501eb5-AMS
cf-bgj: minify

GET
H3-29 200 asciinema-player.js Show response
pentest.blog/wp-content/asciinema/ 564 KB
128 KB 219ms
166ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/asciinema/asciinema-player.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

31b816eb40dd68ec64b697c2f87018a94a875c7c88a372689ba7d07e691e7e8d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/asciinema/asciinema-player.js
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
cf-polished: origSize=582376
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c600001eb5ec3aa000000001
last-modified: Wed, 21 Feb 2018 19:45:31 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5a8dcc5b-8e2e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=rs50dk2MkKhP9%2F%2BWW0MWktEnZsG8gGpeGQYyjeOmxv5VzHyde9dRXe1Zot%2BOYkmpI5zmwEPKkvJiNSAK%2BjhkjVzWtiiS3ABguiGFu4U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add511eb5-AMS
cf-bgj: minify

GET
H3-29 200 asciinema-player.css
pentest.blog/wp-content/asciinema/ 42 KB
5 KB 218ms
166ms Stylesheet
text/css 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/asciinema/asciinema-player.css

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c0568923127c7ec9017ee440b069d4dd0f964388dd29555d1a01c223bc01746b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/asciinema/asciinema-player.css
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: text/css,*/*;q=0.1
cache-control: no-cache
sec-fetch-dest: style
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:22 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
cf-polished: origSize=50722
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb78c500001eb5cd2de000000001
last-modified: Wed, 21 Feb 2018 19:45:25 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5a8dcc55-c622"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=Y4IwtHLGa%2Bezk9p1I4BlaHPacjHiT8hV08HPcduV%2FhIaz5jxp1jcEFmAJjFw9oEqSzmrLyC51aHllpQRU%2BtVp6bu5DZearVUXIKmwcw%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483add4d1eb5-AMS
cf-bgj: minify

GET
H3-29 200 pentestblog-color-e1508706802866.png
pentest.blog/wp-content/uploads/ 25 KB
25 KB 65ms
63ms Image
image/png 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentest.blog/wp-content/uploads/pentestblog-color-e1508706802866.png

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5706a629c5d91a9d57fbd64b44829d7186ce3e513a732ce7062828cf29457f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/uploads/pentestblog-color-e1508706802866.png
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6854
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 25113
cf-request-id: 09e5cb7a7500001eb5042ce000000001
last-modified: Sun, 22 Oct 2017 21:13:22 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "59ed09f2-6219"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=%2B4MYj3v%2BxrC9WCd6%2BbhJT7ahOD%2F5%2BnPsdjMw%2FYta77tkAsFcI2qdKvjz6aJNULi92UqqgrzCBF4Q5JnAmkZQs6nkY99wxTOktNZ9GMY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483d8f5e1eb5-AMS

GET
H3-29 200 Mg6EYwIk_400x400.jpg
pentest.blog/wp-content/uploads/ 24 KB
25 KB 62ms
60ms Image
image/jpeg 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentest.blog/wp-content/uploads/Mg6EYwIk_400x400.jpg

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a4d5d17019ea0b43378cf13376e6e8f2059f47cf5e66074dd208f417543cf3d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/uploads/Mg6EYwIk_400x400.jpg
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6854
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 24986
cf-request-id: 09e5cb7a7500001eb516037000000001
last-modified: Fri, 09 Apr 2021 10:11:21 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "60702849-619a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=boBZs6sZLLKMRMNxWBylu0wCunlrwlWx5uPE4iknvSE6BZzP88FlW0tmyRIQoMeZCeqGMGafh%2FyPEJFgqpJGzBbOb6jJtrqwm4rwyNQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483d8f5f1eb5-AMS

GET
H3-29 200 pentest_1000px.png
pentest.blog/wp-content/uploads/ 60 KB
61 KB 67ms
64ms Image
image/png 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentest.blog/wp-content/uploads/pentest_1000px.png

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

17041df2bda03e102abe51f82147a6c987d346b4e4e19525b5085e9056e55947

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/uploads/pentest_1000px.png
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6854
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 61349
cf-request-id: 09e5cb7a7500001eb5d2b9c000000001
last-modified: Mon, 19 Mar 2018 14:43:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5aafcc9c-efa5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=MMJrT90zs28C1tqc5KSkATOSOdHobQ5nxFZ2cDYDgNC2xU4sxupJgoBw7ENKlL5KX2JM2k1f7ut9WmAMdjC3stXG2GHACVRL1GkPEQY%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483d8f601eb5-AMS

GET
H3-29 200 email-decode.min.js Show response
pentest.blog/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
1 KB 55ms
54ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

:path: /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
nel: {"max_age":604800,"report_to":"cf-nel"}
vary: Accept-Encoding
cf-request-id: 09e5cb79e000001eb5b831d000000001
last-modified: Fri, 30 Apr 2021 09:06:15 GMT
server: cloudflare
x-frame-options: DENY
etag: W/"608bc887-4d7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=OYmt5AH9sxczLosZ24JAw7jDqO4th13lhrD73d6ldjIjqqClkfM%2BE6RNIlF7gvssoEWBomZM6hGjQjfWMM42U7uvWRVLSVPsyqaZUk0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: max-age=172800 public
cf-ray: 64b6483c9eb01eb5-AMS
expires: Sun, 09 May 2021 00:20:23 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 88 KB
35 KB 40ms
37ms Script
application/javascript 2a00:1450:4001:811::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-88100923-1

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

746eb68201ea9e457d24cb923fbe3f0b8586cf0613d2f91fba21b724e018a105

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 35717
x-xss-protection: 0
last-modified: Fri, 07 May 2021 00:00:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 07 May 2021 00:20:23 GMT

GET
H3-29 200 comment_count.js Show response
pentest.blog/wp-content/plugins/disqus-comment-system/public/js/ 708 B
935 B 62ms
61ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
cf-polished: origSize=889
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb79f100001eb512b42000000001
last-modified: Fri, 19 Mar 2021 12:50:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549e20-379"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HFqImwtxkC6kIbufiXYth05ivhkQX06D6E0%2BanWccWJaZxnPjxZGs%2FyBscAie5nq413p98sNQAZwwU1k1Tq21p5tQl8JE97O1NdZsQw%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483cbec91eb5-AMS
cf-bgj: minify

GET
H3-29 200 comment_embed.js Show response
pentest.blog/wp-content/plugins/disqus-comment-system/public/js/ 828 B
922 B 61ms
58ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
cf-polished: origSize=1150
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7400001eb5f1b3c000000001
last-modified: Fri, 19 Mar 2021 12:50:40 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549e20-47e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=9%2B00kpUwqnrzCorRexM4H5t%2FG8XYh6%2BWtC4K3OzRzpuv1PtGz9QHxR9q4Y4zKE%2BLiWjTIYogjidjgMy%2B8LHgOSpCuVpz5YuXEjvCXD8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f581eb5-AMS
cf-bgj: minify

GET
H3-29 200 skip-link-focus-fix.min.js Show response
pentest.blog/wp-content/themes/sparkling/assets/js/ 543 B
833 B 61ms
58ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/js/skip-link-focus-fix.min.js?ver=20140222

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2123b61f26a87c608f5e339df52bb4bf85dfa17718ee83b80e9b869e07c9a447

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/themes/sparkling/assets/js/skip-link-focus-fix.min.js?ver=20140222
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7400001eb5ba059000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"5cb46aae-21f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=UumTA6Chh50%2BXg%2ByzxMuauNBF4Y2%2FSUBzR2e3Ty%2Fdr3ATRE0GJg6vZNFaaZHfBG9R%2FtUC9RSXW5iaOarDmE3SyjTbG7nrCcR3ECROX8%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f591eb5-AMS

GET
H3-29 200 comment-reply.min.js Show response
pentest.blog/wp-includes/js/ 3 KB
2 KB 61ms
58ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/js/comment-reply.min.js?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/js/comment-reply.min.js?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7400001eb52c012000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-ba6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=LkVFGRh3UpYMuhzBL3ZbUldaS%2BzM0OrIsC7V0ZjaACOn%2F1soSHQ82MY73%2Fc%2By5llYHbVdxig9tpW1LZ8Dt8u9mJe1rbRS1qM44FlFlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f5a1eb5-AMS

GET
H3-29 200 enlighterjs.min.js Show response
pentest.blog/wp-content/plugins/enlighter/cache/ 57 KB
16 KB 67ms
64ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=AnSUBgw4zD87Qup

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/plugins/enlighter/cache/enlighterjs.min.js?ver=AnSUBgw4zD87Qup
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7500001eb50839a000000001
last-modified: Fri, 19 Mar 2021 12:50:46 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549e26-e33f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=a0PFKDjnSutPz0HrD9Qn%2BVPhkeIRYaxLX%2BUSpvfmiKHhbp%2FdH%2B84ijZwWLDGDsTDCyw3kh0p9it%2Ber4NeWKg2pmKxU512jh2cMonw0U%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f5c1eb5-AMS

GET
H3-29 200 wp-embed.min.js Show response
pentest.blog/wp-includes/js/ 1 KB
1 KB 63ms
61ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/js/wp-embed.min.js?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/js/wp-embed.min.js?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7500001eb5db33c000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-592"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=H%2FgXGOHWJTDvzofwe9eUgrnX0ifdN7fXXvLe9%2BffCXarVqpWAYWNb%2FjD98rAx8LWIyZ3QIgMNX3%2FOxgVzW2sOwTD0onluznhuLMt7qc%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f5d1eb5-AMS

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 48 KB
19 KB 8ms
5ms Script
text/javascript 2a00:1450:4001:829::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:829::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 09 Apr 2021 23:59:54 GMT
server: Golfe2
age: 6811
date: Thu, 06 May 2021 22:26:52 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19569
expires: Fri, 07 May 2021 00:26:52 GMT

GET
H3-29 200 1TvIEVAY9L_dEaYOUISH6JZQX-g.js Show response
pentest.blog/cdn-cgi/apps/body/ 12 KB
6 KB 60ms
58ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/cdn-cgi/apps/body/1TvIEVAY9L_dEaYOUISH6JZQX-g.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/cdn-cgi/apps/head/0I43Bxg6NSCFiP6ZrmEK6USGESM.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d38f3ca3272d3a47bcfa9fe9cb8268eae714759453f56151b898394b24c6889

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload

Request headers

:path: /cdn-cgi/apps/body/1TvIEVAY9L_dEaYOUISH6JZQX-g.js
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 1173657
content-type: application/javascript; charset=utf-8
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
x-amz-request-id: 5M6JJ0JC4BFQ25FA
x-amz-id-2: gQXOsIPxo3/UBD6plau2CNK9I9GpDyMr3WvMGvN+bSDobiNM1gGl9aKG/jjpwsZor6fwdQUYnxQ=
last-modified: Tue, 12 Sep 2017 11:59:56 GMT
server: cloudflare
etag: W/"c317e28980ce201e285ef126ee343d24"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=PMQcRs7ZUgAHqNRhGBNj1smlVUNrbqxF9iyw1SO26601yd5vk27exW3hZ7wZmXq5VAmzNrD737gvWjUo20C8FqqpLeDTGvx6zUgNPUo%3D"}],"group":"cf-nel","max_age":604800}
x-amz-version-id: 5cG.we8.asHaEAHdIRNtrF8iFr.KsTVB
cache-control: public, max-age=31536000
cf-request-id: 09e5cb7a7500001eb5d1b24000000001
cf-ray: 64b6483d8f611eb5-AMS

GET
H3-29 200 wp-emoji-release.min.js Show response
pentest.blog/wp-includes/js/ 14 KB
5 KB 62ms
60ms Script
application/javascript 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-includes/js/wp-emoji-release.min.js?ver=5.7

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-includes/js/wp-emoji-release.min.js?ver=5.7
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: */*
cache-control: no-cache
sec-fetch-dest: script
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: br
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6905
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 09e5cb7a7500001eb5bf3a6000000001
last-modified: Fri, 19 Mar 2021 12:50:06 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: W/"60549dfe-3795"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=iMZ8s3c9KWot61%2BTwliLw372diyOHZ2%2Br0vkjQp3mSUHjsF%2F6W0WZ9D5ul%2FZHQD6ULw8Wi00hYModyhA9UQSgErIEnmaIvAOPo5fQ5w%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
x-xss-protection: 1
cache-control: max-age=43200
cf-ray: 64b6483d8f621eb5-AMS

GET
H2 200 mem8YaGs126MiZpBA-UFVZ0b.woff2
fonts.gstatic.com/s/opensans/v18/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFVZ0b.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pentest.blog
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 01:50:37 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:22 GMT
server: sffe
age: 253786
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 14380
x-xss-protection: 0
expires: Wed, 04 May 2022 01:50:37 GMT

GET
H2 200 BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2
fonts.gstatic.com/s/robotoslab/v13/ 39 KB
39 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotoslab/v13/BngMUXZYTXPIvIBgJJSb6ufN5qU.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

8c79f09d1e74eadaf897561f5d70265ed2884663d34ad9c4d7f2aebff3b85a6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pentest.blog
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Thu, 28 Jan 2021 22:03:59 GMT
server: sffe
age: 30976
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39440
x-xss-protection: 0
expires: Fri, 06 May 2022 15:44:07 GMT

GET
H3-29 200 fa-solid-900.woff2
pentest.blog/wp-content/themes/sparkling/assets/fonts/ 44 KB
45 KB 107ms
107ms Font
application/octet-stream 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/fonts/fa-solid-900.woff2

Requested by

Host: pentest.blog
URL: https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

79279c8900d692d54bd3468993728088da3a33f5eabe667637554d3811000837

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

sec-fetch-mode: cors
origin: https://pentest.blog
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
:path: /wp-content/themes/sparkling/assets/fonts/fa-solid-900.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pentest.blog
referer: https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://pentest.blog
Referer: https://pentest.blog/wp-content/themes/sparkling/assets/css/fontawesome-all.min.css?ver=5.1.1.
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 45128
cf-request-id: 09e5cb7a7e00001eb5c2367000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5cb46aae-b048"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=0Tub%2B8qwKuZjEuOuLj393cjdVrmCbMJ0y%2FdgtZGEfwdQu%2F5ZS4z7MFa525MA3JmAGaZnk%2BCOS6FhDahKh6wTcUisgDmN68Izq5deMKQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483d9f6d1eb5-AMS

GET
H2 200 mem5YaGs126MiZpBA-UN7rgOUuhp.woff2
fonts.gstatic.com/s/opensans/v18/ 15 KB
15 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:802::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem5YaGs126MiZpBA-UN7rgOUuhp.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pentest.blog
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 20:40:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:11:00 GMT
server: sffe
age: 185985
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15056
x-xss-protection: 0
expires: Wed, 04 May 2022 20:40:38 GMT

GET
H3-29 200 glyphicons-halflings-regular.woff2
pentest.blog/wp-content/themes/sparkling/assets/fonts/ 18 KB
18 KB 106ms
105ms Font
application/octet-stream 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://pentest.blog/wp-content/themes/sparkling/assets/fonts/glyphicons-halflings-regular.woff2

Requested by

Host: pentest.blog
URL: https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

sec-fetch-mode: cors
origin: https://pentest.blog
accept-encoding: gzip, deflate, br
accept-language: en-US
sec-fetch-dest: font
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
:path: /wp-content/themes/sparkling/assets/fonts/glyphicons-halflings-regular.woff2
pragma: no-cache
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: */*
cache-control: no-cache
:authority: pentest.blog
referer: https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
:scheme: https
sec-fetch-site: same-origin
:method: GET
Origin: https://pentest.blog
Referer: https://pentest.blog/wp-content/themes/sparkling/assets/css/bootstrap.min.css?ver=5.7
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6904
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 18028
cf-request-id: 09e5cb7a7e00001eb5c4b9b000000001
last-modified: Mon, 15 Apr 2019 11:27:42 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5cb46aae-466c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=mZL2q%2BNVs4ZramTN8xjL54jfZYpfiwDgUo%2FsZzSRQ%2FyomazrmExjkFloCouQI%2BmsiATGKuKaJiR3t5QtRQJeAB%2BQf2QSwUxTIV0pddA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/octet-stream
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483d9f6e1eb5-AMS

GET
H3-29 200 mem8YaGs126MiZpBA-UFW50bbck.woff2
fonts.gstatic.com/s/opensans/v18/ 11 KB
11 KB 7ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/opensans/v18/mem8YaGs126MiZpBA-UFW50bbck.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans%3A400italic%2C400%2C600%2C700%7CRoboto+Slab%3A400%2C300%2C700&ver=5.7

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Origin: https://pentest.blog
Referer: https://fonts.googleapis.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 15:44:07 GMT
x-content-type-options: nosniff
last-modified: Tue, 15 Sep 2020 18:09:21 GMT
server: sffe
age: 30976
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 11316
x-xss-protection: 0
expires: Fri, 06 May 2022 15:44:07 GMT

GET
H3-29 200 taking-down-windows-nazi-750x410.jpg
pentest.blog/wp-content/uploads/ 60 KB
61 KB 160ms
160ms Image
image/jpeg 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentest.blog/wp-content/uploads/taking-down-windows-nazi-750x410.jpg

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c222de21cd15bd1b3546d7631994d06fa4dbd1a21cbab9938624fd48131a245

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/uploads/taking-down-windows-nazi-750x410.jpg
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
cf-cache-status: MISS
nel: {"max_age":604800,"report_to":"cf-nel"}
strict-transport-security: max-age=15552000; includeSubDomains; preload
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 61398
cf-request-id: 09e5cb7b0500001eb5db341000000001
last-modified: Wed, 18 Jan 2017 22:07:50 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "587fe736-efd6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=ku9XmKhxxqlBDYhLKn1raJ6rQG9vmgqxAe5Y0Z7pOV9H4EZTkliMtjyhq%2BAISWGd0iN06aaaEqvsig932Y%2BD88a%2FhfpFVEkPewaIA6E%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/jpeg
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483e6fd71eb5-AMS

GET
H3-29 200 unquoted_regedit.png
pentest.blog/wp-content/uploads/ 33 KB
34 KB 58ms
58ms Image
image/png 104.21.83.51
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pentest.blog/wp-content/uploads/unquoted_regedit.png

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

104.21.83.51 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1d06b4b1d8fb3e29af8a425cf48533927f3b2ed1cd4c49029197d9a62f0fcd9d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

:path: /wp-content/uploads/unquoted_regedit.png
pragma: no-cache
cookie: __cfduid=d9f977574606a2534714c883371ae95c01620346822
accept-encoding: gzip, deflate, br
accept-language: en-US
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
sec-fetch-mode: no-cors
accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
cache-control: no-cache
sec-fetch-dest: image
:authority: pentest.blog
referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
:scheme: https
sec-fetch-site: same-origin
:method: GET
Referer: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
vary: Accept-Encoding
cf-cache-status: HIT
nel: {"max_age":604800,"report_to":"cf-nel"}
age: 6843
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 34152
cf-request-id: 09e5cb7b0200001eb51603a000000001
last-modified: Wed, 21 Dec 2016 04:05:11 GMT
server: cloudflare
x-frame-options: SAMEORIGIN
etag: "5859ff77-8568"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15552000; includeSubDomains; preload
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=TBsr0aeDBg7UDGvK3RVVrwc519XdR%2BTZUu7jH5RqGXWH0COp9WJOF68Fn8BHjZev%2FME0IpI4S6IoA3afmIPb514U4bJHLnRl20zjLW8%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/png
x-xss-protection: 1
cache-control: max-age=43200
accept-ranges: bytes
cf-ray: 64b6483e6fd81eb5-AMS

GET
H/1.1 200
OK count.js Show response
pentestblog.disqus.com/ 1 KB
2 KB 130ms
38ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://pentestblog.disqus.com/count.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_count.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:23 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 667432
P3P: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Length: 871
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 28 Apr 2021 00:35:24 GMT
Server: nginx
ETag: "6088adcc-367"
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=300
X-Amz-Cf-Pop: DFW3-C1
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
X-Amz-Cf-Id: TJQ1AX1vIBjdkTHJAPEF-DtfS4lRM38gHA4GQndl0G0Nhy50u9QeoQ==

GET
H/1.1 200
OK embed.js Show response
pentestblog.disqus.com/ 73 KB
24 KB 313ms
215ms Script
application/javascript 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://pentestblog.disqus.com/embed.js

Requested by

Host: pentest.blog
URL: https://pentest.blog/wp-content/plugins/disqus-comment-system/public/js/comment_embed.js?ver=3.0.21

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

openresty /

Resource Hash

22f84dc9c2f60b45767285d160ce6c4fab3436b2ed3835bcd6cedbe137235ac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:23 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 24245

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 2 B
22 B 26ms
26ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=126977493&t=pageview&_s=1&dl=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&ul=en-us&de=UTF-8&dt=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters%20%E2%80%93%20Pentest%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=854280161&gjid=1938868877&cid=618968929.1620346824&tid=UA-88100923-1&_gid=1239838043.1620346824&_r=1&_slc=1&z=127585856

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 May 2021 00:20:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pentest.blog
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 2
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 1f609.svg
s.w.org/images/core/emoji/13.0.1/svg/ 1 KB
853 B 128ms
41ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f609.svg

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:31 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f642.svg
s.w.org/images/core/emoji/13.0.1/svg/ 525 B
347 B 128ms
42ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f642.svg

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 1f641.svg
s.w.org/images/core/emoji/13.0.1/svg/ 512 B
361 B 128ms
41ms Image
image/svg+xml 192.0.77.48
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://s.w.org/images/core/emoji/13.0.1/svg/1f641.svg

Requested by

Host: pentest.blog
URL: https://pentest.blog/windows-privilege-escalation-methods-for-pentesters/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.48 , United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

s.w.org

Software

nginx /

Resource Hash

87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 20 Oct 2020 16:13:32 GMT
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=315360000
expires: Thu, 31 Dec 2037 23:55:55 GMT

POST
H3-29 200 collect Show response
www.google-analytics.com/j/ 1 B
21 B 26ms
26ms XHR
text/plain 2a00:1450:4001:808::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j90&a=126977493&t=pageview&_s=1&dl=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&ul=en-us&de=UTF-8&dt=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters%20%E2%80%93%20Pentest%20Blog&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aEDAAUABAAAAAC~&jid=66535304&gjid=2139621618&cid=618968929.1620346824&tid=UA-88100923-1&_gid=1239838043.1620346824&_r=1&gtm=2ou4s0&z=356860129

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 07 May 2021 00:20:23 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://pentest.blog
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lounge.305cef62f65d619287ed5bfd8a11158b.css
c.disquscdn.com/next/embed/styles/ 0
23 KB 29ms
13ms Other
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Requested by

Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 871131
strict-transport-security: max-age=300; includeSubdomains
content-length: 23152
cf-request-id: 09e5cb7c7c000005f975aab000000001
timing-allow-origin: *
last-modified: Mon, 26 Apr 2021 20:08:48 GMT
server: cloudflare
etag: "60871dd0-5a70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64840cc4d05f9-FRA
x-amz-cf-id: fW6uWADQtEZlK-wmDYqb2_bVoI8qEXXQIebuoRmRxeEbg1U5ih8CMg==
expires: Tue, 26 Apr 2022 22:21:32 GMT

GET
H2 200 common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js
c.disquscdn.com/next/embed/ 0
93 KB 30ms
14ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Requested by

Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900256
strict-transport-security: max-age=300; includeSubdomains
content-length: 94786
cf-request-id: 09e5cb7c7c000005f946075000000001
timing-allow-origin: *
last-modified: Tue, 09 Mar 2021 17:57:38 GMT
server: cloudflare
etag: "6047b712-17242"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
cf-ray: 64b64840cc4e05f9-FRA
x-amz-cf-id: iGbO1sC_L2SXajbXh3fns4o9OWy9yuPPlUqsvZKLIHAqbdlN6Dbhow==
expires: Wed, 09 Mar 2022 18:10:09 GMT

GET
H2 200 lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js
c.disquscdn.com/next/embed/ 0
115 KB 72ms
56ms Other
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Requested by

Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 788786
strict-transport-security: max-age=300; includeSubdomains
content-length: 117909
cf-request-id: 09e5cb7c7d000005f93f20f000000001
timing-allow-origin: *
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: cloudflare
etag: "60887bc4-1cc95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64840cc5005f9-FRA
x-amz-cf-id: ETrZZQ2ejsaF6MhaKzELRpOlvmta1CRQ1i4wrUp7rQaahSvj9GaDiQ==
expires: Wed, 27 Apr 2022 21:13:50 GMT

GET
H/1.1 200
OK config.js
disqus.com/next/ 0
12 KB 117ms
38ms Other
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://pentest.blog/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:23 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 54
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11688
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK / Show response
disqus.com/embed/comments/ Frame CDC8 57 KB
12 KB 281ms
270ms Document
text/html 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default

Requested by

Host: pentestblog.disqus.com
URL: https://pentestblog.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

b510b8c3b6d17c4d7155538bf2d5da7cf2f36eb6eca9846224da240898ed3f1d

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://pentest.blog/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://pentest.blog/

Response headers

Connection: keep-alive
Content-Length: 11138
Server: nginx
Content-Type: text/html; charset=utf-8
Content-Security-Policy: script-src https://*.twitter.com:* https://www.gstatic.com/recaptcha/ https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ https://apis.google.com https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ 'unsafe-inline' https://com-disqus.netmng.com:* https://www.google.com/recaptcha/ https://cf.ignitionone.com:* https://disqus.com
Last-Modified: Wed, 21 Apr 2021 18:31:29 GMT
ETag: W/"lounge:view:6115200593.660bcf3b67a35aa94decf75a491b077c.2"
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Referrer-Policy: no-referrer-when-downgrade
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Date: Fri, 07 May 2021 00:20:24 GMT
Age: 0
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
H2 200 lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js Show response
c.disquscdn.com/next/embed/ Frame CDC8 1 KB
1 KB 26ms
12ms Script
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js

Requested by

Host: disqus.com
URL: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08b05aa1232219b6c9a71eb156f0853da0ed1a63adcf147f3d9e71e8b0574e4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 788786
strict-transport-security: max-age=300; includeSubdomains
content-length: 532
cf-request-id: 09e5cb7e0b00004aa41204c000000001
timing-allow-origin: *
last-modified: Tue, 27 Apr 2021 21:01:55 GMT
server: cloudflare
etag: "60887bc3-214"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b648434ea74aa4-FRA
x-amz-cf-id: 6bkoSRP2VPWUX0cqSoKVgn9xbdpiubZqOxzIJb-mAabp28I3ytUAwQ==
expires: Wed, 27 Apr 2022 21:13:50 GMT

GET
H2 200 common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js Show response
c.disquscdn.com/next/embed/ Frame CDC8 282 KB
93 KB 14ms
13ms Script
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.load.dfaa05f4d3af8a4fe09cfd70007bc5b2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33d9c56f2b1408711b9b963963790177ac4e7c38a5ecf0e3c12f558c676e294b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900257
strict-transport-security: max-age=300; includeSubdomains
content-length: 94786
cf-request-id: 09e5cb7e19000005f99a858000000001
timing-allow-origin: *
last-modified: Tue, 09 Mar 2021 17:57:38 GMT
server: cloudflare
etag: "6047b712-17242"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA56-C2
accept-ranges: bytes
cf-ray: 64b64843585505f9-FRA
x-amz-cf-id: iGbO1sC_L2SXajbXh3fns4o9OWy9yuPPlUqsvZKLIHAqbdlN6Dbhow==
expires: Wed, 09 Mar 2022 18:10:09 GMT

GET
H2 200 lounge.305cef62f65d619287ed5bfd8a11158b.css
c.disquscdn.com/next/embed/styles/ Frame CDC8 129 KB
23 KB 17ms
16ms Stylesheet
text/css 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a7d14b983e535139708c6526fcd9c46fb986f2a9e77fba33da4b811bab6dac9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 871132
strict-transport-security: max-age=300; includeSubdomains
content-length: 23152
cf-request-id: 09e5cb7e58000005f946095000000001
timing-allow-origin: *
last-modified: Mon, 26 Apr 2021 20:08:48 GMT
server: cloudflare
etag: "60871dd0-5a70"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64843c92005f9-FRA
x-amz-cf-id: fW6uWADQtEZlK-wmDYqb2_bVoI8qEXXQIebuoRmRxeEbg1U5ih8CMg==
expires: Tue, 26 Apr 2022 22:21:32 GMT

GET
H2 200 lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js Show response
c.disquscdn.com/next/embed/ Frame CDC8 456 KB
115 KB 13ms
12ms Script
application/javascript 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a163fb094ea045758fdb0d81a16a8e8265adb94dcfc945e4235942250ab2e2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 788787
strict-transport-security: max-age=300; includeSubdomains
content-length: 117909
cf-request-id: 09e5cb7e5d000005f956991000000001
timing-allow-origin: *
last-modified: Tue, 27 Apr 2021 21:01:56 GMT
server: cloudflare
etag: "60887bc4-1cc95"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64843c93105f9-FRA
x-amz-cf-id: ETrZZQ2ejsaF6MhaKzELRpOlvmta1CRQ1i4wrUp7rQaahSvj9GaDiQ==
expires: Wed, 27 Apr 2022 21:13:50 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ Frame CDC8 11 KB
12 KB 39ms
39ms Script
application/javascript 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

d0627e883f59b06ada61af684c0636818d0e01f4c3fed677f83f974196b8316f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options: nosniff
Content-Type: application/javascript; charset=UTF-8
Server: nginx
Age: 55
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Connection: keep-alive
Timing-Allow-Origin: *
Content-Length: 11688
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK details Show response
disqus.com/api/3.0/forums/ Frame CDC8 3 KB
4 KB 144ms
143ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/forums/details?forum=pentestblog&attach=forumFeatures&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

ed6198299ea8edc79f99837a0768a8c96f36d759bc697fde1e115aae90fa4f32

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 3533
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK loadReactions Show response
disqus.com/api/3.0/threadReactions/ Frame CDC8 85 B
530 B 145ms
144ms XHR
application/json 151.101.128.134
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/api/3.0/threadReactions/loadReactions?thread=6115200593&api_key=E8Uh5l5fHZ6gD8U3KycjAIAk46f68Zw7C6eW8WSjZvCLXebZ7p0r1yrYDrLilk2F

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.128.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:24 GMT
X-Content-Type-Options: nosniff
Server: nginx
Age: 0
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Cache-Control: stale-while-revalidate=30, max-age=60
Connection: keep-alive
Content-Type: application/json
Vary: Origin, Cookie
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 128ms
41ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876495
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
DATA 200
OK truncated
/ Frame CDC8 37 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame CDC8 13 KB
13 KB 13ms
13ms Image
image/svg+xml 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900256
strict-transport-security: max-age=300; includeSubdomains
content-length: 13079
cf-request-id: 09e5cb7f03000005f9a3a6d000000001
timing-allow-origin: *
last-modified: Wed, 03 Feb 2021 18:02:57 GMT
server: cloudflare
etag: "601ae551-3317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 64b64844daad05f9-FRA
x-amz-cf-id: u5aj5DP6QMZrJ6I7jx1Wc3d2qOMZ4C8kh8YfJv2eAUXws5l8rCpo3g==
expires: Sun, 06 Feb 2022 13:14:53 GMT

GET
H2 200 loader.ba7c86e8b4b6135bb668d05223f8f127.gif
c.disquscdn.com/next/embed/assets/img/ Frame CDC8 3 KB
3 KB 15ms
15ms Image
image/gif 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/loader.ba7c86e8b4b6135bb668d05223f8f127.gif

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900256
strict-transport-security: max-age=300; includeSubdomains
content-length: 2971
cf-request-id: 09e5cb7f06000005f9b6b13000000001
timing-allow-origin: *
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: cloudflare
etag: "6011a17b-b9b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/gif
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA56-C1
accept-ranges: bytes
cf-ray: 64b64844dac105f9-FRA
x-amz-cf-id: q5jgrStVZkIXwoeWl-0NV5kOTl3gUhXoFnG6duBoANQ7uCbV2CG0hw==
expires: Thu, 03 Feb 2022 04:58:07 GMT

GET
H2 200 sprite.654110a9206fd22f08cca0798e34a65e.png
c.disquscdn.com/next/embed/assets/img/ Frame CDC8 2 KB
2 KB 16ms
16ms Image
image/png 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/sprite.654110a9206fd22f08cca0798e34a65e.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900256
strict-transport-security: max-age=300; includeSubdomains
content-length: 1862
cf-request-id: 09e5cb7f06000005f992a95000000001
timing-allow-origin: *
last-modified: Wed, 27 Jan 2021 17:23:07 GMT
server: cloudflare
etag: "6011a17b-746"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64844dac605f9-FRA
x-amz-cf-id: fr8oqTiiJNjngbxxbbzdPubkItSDgWPvQgvsirNZje_qJPTOHh_w9Q==
expires: Sun, 30 Jan 2022 08:29:46 GMT

GET
H2 200 icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2
c.disquscdn.com/next/embed/assets/font/ Frame CDC8 8 KB
8 KB 15ms
15ms Font
application/octet-stream 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/assets/font/icons.4cc7a703d2fdfe684151ff8ac24d45f1.woff2

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Origin: https://disqus.com
Referer: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900273
strict-transport-security: max-age=300; includeSubdomains
content-length: 7900
cf-request-id: 09e5cb7f0700004aa48cb45000000001
timing-allow-origin: *
last-modified: Wed, 03 Feb 2021 18:02:57 GMT
server: cloudflare
etag: "601ae551-1edc"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA6-C1
accept-ranges: bytes
cf-ray: 64b64844d9854aa4-FRA
x-amz-cf-id: pXrMY0uP9Ph1D8CIsGtxF2iWkq2BDSl6Tqg81UamkNwx4ECC-LQcUA==
expires: Sun, 06 Feb 2022 07:54:37 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 42ms
42ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876495
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
H2 200 sdk.js Show response
connect.facebook.net/en_US/ Frame CDC8 3 KB
2 KB 23ms
21ms Script
application/x-javascript 2a03:2880:f008:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

50ab5233001d5492eb41952f7a0beef4743063579983b0a92a13edc1c9aad646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: 4DuEa7fpOqeE4FWDrpCh5w==
cross-origin-resource-policy: cross-origin
expires: Fri, 07 May 2021 00:31:04 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 1780
x-fb-rlafr: 0
x-fb-debug: D5xwomNCjgAHft1T30/LWty8+K12WUtzDoCX1lxHKZwp28DlyyzuFtswkt0b3M12THiOKuRZUCyhs1t7eJLUlw==
x-fb-trip-id: 19638678
x-fb-content-md5: 1d91ddc7acb7a015c919a0cb9002c329
date: Fri, 07 May 2021 00:20:24 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=1200,stale-while-revalidate=3600
etag: "f86c53527d6a49036e303c6e785ce1c9"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H2 200 api.js Show response
apis.google.com/js/ Frame CDC8 12 KB
6 KB 65ms
32ms Script
application/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/js/api.js

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

a7ae12d06801f349cd30e7388bf801926c741a34c5c4c5e287fa1e3346e11613

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-qIa8YffeNCdk9D1PcyWrpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
cross-origin-resource-policy: cross-origin
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
x-ua-compatible: IE=edge, chrome=1
server: ESF
x-frame-options: SAMEORIGIN
etag: "cd5b87ba7f95c068005645409cce8845"
strict-transport-security: max-age=31536000
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=1800, stale-while-revalidate=1800
content-security-policy: script-src 'report-sample' 'nonce-qIa8YffeNCdk9D1PcyWrpw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /_/cspreport
timing-allow-origin: *
expires: Fri, 07 May 2021 00:20:24 GMT

GET
H2 200 svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg
c.disquscdn.com/next/embed/assets/img/ Frame CDC8 13 KB
13 KB 19ms
19ms Image
image/svg+xml 2606:4700::6812:a813
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://c.disquscdn.com/next/embed/assets/img/svg-sprite.4da5413f5086c5755b46094b813dbfcd.svg

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a813 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://c.disquscdn.com/next/embed/styles/lounge.305cef62f65d619287ed5bfd8a11158b.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
cf-cache-status: HIT
age: 3900256
strict-transport-security: max-age=300; includeSubdomains
content-length: 13079
cf-request-id: 09e5cb7fcc000005f970b86000000001
timing-allow-origin: *
last-modified: Wed, 03 Feb 2021 18:02:57 GMT
server: cloudflare
etag: "601ae551-3317"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml; charset=utf-8
access-control-allow-origin: *
x-xss-protection: 1; mode=block
cache-control: max-age=31536000, public, immutable, no-transform
x-amz-cf-pop: FRA53-C1
accept-ranges: bytes
cf-ray: 64b648461cdb05f9-FRA
x-amz-cf-id: u5aj5DP6QMZrJ6I7jx1Wc3d2qOMZ4C8kh8YfJv2eAUXws5l8rCpo3g==
expires: Sun, 06 Feb 2022 13:14:53 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 42ms
42ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876495
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
H3-29 200 sdk.js Show response
connect.facebook.net/en_US/ Frame CDC8 211 KB
62 KB 45ms
22ms Script
application/x-javascript 2a03:2880:f008:8:face:b00c:0:1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=5a18157ec2780fc37a5ec59a2921a739&ua=modern_es6

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f008:8:face:b00c:0:1 Milan, Italy, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

169ba99b7e3f36363b46cb54fc94b49ac8ef2675598893f156f5d938d860ac6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Origin: https://disqus.com
Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
content-md5: keDNhlURj33gYZFco03t5w==
cross-origin-resource-policy: cross-origin
expires: Fri, 06 May 2022 22:48:27 GMT
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 63664
x-fb-rlafr: 0
x-fb-debug: S3GWyGxFRT4XqU5bRtUGTnwik3ylkKq6O8dWYV00cLvc5sZsuEevSX4r1Aq3fM+uLXoRRhuuFKn6nozh6DN/SA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
x-fb-content-md5: 86e295305be04eff3b243ea8f767eb6d
date: Fri, 07 May 2021 00:20:24 GMT
x-frame-options: DENY
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: application/x-javascript; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
etag: "012d00bf08ac56da1688fe9321238943"
timing-allow-origin: *
priority: u=3,i
access-control-expose-headers: X-FB-Content-MD5

GET
H3-29 200 cb=gapi.loaded_0 Show response
apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/ Frame CDC8 103 KB
34 KB 35ms
7ms Script
text/javascript 2a00:1450:4001:802::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/cb=gapi.loaded_0

Requested by

Host: apis.google.com
URL: https://apis.google.com/js/api.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

1f97c4a1e81f37dff31489b1920a0517aa63fb260f5d1f6fc4353a84b45eb585

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Tue, 04 May 2021 19:12:51 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 27 Apr 2021 17:53:46 GMT
server: sffe
age: 191253
vary: Accept-Encoding, Origin
content-type: text/javascript; charset=UTF-8
cache-control: public, immutable, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34956
x-xss-protection: 0
expires: Wed, 04 May 2022 19:12:51 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 42ms
42ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876496
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
H2 200 iframe Show response
accounts.google.com/o/oauth2/ Frame EE4F 513 B
553 B 131ms
130ms Document
text/html 2a00:1450:4001:828::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframe

Requested by

Host: apis.google.com
URL: https://apis.google.com/_/scs/apps-static/_/js/k=oz.gapi.en_US.bSaSBnJo3mU.O/m=auth2/rt=j/sv=1/d=1/ed=1/am=AQ/rs=AGLTcCOlScUDCc6laSimwcYo4nXUQAS-sQ/cb=gapi.loaded_0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

e80946891c45678b99fd0892f5847f60508c106528a471ce3ec90021d66cc7be

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-traZLGtMgoEseJcgh51rjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

:method: GET
:authority: accounts.google.com
:scheme: https
:path: /o/oauth2/iframe
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
accept-encoding: gzip, deflate, br
accept-language: en-US
cookie: NID=215=VmpUsAPrrdDh6GUpXZfYig-4yHecuOlZ3LB6xzHDnPcMrmscHZC9gnY1O8hdOY7W_FgFdSH6xL3ZN0F8xQuH71hhxk6pVbuzDASmQQlWMrucq0RVNMTHCPqLxyxFS3TPB9fYmTudGAjYGEukHepQnPH8UQHrY0VtK4s7yQutyOI
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default

Response headers

content-type: text/html; charset=utf-8
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Fri, 07 May 2021 00:20:24 GMT
content-language: en-US
content-security-policy: script-src 'report-sample' 'nonce-traZLGtMgoEseJcgh51rjA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 42ms
42ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:24 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876496
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
H2 200 status
www.facebook.com/x/oauth/ Frame CDC8 0
0 69ms
69ms Fetch
text/plain 2a03:2880:f108:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/x/oauth/status?ancestor_origins=https%3A%2F%2Fpentest.blog&client_id=52254943976&input_token&origin=1&redirect_uri=https%3A%2F%2Fdisqus.com%2Fembed%2Fcomments%2F%3Fbase%3Ddefault%26f%3Dpentestblog%26t_i%3D454%2520https%253A%252F%252Fpentest.blog%252F%253Fp%253D454%26t_u%3Dhttps%253A%252F%252Fpentest.blog%252Fwindows-privilege-escalation-methods-for-pentesters%252F%26t_e%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26t_d%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26t_t%3DWindows%2520Privilege%2520Escalation%2520Methods%2520for%2520Pentesters%26s_o%3Ddefault%23version%3Ddfaa05f4d3af8a4fe09cfd70007bc5b2&sdk=joey&wants_cookie_data=false

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/common.bundle.f485ba8b89bf2153fdb9f493ec342aed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f108:83:face:b00c:0:25de Milan, Italy, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://disqus.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
x-content-type-options: nosniff
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 0
x-fb-rlafr: 0
pragma: no-cache
x-fb-debug: P9zOHYuUqk25weytts5PyQqUk4VkXHlxQxtiFtDBTbFoyra7W2E3YbQqa0urG2yYhaKYm1nlKp9m5sLmLl2Wdw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
fb-s: unknown
cross-origin-opener-policy: same-origin-allow-popups
date: Fri, 07 May 2021 00:20:25 GMT
report-to: {"group":"coep_report","max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/"}]}
content-type: text/plain; charset=UTF-8
access-control-allow-origin: https://disqus.com
access-control-expose-headers: fb-s
cache-control: private, no-cache, no-store, must-revalidate
access-control-allow-credentials: true
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 2515317930-idpiframe.js Show response
ssl.gstatic.com/accounts/o/ Frame EE4F 111 KB
39 KB 394ms
6ms Script
text/javascript 2a00:1450:4001:803::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ssl.gstatic.com/accounts/o/2515317930-idpiframe.js

Requested by

Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce22830dd89ea4833c4764c2916dcb892de1dd05a604d0189f689d54cf751df6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Thu, 06 May 2021 07:22:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 30 Apr 2021 06:29:47 GMT
server: sffe
age: 61072
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39130
x-xss-protection: 0
expires: Fri, 06 May 2022 07:22:33 GMT

GET
H3-29 200 iframerpc Show response
accounts.google.com/o/oauth2/ Frame EE4F 14 B
58 B 70ms
41ms XHR
application/json 2a00:1450:4001:802::200d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fdisqus.com&client_id=508198334196-bgmagrg0a2rub674g0shidj8fnd50dji.apps.googleusercontent.com

Requested by

Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/2515317930-idpiframe.js

Protocol

H3-29

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:802::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://accounts.google.com/o/oauth2/iframe
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
X-Requested-With: XmlHttpRequest

Response headers

date: Fri, 07 May 2021 00:20:25 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
content-type: application/json; charset=utf-8
cache-control: public, max-age=3600
alt-svc: h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
expires: Fri, 07 May 2021 01:20:25 GMT

GET
H2 200 noavatar92.png
a.disquscdn.com/1619042223/images/ Frame CDC8 2 KB
2 KB 42ms
41ms Image
image/png 151.101.114.49
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://a.disquscdn.com/1619042223/images/noavatar92.png

Requested by

Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/lounge.bundle.daad0ef0a39804d0796d79f216ca4d2e.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.114.49 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date: Fri, 07 May 2021 00:20:25 GMT
x-content-type-options: nosniff
last-modified: Fri, 26 Feb 2021 20:50:09 GMT
server: nginx
age: 876496
etag: "60395f01-66c"
strict-transport-security: max-age=300; includeSubdomains
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
x-xss-protection: 1; mode=block
cache-control: max-age=2592000
x-amz-cf-pop: FRA50-C1
content-type: image/png
content-length: 1644
x-amz-cf-id: Tj3VRQxyQEgzMA4L2qLAP6EW9DAgOcCEIU2v0nhX33lV5MxxQe7gFw==
expires: Wed, 26 May 2021 20:52:08 GMT

GET
H/1.1 200
OK event.gif
referrer.disqus.com/juggler/ Frame CDC8 43 B
295 B 217ms
131ms Image
image/gif 199.232.196.134
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://referrer.disqus.com/juggler/event.gif?abe=0&embed_hidden=0&integration=wordpress%203.0.21&load_time=1194&event=init_embed&thread=6115200593&forum=pentestblog&forum_id=4765649&imp=8svin01n4klqn&prev_imp&thread_slug=windows_privilege_escalation_methods_for_pentesters&user_type=anon&referrer=https%3A%2F%2Fpentest.blog%2F&theme=next&dnt=0&tracking_enabled=0&experiment=network_default_hidden&variant=fallthrough&service=dynamic&promoted_enabled=false&max_enabled=false

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

199.232.196.134 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://disqus.com/embed/comments/?base=default&f=pentestblog&t_i=454%20https%3A%2F%2Fpentest.blog%2F%3Fp%3D454&t_u=https%3A%2F%2Fpentest.blog%2Fwindows-privilege-escalation-methods-for-pentesters%2F&t_e=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_d=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&t_t=Windows%20Privilege%20Escalation%20Methods%20for%20Pentesters&s_o=default
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date: Fri, 07 May 2021 00:20:25 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 28 Sep 1970 06:00:00 GMT
Server: nginx
Content-Type: image/gif
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.pentest.blog/	1970-01-19 18:05:46	Name: _gat_gtag_UA_88100923_1 Value: 1
.pentest.blog/	1970-01-20 11:36:58	Name: _ga Value: GA1.2.618968929.1620346824
.pentest.blog/	1970-01-19 18:05:46	Name: _gat Value: 1
.pentest.blog/	1970-01-19 18:07:13	Name: _gid Value: GA1.2.1239838043.1620346824
.pentest.blog/	1970-01-19 18:48:58	Name: __cfduid Value: d9f977574606a2534714c883371ae95c01620346822

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://pentest.blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2(Line 2) Message: JQMIGRATE: Migrate is installed, version 3.3.2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.disquscdn.com
accounts.google.com
apis.google.com
c.disquscdn.com
connect.facebook.net
disqus.com
fonts.googleapis.com
fonts.gstatic.com
pentest.blog
pentestblog.disqus.com
referrer.disqus.com
s.w.org
ssl.gstatic.com
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
104.21.83.51
151.101.114.49
151.101.128.134
192.0.77.48
199.232.196.134
2606:4700::6812:a813
2a00:1450:4001:802::2003
2a00:1450:4001:802::200d
2a00:1450:4001:802::200e
2a00:1450:4001:803::2003
2a00:1450:4001:808::200e
2a00:1450:4001:811::2008
2a00:1450:4001:813::200a
2a00:1450:4001:828::200d
2a00:1450:4001:829::200e
2a00:1450:4001:82b::2003
2a03:2880:f008:8:face:b00c:0:1
2a03:2880:f108:83:face:b00c:0:25de
029e0a2e809fd6b5dbe76abe8b7a74936be306c9a8c27c814c4d44aa54623300
08b05aa1232219b6c9a71eb156f0853da0ed1a63adcf147f3d9e71e8b0574e4f
0c5f584d1ea2c3313dc8c55824c2a572d3cf2eae87c5ca62a58e598aec9ddb5c
169ba99b7e3f36363b46cb54fc94b49ac8ef2675598893f156f5d938d860ac6a
17041df2bda03e102abe51f82147a6c987d346b4e4e19525b5085e9056e55947
1bfb6f2343446cef6183476a8e72ac1833ca9e9375f03dcee452b1ba08ab72d4
1d06b4b1d8fb3e29af8a425cf48533927f3b2ed1cd4c49029197d9a62f0fcd9d
1d38f3ca3272d3a47bcfa9fe9cb8268eae714759453f56151b898394b24c6889
1f97c4a1e81f37dff31489b1920a0517aa63fb260f5d1f6fc4353a84b45eb585
2123b61f26a87c608f5e339df52bb4bf85dfa17718ee83b80e9b869e07c9a447
22f84dc9c2f60b45767285d160ce6c4fab3436b2ed3835bcd6cedbe137235ac6
2468609517599c10415c9c9b65024cf697b747dbb837d07d0ea12130f224c65f
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
28e9420a6d03a70b837b51c9fbe1bb1f819a3d4aa71bffa07f7c3e79d7dcf878
29778a6252b89c79ad8a313692c3f4b8ff5e300c463858732f28da488dd2cc05
2cb09c7b3e19bfc41743ca3624ef81c3258d56525647feac76aa757e0292627a
31b816eb40dd68ec64b697c2f87018a94a875c7c88a372689ba7d07e691e7e8d
3270642c89180c12db93775e2a774b6dadd9bd98cffc963075c85afd2c17b6e4
33d9c56f2b1408711b9b963963790177ac4e7c38a5ecf0e3c12f558c676e294b
3487ef2baf0c08ba660a8a143cdeb8ebeec961eea04bccd7c49096b4eb26b875
36ef66124133ca33c8b44c487293c3180e5ab681ff3cad3c728ea4f894ec3444
4c4491dcfa94cb46fb73742fc2caf49a1cd59027304af1830c7dc6ce1889857c
50ab5233001d5492eb41952f7a0beef4743063579983b0a92a13edc1c9aad646
53964478a7c634e8dad34ecc303dd8048d00dce4993906de1bacf67f663486ef
5706a629c5d91a9d57fbd64b44829d7186ce3e513a732ce7062828cf29457f7a
5be614bce53f767993a5f5f14a6badd6aae6bf3af7cbdbf4d31520de49e27991
60240d5a27ede94fd35fea44bd110b88c7d8cfc08127f032d13b0c622b8be827
6048e330c0f362be46b20de45d35a5ace57a04be04a29da10448d6949f6f69ce
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
70f45edb4312dd24f37106cd7503989dcf72662e74c704dc3c8b7b696981c49b
74201a4b97ec1d5e86252dd0180eafd8c5378a9235864dbcd682f3575b41c85b
746eb68201ea9e457d24cb923fbe3f0b8586cf0613d2f91fba21b724e018a105
79279c8900d692d54bd3468993728088da3a33f5eabe667637554d3811000837
7b11eb90259a2ae13dbaf0d042b8fd154e57e4abffb629d7ca9509f6f6f996a6
7e0c4a1ed3d232553d98c82ea0e04cee8975d0a67df819e161f96e7c32179e8c
81bc56a45a26c9708def87a97e682483fcb6b959b492aca792b1f57b7df0096c
867bde5f1930963a16e7dac4c891142edaa529a4428bb3486165757b7c8ead08
87bcc22d43cfa00bd1cf5e3a35aad79150b4ce804899db3ea93efe57eeb6dbf7
8c79f09d1e74eadaf897561f5d70265ed2884663d34ad9c4d7f2aebff3b85a6b
8daf09a6fc31937457dd77e9c25ce4b21349d605b561a8c5d557841bf964c9a0
943c44a0f3dc1aba84f5fbe8465baadbb90af66cd7be9f37ca07a39260357ad2
9c222de21cd15bd1b3546d7631994d06fa4dbd1a21cbab9938624fd48131a245
9c50a96c859b9beea47b71740bd14e7f69a4df586d015f47434037f8def53b52
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a163fb094ea045758fdb0d81a16a8e8265adb94dcfc945e4235942250ab2e2a5
a4d5d17019ea0b43378cf13376e6e8f2059f47cf5e66074dd208f417543cf3d3
a70001940d43804b9ce5a960780ca25aca8df10800126046fe4e9634e309aad3
a7ae12d06801f349cd30e7388bf801926c741a34c5c4c5e287fa1e3346e11613
a7d14b983e535139708c6526fcd9c46fb986f2a9e77fba33da4b811bab6dac9a
ab21fef3ac4ee12ebb305942f85de99b290b8a24654c69060e54673d5f3a11f2
b385fd0614f2927f0e7fdc03ccdb2428e3a93de0c7fe467149b34213cc32c0f6
b510b8c3b6d17c4d7155538bf2d5da7cf2f36eb6eca9846224da240898ed3f1d
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c0568923127c7ec9017ee440b069d4dd0f964388dd29555d1a01c223bc01746b
cdba739c28b41f39ce438f2bf204fe739dc81a26cf559a9394ceed56a0666bee
ce22830dd89ea4833c4764c2916dcb892de1dd05a604d0189f689d54cf751df6
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0627e883f59b06ada61af684c0636818d0e01f4c3fed677f83f974196b8316f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7f5a831ead8920451598097754bb1d4fbf16fff1fd90794b950724867345794
e80946891c45678b99fd0892f5847f60508c106528a471ce3ec90021d66cc7be
ed6198299ea8edc79f99837a0768a8c96f36d759bc697fde1e115aae90fa4f32
f2a341fc815d45c21da726d4c843c2c5d3e1f333465347c3c75d040d556df4e5
f3bce9f7694e1e5ae61f21bdf51af4e502ced317f0471b6b3609b3000dd3d408
f75e846cc83bd11432f4b1e21a45f31bc85283d11d372f7b19accd1bf6a2635c
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

pentest.blog Open in urlscan Pro 104.21.83.51 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

75 Requests

100 %HTTPS

72 %IPv6

11 Domains

16 Subdomains

19 IPs

3 Countries

1411 kBTransfer

3250 kBSize

5 Cookies

17 Outgoing links

Redirected requests

75 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

pentest.blog Open in urlscan Pro
104.21.83.51 Public Scan

Screenshot
Live screenshot

Full Image

75
Requests

100 %
HTTPS

72 %
IPv6

11
Domains

16
Subdomains

19
IPs

3
Countries

1411 kB
Transfer

3250 kB
Size

5
Cookies

75 HTTP transactions
1 data transactions