If you’ve ever taken an OSCP exam, tried to privilege escalate in a CTF, or troubleshoot a weird Linux container, you know the feeling: You need that one specific enumeration command.
You open your browser. You type site:hacktricks.xyz privesc. The page loads. But sometimes—it doesn’t.
Maybe you’re in a restricted lab. Maybe the exam proctor has blocked outbound HTTP. Maybe you’re on a red team op with no internet. Or maybe your VPN is just slow. hacktricks offline
The solution? HackTricks Offline.
Let’s walk through why you need it, how to build it, and how to use it without breaking any rules. Going Dark: How to Build and Use "HackTricks
Level 2 fails if you are on a Windows machine that has never seen Python, or if you cannot install pip due to corporate restrictions.
Enter the Hacktricks Docker Container.
Docker allows you to serve the entire Hacktricks suite offline on localhost. Pull the image (do this while online)
http://localhost:8000 on your browser.Command to run offline:
docker run -d --name hacktricks -p 8000:8000 carlospolop/hacktricks
Because Docker uses layered file systems, the entire HTML, CSS, and JS are cached locally on your hard drive. You do not need an internet connection to spin up the container once the image is saved.
winexe -U 'user%pass' //target "cmd.exe"</code></pre>
<h3>WMI</h3>
<pre><code>wmic /node:"target" /user:"user" /password:"pass" process call create "cmd.exe /c command"</code></pre>
</section>
<!-- Forensics -->
<section id="forensics">
<h2>💾 Basic Forensics Commands</h2>
<h3>Linux Live Response</h3>
<pre><code># Collecting evidence
ps auxfwww > ps.txt netstat -anp > netstat.txt lsof > lsof.txt last > last.txt history > history.txt crontab -l > crontab.txt