Shuciran Pentesting Notes

RDP Remote Login

RDP into a remote machine XFREERDP To access windows via port tcp-3389 into a system: /u - user /p - password /w - weight /h - height /v - remote machine xfreerdp /u:JohnDoe /p:Pwd1...

Dumping SAM

Traditional dumping In order to dump the same, two register keys must be retrieved: reg save hklm\sam c:\sam reg save hklm\system c:\system You need to use impacket-secretsdump to retrieve hash...

MS17-010

IIS 5.0 In order to exploit an IIS 5.0 server the zzz_exploit.py script that is to be found here: MS17-010 is the best choice, first of all we need to create a virtual environment with python as t...

Python Virtual Environment

For python2 and Kali check this article: pyenv installation PyEnv Install dependencies: sudo apt install -y build-essential libssl-dev zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget cu...

MariaDB/MySQL UDF Exploitation

Now that we are connected, we can look at what privileges we have as the wp user and get a better idea of how this MariaDB instance is configured. MariaDB [(none)]> SHOW Grants; +--------------...

Networking (Windows)

System Network Configuration ipconfig /all netstat -abno arp -a Enumerating Running Processes and Services Keep in mind that this output does not list processes run by privileged users. On Window...

Adobe Experience Manager

Useful script to enumerate multiple misconfigurations on Adobe Experience Manager CMS: aem_hacker

Wordpress Loading Plugin Shell

Obtaining a Shell To obtain a shell, we first must package the plugin in a way that WordPress knows how to handle. WordPress expects plugins to be in a zip file. When WordPress receives the zip fi...

Kerberoasting

Extracting SPNs from kali parameter (-k) is used for Kerberos Authentication (NTLM is used by default): # Example 1 (with Kerberos) impacket-GetUserSPNs scrm.local/ksimpson:ksimpson -k -dc-ip dc1.s...

upnphost and SSDPSRV

This article assumes that you have already obtained a low privilege shell on your victim’s computer. You have enumerated this machine and concluded that the operating system is Windows XP with SP0 ...