Linux – Post-Exploitation

Enumeration Post-Exploitation

• linux-exploit-suggester – Enumeration Linux kernelLinux-based machine
• LinEnum – Linux Config Enumeration
• Linux Config Enumeration – Linuxprivchecker
• Linux Config Enumeration – Unix-Privesc-CheckLinux
• Enumerate Linux using LinPEAS.sh

Linux Shell Escape Sequences

• [Privilege Escalation] SUDO rights to all the commands on the host
• [Privilege Escalation] Sudo – Environment Variables
• Perl – Privilege Escalation
• Nmap – Privilege Escalation
• find – privilege escalation
• service – Privilege Escalation
• apt-get – Privilege escalation
• wget – Privilege Escalation
• HT – privilege escalation
• lxd – privilege escalation
• Linux Restricted Shell Bypass
• Knive – Privilege Escalation
• MOTD – Privilege Escalation

Cron

• Exploiting the Cron Jobs Misconfigurations (Privilege Escalation)
• Using crontab and command injection privilege escalation
• laravel – schedule task – crontab

CVE

• (CVE-2010-2075)[Command Execution] UnrealIRCD 3.2.8.1 Backdoor
• ssl-heartbleed – CVE-2014-0160
• Chkrootkit 0.49 – Local Privilege Escalation – CVE-2014-0476
• ‘overlayfs’ Local Privilege Escalation – CVE-2015-1328
• (CVE-2016-5195)[Privilege Escalation] – Dirtycow -‘PTRACE_POKEDATA’ Race Condition
• ExifTool 12.23 – Arbitrary Code Execution – (Privilege escalation) – CVE-2021-22204
• Dirty Pipe – Linux Kernel privilege escalation (CVE-2022-0847)
• Sudo ALL keyword security bypass – Privilege Escalation – (CVE-2019-14287)
• (CVE-2021-3560)[Local Privilege Escalation] Polkit 0.105-26 0.117-2

Misconfig

• Disk group privilege escalation
• (Privilege Escalation) Linux Path hijacking
• Ruby – Insecure Deserialization – YAML (Privilege Escalation – Code Execution)
• [Credential Dumping] Extracting Credentials from Configuration Files
• [Privilege Escalation] Weak File Permissions – /etc/shadow
• [Privilege Escalation] Weak File Permissions – Writable /etc/passwd
• [Privilege Escalation] SUID / SGID Executables – Shared Object Injection
• [Privilege Escalation] SUID / SGID Executables – Known Exploits
• [Privilege Escalation] SUID / SGID Executables – Environment Variables
• [Privilege Escalation] SSH Keys
• [Privilege Escalation] NFS Squashing (no_root_squash/no_all_squash)

Programming

• Exploiting Python EVAL() Code Injection
• [C] Exploiting system() Calls in C and Command Injection

Windows – Post-Exploitation

CVE Exploits

• Windows MS10_092 – Schelevator – Privilege Escalation
• Windows Exploit MS15-051 – CVE-2015-1701 – Privilege Escalation
• kitrap0d: Windows Kernel Could Allow Elevation of Privilege (MS10-015) – CVE-2010-0232
• Microsoft Windows (x86) – ‘afd.sys’ Local Privilege Escalation (MS11-046) 2011-1249
• Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) – Local Privilege Escalation (MS16-032) – 2016-0099
• Microsoft Windows Server 2003 SP2 – TCP/IP IOCTL Privilege Escalation (MS14-070) – CVE-2014-4076
• (CVE-2019-1388)[Privilege Escalation] Microsoft Windows Certificate Dialog privilege escalation

Enumeration Post-Exploitation

• [Credential Dumping] Hunting for passwords in usual spots
• Windows basic manual post-exploitation recon
• Download files using windows (HTTP, FTP, SMB)
• Local_exploit_suggester – Windows Enum
• Windows-Exploit-Suggester – Windows Enum
• WinPEAS – Windows Enum
• Enumerate Windows Using PowerUP
• SMB server with Impaket-smbserver
• How to enumerate Windows using JAWS
• Windows Exploit Suggester – Next Generation (WES-NG)
• Empire Post-Exploitation Windows
• Sherlock & Empire – Loading Modules Into
• Sherlock – Find missing Windows patches for Local Privilege Escalation
• Watson – Find missing Windows patches for Local Privilege Escalation
• How to use unicorn to spawn a shell
• Exploiting mRemoteNG
• Bind & Reverse Shell using powercat

Windows Hashes

• Windows Password Hashes
• Windows XP – Get Hashes (Local)
• Windows 7 – Get Hashes (Local)
• Windows 10 – Get Hashes (Local)
• Windows 10 – Get Hashes (Domain)
• Domain Server – Get Hashes

Misconfiguration

• Windows Weak Service Permissions
• Privilege Escalation – Unquoted Service Path (Windows)
• [Privilege Escalation] Windows Schedule Tasks: Weak Permissions
• [Privilege Escalation] Abusing AlwaysInstallElevated
• [Privilege Escalation] Insecure Permissions on Service Executable
• [Privilege Escalation] Insecure Service Permissions
• [Privilege Escalation] Windows Privileges: SeTakeOwnership
• [Privilege Escalation] Windows Privileges: SeBackupPrivilege / SeRestorePrivilege