Post-Exploitation
Linux – Post-Exploitation
Enumeration Post-Exploitation
- linux-exploit-suggester – Enumeration Linux kernelLinux-based machine
- LinEnum – Linux Config Enumeration
- Linux Config Enumeration – Linuxprivchecker
- Linux Config Enumeration – Unix-Privesc-CheckLinux
Linux privilege escalation techniques:
- Perl – Privilege Escalation
- Nmap – Privilege Escalation
- find – privilege escalation
- service – Privilege Escalation
- apt-get – Privilege escalation
- wget – Privilege Escalation
- HT – privilege escalation
- lxd – privilege escalation
- Linux Restricted Shell Bypass
Cron
CVE
- ssl-heartbleed – CVE-2014-0160
- Chkrootkit 0.49 – Local Privilege Escalation – CVE-2014-0476
- ‘overlayfs’ Local Privilege Escalation – CVE-2015-1328
- Dirtycow – privilege escalation – CVE-2016-5195
Windows – Post-Exploitation
CVE Exploits
- Windows MS10_092 – Schelevator – Privilege Escalation
- Windows Exploit MS15-051 – CVE-2015-1701 – Privilege Escalation
- kitrap0d: Windows Kernel Could Allow Elevation of Privilege (MS10-015) – CVE-2010-0232
- Microsoft Windows (x86) – ‘afd.sys’ Local Privilege Escalation (MS11-046) 2011-1249
- Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) – Local Privilege Escalation (MS16-032) – 2016-0099
Enumeration Post-Exploitation
- Local_exploit_suggester – Windows Enum
- Windows-Exploit-Suggester – Windows Enum
- WinPEAS – Windows Enum
- SMB server with Impaket-smbserver
- How to enumerate Windows using JAWS
- Windows Exploit Suggester – Next Generation (WES-NG)
- Empire Post-Exploitation Windows
- Sherlock & Empire – Loading Modules Into
- Sherlock – Find missing Windows patches for Local Privilege Escalation
- Watson – Find missing Windows patches for Local Privilege Escalation
- How to use unicorn to spawn a shell
- Exploiting mRemoteNG
Windows Hashes
- Windows Password Hashes
- Windows XP – Get Hashes (Local)
- Windows 7 – Get Hashes (Local)
- Windows 10 – Get Hashes (Local)
- Windows 10 – Get Hashes (Domain)
- Domain Server – Get Hashes
Misconfiguration