Linux - Post-Exploitation

Enumeration Post-Exploitation

• linux-exploit-suggester - Enumeration Linux kernelLinux-based machine
• LinEnum - Linux Config Enumeration
• Linux Config Enumeration - Linuxprivchecker
• Linux Config Enumeration - Unix-Privesc-CheckLinux

Linux privilege escalation techniques:

• Perl - Privilege Escalation
• Nmap - Privilege Escalation
• find - privilege escalation
• service - Privilege Escalation
• apt-get - Privilege escalation
• wget - Privilege Escalation
• HT – privilege escalation
• lxd - privilege escalation
• Linux Restricted Shell Bypass
• Knive - Privilege Escalation
• MOTD - Privilege Escalation

Cron

• Exploiting the Cron Jobs Misconfigurations (Privilege Escalation)
• Using crontab and command injection privilege escalation
• laravel – schedule task – crontab

CVE

• ssl-heartbleed - CVE-2014-0160
• Chkrootkit 0.49 - Local Privilege Escalation - CVE-2014-0476
• 'overlayfs' Local Privilege Escalation - CVE-2015-1328
• Dirtycow - privilege escalation - CVE-2016-5195
• ExifTool 12.23 - Arbitrary Code Execution - (Privilege escalation) - CVE-2021-22204
• Dirty Pipe - Linux Kernel privilege escalation (CVE-2022-0847)
• Sudo ALL keyword security bypass - Privilege Escalation - (CVE-2019-14287)

Misconfig

• Disk group privilege escalation
• (Privilege Escalation) Linux Path hijacking

Windows - Post-Exploitation

CVE Exploits

• Windows MS10_092 - Schelevator - Privilege Escalation
• Windows Exploit MS15-051 - CVE-2015-1701 - Privilege Escalation
• kitrap0d: Windows Kernel Could Allow Elevation of Privilege (MS10-015) - CVE-2010-0232
• Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) 2011-1249
• Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) - 2016-0099
• Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) – CVE-2014-4076

Enumeration Post-Exploitation

• Windows basic manual post-exploitation recon
• Download files using windows (HTTP, FTP, SMB)
• Local_exploit_suggester - Windows Enum
• Windows-Exploit-Suggester - Windows Enum
• WinPEAS - Windows Enum
• Enumerate Windows Using PowerUP
• SMB server with Impaket-smbserver
• How to enumerate Windows using JAWS
• Windows Exploit Suggester - Next Generation (WES-NG)
• Empire Post-Exploitation Windows
• Sherlock & Empire - Loading Modules Into
• Sherlock - Find missing Windows patches for Local Privilege Escalation
• Watson - Find missing Windows patches for Local Privilege Escalation
• How to use unicorn to spawn a shell
• Exploiting mRemoteNG
• Bind & Reverse Shell using powercat

Windows Hashes

• Windows Password Hashes
• Windows XP - Get Hashes (Local)
• Windows 7 – Get Hashes (Local)
• Windows 10 – Get Hashes (Local)
• Windows 10 – Get Hashes (Domain)
• Domain Server – Get Hashes

Misconfiguration

• Windows Weak Service Permissions
• Privilege Escalation - Unquoted Service Path (Windows)