Linux - Post-Exploitation
Enumeration Post-Exploitation
- linux-exploit-suggester - Enumeration Linux kernelLinux-based machine
- LinEnum - Linux Config Enumeration
- Linux Config Enumeration - Linuxprivchecker
- Linux Config Enumeration - Unix-Privesc-CheckLinux
Linux privilege escalation techniques:
- Perl - Privilege Escalation
- Nmap - Privilege Escalation
- find - privilege escalation
- service - Privilege Escalation
- apt-get - Privilege escalation
- wget - Privilege Escalation
- HT – privilege escalation
- lxd - privilege escalation
- Linux Restricted Shell Bypass
- Knive - Privilege Escalation
- MOTD - Privilege Escalation
Cron
- Exploiting the Cron Jobs Misconfigurations (Privilege Escalation)
- Using crontab and command injection privilege escalation
- laravel – schedule task – crontab
CVE
- ssl-heartbleed - CVE-2014-0160
- Chkrootkit 0.49 - Local Privilege Escalation - CVE-2014-0476
- 'overlayfs' Local Privilege Escalation - CVE-2015-1328
- Dirtycow - privilege escalation - CVE-2016-5195
- ExifTool 12.23 - Arbitrary Code Execution - (Privilege escalation) - CVE-2021-22204
- Dirty Pipe - Linux Kernel privilege escalation (CVE-2022-0847)
- Sudo ALL keyword security bypass - Privilege Escalation - (CVE-2019-14287)
Misconfig
Windows - Post-Exploitation
CVE Exploits
- Windows MS10_092 - Schelevator - Privilege Escalation
- Windows Exploit MS15-051 - CVE-2015-1701 - Privilege Escalation
- kitrap0d: Windows Kernel Could Allow Elevation of Privilege (MS10-015) - CVE-2010-0232
- Microsoft Windows (x86) - 'afd.sys' Local Privilege Escalation (MS11-046) 2011-1249
- Microsoft Windows 7 < 10 / 2008 < 2012 R2 (x86/x64) - Local Privilege Escalation (MS16-032) - 2016-0099
- Microsoft Windows Server 2003 SP2 - TCP/IP IOCTL Privilege Escalation (MS14-070) – CVE-2014-4076
Enumeration Post-Exploitation
- Windows basic manual post-exploitation recon
- Download files using windows (HTTP, FTP, SMB)
- Local_exploit_suggester - Windows Enum
- Windows-Exploit-Suggester - Windows Enum
- WinPEAS - Windows Enum
- Enumerate Windows Using PowerUP
- SMB server with Impaket-smbserver
- How to enumerate Windows using JAWS
- Windows Exploit Suggester - Next Generation (WES-NG)
- Empire Post-Exploitation Windows
- Sherlock & Empire - Loading Modules Into
- Sherlock - Find missing Windows patches for Local Privilege Escalation
- Watson - Find missing Windows patches for Local Privilege Escalation
- How to use unicorn to spawn a shell
- Exploiting mRemoteNG
- Bind & Reverse Shell using powercat
Windows Hashes
- Windows Password Hashes
- Windows XP - Get Hashes (Local)
- Windows 7 – Get Hashes (Local)
- Windows 10 – Get Hashes (Local)
- Windows 10 – Get Hashes (Domain)
- Domain Server – Get Hashes
Misconfiguration