forked from tjnull/TJ-JPT
-
Notifications
You must be signed in to change notification settings - Fork 7
Post Exploitation General Notes
TheGetch edited this page May 14, 2021
·
2 revisions
Post Exploitation General Notes
-
rlwrap nc localhost 80
-
rlwrap -r -f . nc
- socat file:
tty,raw,echo=0 tcp-listen:12345 - /bin/sh -i
- python -c 'import pty; pty.spawn("/bin/sh")'
- perl -e 'exec "/bin/sh";'
- perl: exec "/bin/sh";
- ruby: exec "/bin/sh"
- lua: os.execute('/bin/sh')
Windows:
- Windows Exploit Suggester (Next-Generation): https://github.com/bitsadmin/wesng
- Sherlock: https://github.com/rasta-mouse/Sherlock
- Powersploit: https://github.com/PowerShellMafia/PowerSploit
- WinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
Linux:
- Linux Exploit Suggester 2: https://github.com/jondonas/linux-exploit-suggester-2
- LinEnum: https://github.com/rebootuser/LinEnum
- UnixPriv Checker: https://github.com/pentestmonkey/unix-privesc-check
- LinPeas: https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
PowerSharpPack:
Windows:
- LOLBAS: https://lolbas-project.github.io/#
- Windows Privilege Escalation Fundmentals: https://www.fuzzysecurity.com/tutorials/16.html
- SharpSuite: https://github.com/FuzzySecurity/Sharp-Suite
- Watson: https://github.com/rasta-mouse/Watson
- WinPwn: https://github.com/S3cur3Th1sSh1t/WinPwn
Linux:
- GTFOBins: https://gtfobins.github.io/
- g0tmi1k Linux Privilege Escalation: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
_Sidebar
1. Recon
- Ping Sweep: Windows Method
- Ping Sweep: Bash Method
- NetDiscover (ARP Scanning
- Nbtscan
- Ping Sweep: Python Method
- Ping Sweep: PowerShell Method
- Ping Sweep: Nmap method
- HTTP General Notes
- Cross-Site Scripting (XSS)
- SQL Injection (SQLi)
- Deserialization
- Directory Fuzzing
- IDOR Testing
- Intigriti Bug Bounty Tips
- Out of band exploitation
- Server-Side Template Injection (SSTI) Help
- Subdomain Enumeration
- WebFOCUS
- XXE Cheatsheet
- C2 Frameworks
- BloodHound
- Powershell Empire Quick Start Cheatsheet
- Pivoting/Tunneling
- Impacket
- Rubeus
- Mimikatz
- Identifying Hash Types
-
Dumping Hashes
-
- Cracking Hashes Offline
-
- Cracking Hashes Online
-
- Metasploit Meterpreter Migrate Process
- VMWare Port Forwarding
- Veil Simple Usage
- SSH: Generate OpenSSL RSA Key Pair from the Command Line
- Skipfish
- sed & awk: set root password in etc/shadow
- Search for ssh key quickly
- Python Proxy to Burp
- Python Convert .py to .exe
- PuttySCP Commands
- Powershell tidbits
- Password List - Generate quick list
- OS Enumeration - Ping
- Kerberos: Get KDC name and DNS name
- Impacket Scripts Error
- Gcc Compile Windows Executable in Linux
- Find Command: Filter out permission denied errors
- Excel Injection
- Digitally Sign Files (PowerShell Example)
- CSRF Tokens as Cookie Note
- Clear bash
- Burp Intruder Match/Replace
- Apache headers Test
- Windows Trial VMs
- Subdomain Brute Force
- Spawning TTY Shell
- Reserve Shell Cheat Sheet
- Pass-the-Hash
- Common Meterpreter Commands
- gcc & wine
- File Transfers
- Enable RDP - Windows
- DNS Reverse Lookup Brute Force
- Adding Users