-
Notifications
You must be signed in to change notification settings - Fork 14
Home
lethanhtung01011980 edited this page Oct 21, 2019
·
19 revisions
- Scan ports
- Target those with high number of open ports.
- Target those websites with textboxes.
- Target those with old OS.
- Find LFI and RFI from website
- Find SQL Injection.
- Use nc.exe as reverse shell listener
- Use msfvenom to create reverse shell payload
- Anonymous FTP
- SMB vulnerabilities (Eternal Blue...)
- Contaminate evil code in web logs ...
- Execute uploaded code by browsing web page.
- Execute RFI code
- Execute LRI code with contaminated web logs.
- Execute via SMB vulnerabilities
- Use kernel exploits on kernel vulnerabilities.
- Use software exploits on software vulnerabilities.
- Replace files with high-privilege process permission but low-privilege file permission. And wait to be executed.