Skip to content
lethanhtung01011980 edited this page Oct 21, 2019 · 19 revisions

METHODOLOGY

1. Scan

  • Scan ports
  • Target those with high number of open ports.
  • Target those websites with textboxes.
  • Target those with old OS.

2. Search vulnerabilities

  • Find LFI and RFI from website
  • Find SQL Injection.

3. Get reverse shell

3.1 Create reverse shell listener

  • Use nc.exe as reverse shell listener

3.2 Create reverse shell payload

  • Use msfvenom to create reverse shell payload

3.3 Upload reverse shell payload to victim

  • Anonymous FTP
  • SMB vulnerabilities (Eternal Blue...)
  • Contaminate evil code in web logs ...

3.4 Execute uploaded code to create reverse shell.

  • Execute uploaded code by browsing web page.
  • Execute RFI code
  • Execute LRI code with contaminated web logs.
  • Execute via SMB vulnerabilities

4. Escalate privilege

4.1 Get more information about the OS version, scheduled tasks...

4.2 Escalate to get root/admin shell or create root/admin users

  • Use kernel exploits on kernel vulnerabilities.
  • Use software exploits on software vulnerabilities.
  • Replace files with high-privilege process permission but low-privilege file permission. And wait to be executed.

Sidebar

0. COMMON exploits

1. Scan Info

1.2 Passive Gathering

1.3 Active Gathering

2. Pre-attack

2.2 File transfer

3. Get Reverse Shell

4. Exploits

4.2 Windows Exploits

4.3 Linux Exploits

4.4 Password crack

4.5 Buffer Overflow

4.6 Web attacks

6. Escalate Privilege

6.1 Escalate in Windows

6.2 Escalate in Linux

7. Access and further attacks

8. Port redirection and Tunnelling

9. Metasploit

10. Kali

11. Thirdparty scripts

Clone this wiki locally