Methodology – 0perat0r个人站

Tricks

Posted on May 11, 2020May 30, 2020 by 0pr

Table of Contents General Linux Metasploit Port Forwarding Sed Less SSH SSH Tunnel Bash NetCat Nmap Wget PHP File Upload Script and Web Server Tcpdump Windows Burp Suite General Put GIF8; on top of payload to make it a GIT image file type. Linux Metasploit Import xml to database. nmap -Pn -sS -A -oX Subnet1…

ActiveDirectory

Posted on April 30, 2020May 17, 2020 by 0pr

Table of Contents Enumeration Overall Information Enum4linux PowerView Module Domain Objects DNS Info System Relationship BloodHound-python SharpHound.ps1 GPP Policy Foothold Asrep Roasting Lateral Movement Pass the Password Pass the Hash Dump NTLM Hashes Dump SAM/LSA Token Impersonation DLL Hijacking Dump NTDS Enumeration Overall Information Enum4linux You have nothing, just want a overview of the system…

PrivilegeEscalation

Posted on April 30, 2020May 28, 2020 by 0pr

Table of Contents Linux Find SetUID Files Check User Privileges Interactive Programs with SUDO Privilege RottenPotato Kernel 2.6 LXD LXC Privilege Escalation Priv Escalation Through Sudoers Conf Exploit Suggester Rational Love VNC Linux Find SetUID Files find / -perm -4000 -type f 2>/dev/null Check User Privileges sudo -l -l Interactive Programs with SUDO Privilege sudo…

JuicyFiles

Posted on April 30, 2020May 26, 2020 by 0pr

Table of Contents Linux Password Hash Files History Configuration Files Windows Coinfiguration Files Hash Files Windows System Info Linux Password Hash Files passwd, shadow Content – User passwod hashes Features – SHA256Crypt hash Location – /etc Handle – unshadow <passfile> <shadowfile> then hashcat or john History bash_history Content – bash history Features – may contain…

Services

Posted on April 29, 2020May 17, 2020 by 0pr

Table of Contents Samba Enumeration Smbclient Crackmapexec Psexec_command or Usermap_script Msf Foothold MS_17_010 Psexec.py Psexec Msf Smb_login Msf DistCC Foothold CVE-2004-2687 Samba Enumeration Smbclient List all shares smbclient -L \\\\<URL>\\ Crackmapexec List all shares crackmapexec smb <ip> -u <username> -p <password> –shares Psexec_command or Usermap_script Msf Execute smb command auxiliary/admin/smb/psexec_command set COMMAND [command you want…

WebApplication

Posted on April 29, 2020April 5, 2021 by 0pr

Table of Contents General Check List Initial Steps With Unprivileged User Account OWASP’s Guide HeartBleed Enumeration BurpSuite Dirbuster Gobuster Dirsearch Wfuzz PHP Info Page PHP Filter PHP Remote File Inclusion PHP Log Poisoning Wpscan Other Tools Foothold Identity Brute Forcing SQL Injection – URL SQL Injection – Web Form Directory Traversal XXE Injection Type Juggling…