🔒Privesc
Get the fck out bins supremac
Enumerar puertos
netstat -nat
LINUX
whoami
id
uname -a
lsb_release -a
sudo -l
find / -perm -4000 2>/dev/null
find / -user <user> 2>/dev/null
find / -writable 2>/dev/null | grep "etc"
getcap -r / 2>/dev/null
catcatcatcatcatcatcatcatcatcat
/home/<user>/.ssh
/etc/passwd
/etc/shadow
/etc/crontab
/etc/shells
Enumerar bien directorios de servicio web!
/var/www/html/ # Databases, info leak, login history, etc!!! uwu
Linpeas.
Binarios + SUID
--------------------------------------------------------------------------------------------------
WINDOWS
whoami /privs
getprivs
dir /r /s user.txt
net user <name> <pass> /add
net localgroup administrators <name> /add
Scan con PowerUp - Meterpreter
upload <path_powerup>
load powershell
powershell_shell
. .\powerup.ps1
Invoke-AllChecks
Winpeas.
Última actualización