MISCELLANEOUS

PRIMARY CATEGORY → PENTESTING

Notice

Be aware that this note is created to store all documentation which has not yet been assigned to a specific note or topic within the Pentesting section

Penetration Testing Process

Privilege Escalation

Checklist

Hacktricks

Linux • Windows

PayloadAllTheThings

Linux • Windows

Enumeration Scripts

PEASS

Kernel Exploitation

To check the Kernel Version in the Target System →

uname -r

Vulnerable Software

Check all installed software. It may has vulnerable/unpatched versions

Linux

dpkg -l

Windows → C:\Program Files and C:\Program Files (x86)

User Privileges

Sudo → Check sudo Privileges for the current user

Linux Target

sudo -l

SUID Binaries

GTFOBins

Linux Target

find / -perm 4000 -type f 2> /dev/null
find / -user root -perm 4000 -type f 2> /dev/null # Only Root as EUID

LOLBAS - Windows Applications related to PE

Cron Jobs ~ Sheduled Tasks

Check Write Permissions over These directories

/etc/crontab
/etc/cron.d
/var/spool/cron/crontabs/root

SSH Keys

Check Read/Write Permissions over the .ssh Directory

Read Perms → Copy the id_rsa content and login with that Private key via SSH

Target

cat /root/.ssh/id_rsa

Attacker

nvim ./id_rsa_target
chmod 600 !$
ssh -p<PORT> -i !$ ssh <USER>@<TARGET>

Write Perms → Create locally a key pair via ssh-keygen and add the Public Key into the ~/.ssh/authorized_keys. Then, login with the Private Key via SSH

Attacker

ssh-keygen -b 4096 -t rsa -f ./key
cat !$.pub # Copy the Key.pub Content

Target

nvim ~/.ssh/authorized_keys # Add the Key.pub Content within it

Attacker

ssh -p<PORT> -i ./key <USER>@<TARGET>

💥Cyb3rBook

Explorer

MISCELLANEOUS

PRIMARY CATEGORY → PENTESTING

Penetration Testing Process

Privilege Escalation

Checklist

Enumeration Scripts

Kernel Exploitation

Vulnerable Software

User Privileges

Cron Jobs ~ Sheduled Tasks

SSH Keys

Graph View

Table of Contents

Backlinks