All about privilege escalation
Posted inExploitation

All about privilege escalation

Our initial access to a remote server is usually in the context of a low-privileged user, which would not give us complete access over the box. For example, some commands (like tcpdump) cannot be run via sudo and can only be run by the root user. To gain full access, we will need to find an internal/local vulnerability that would escalate our privileges to the root user on Linux or the administrator/SYSTEM user on Windows.
nmap quick notes
Posted inScanning and Analysis

nmap quick notes

Nmap (short for “Network Mapper”) is a free and open-source utility designed for network discovery and security auditing. Created by Gordon Lyon (also known as Fyodor Vaskovich), Nmap is widely used by cybersecurity professionals, network administrators, and system administrators to map out networks, discover hosts and services, and assess network security.
Metasploit quick reference guide
Posted inReferences

Metasploit quick reference guide

Metasploit is a widely used open-source framework designed for penetration testing, vulnerability assessment, and exploit development in the field of cybersecurity. Developed originally by H.D. Moore in 2003 and later acquired by Rapid7 in 2009, Metasploit has become a pivotal tool for both security professionals and, unfortunately, cybercriminals.
Cracking zip file passwords using John the Ripper tool.
Posted inEncryption

Cracking zip file passwords using John the Ripper tool.

John the Ripper is a widely used open-source password cracking utility designed for password security auditing and recovery. Its primary function is to test the strength of passwords by attempting to crack password hashes using various attack methods, such as brute-force, dictionary, and hybrid attacks.
Cybersecurity checklist
Posted inEncryption

ffuf (Fuzz Faster) notes

FFUF, which stands for “Fuzz Faster U Fool,” is a fast and flexible open-source web fuzzing tool written in the Go programming language. It is primarily used for discovering hidden…
Cybersecurity checklist
Posted inCheat Sheets

Windows privilege escalation checklist

System Info Obtain System information Search for kernel exploits using scripts Use Google to search for kernel exploits Use searchsploit to search for kernel exploits Interesting info in env vars? Passwords in PowerShell history? Interesting info in Internet settings? Drives? WSUS exploit?…
Cybersecurity checklist
Posted inCheat Sheets

Linux privilege escalation checklist

System Information Get OS information Check the PATH, any writable folder? Check env variables, any sensitive detail? Search for kernel exploits using scripts (DirtyCow?) Check if the sudo version is vulnerable Dmesg signature verification failed More system enum (date, system stats,…