Resources

System Info Obtain System information Search for kernel exploits using scripts Use Google to search for kernel exploits Use searchsploit to search for kernel exploits Interesting info in env vars? Passwords in PowerShell history? Interesting info in Internet settings? Drives? WSUS exploit?…

System Information Get OS information Check the PATH, any writable folder? Check env variables, any sensitive detail? Search for kernel exploits using scripts (DirtyCow?) Check if the sudo version is vulnerable Dmesg signature verification failed More system enum (date, system stats,…

A bind shell is a type of remote access shell in which the target (or victim) machine opens a specific network port and listens for incoming connections. Once this port is open, an attacker can connect to it from a remote location and gain command-line access to the target system, allowing them to execute commands as if they were physically present at the machine.

A reverse shell is a technique used to gain remote command-line access to a computer, typically as part of a cyberattack. Unlike a traditional remote shell (or “bind shell”), where an attacker connects directly to a target system that is listening for incoming connections, a reverse shell works by having the victim’s machine initiate an outbound connection to the attacker’s computer. This reversal of roles is what gives the technique its name.

Disable auditing Grab password file Create and "adminkit" Enumerate server information Enumerate secrets of LSA Dump Registry info Use Nltest Pilfer the box Add an administrator account Grab a remote…