Skip to content

Instantly share code, notes, and snippets.

View ZacFran's full-sized avatar

ZacFran

View GitHub Profile
@ZacFran
ZacFran / Master_Test_notes.md
Last active August 16, 2023 11:40

RECON PHASE

Ping Sweep Scripts

LINUX

for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;done

Windows

for /L %i in (1,1,255) do @ping -n 1 -w 200 192.168.1.%i > nul && echo 192.168.1.%i is up
@ZacFran
ZacFran / Dry_Run.md
Last active August 15, 2023 23:37

Box one

  • Nmap Scan first box
  • Run nmap scripts
  • check for robots.txt
  • SSH tunnel to web port

IN the browser

Enum all files!!!!

FILE TO Read - dircetory triverl

  • etc/passwd -take not of users
  • etc/host - network enum
@ZacFran
ZacFran / Linux_Privileges_Escalation.md
Created August 9, 2023 14:13

Notes

  • Enumaeration for Privilege Escalation
    | tools to find weak sudo permissions, vulnerable suid/sgid executables, impoperly configured cron jobs, vulnerable services, and kernel exploits
  • Sudo
    | The switch user command "su" can be used to change user context, and can be used to become the superuser (root) in order to perform system administration
  • SUID/SGID | Allow users to preoform privileged actions.

Insecure Permissions

  • Cron Jobs | The Linux version of schedule tasks, give users the ability to run commands/scripts at specified times.
@ZacFran
ZacFran / Windows_Privilege_Escalation.md
Created August 8, 2023 14:19

Notes

Identify and perform privilege escalation and integrity-level elevation

  • AutoElevate executables
    | Some core windows executables are able to auto-elevate to higher integrity level

      (Get-Command calc.exe).Path
  sigcheck -m C:\WINDOWS\system32\calc.exe

  • Scheduled Tasks
    | vulnerable scheduled tasks will have a "Run as User" or "Task to Run"

@ZacFran
ZacFran / Post_Exploitation.md
Created August 7, 2023 13:43

Notes

SSH Keys
SSH keys are asymetric(public/private) key pairs that can be used to authenticate a user to a system in combination with or to replace the use of a password
If you are able to find a users private ssh key it can potentially be used to gain access to other systems

Using Stolen SSH Keys

Bring private key to your own box

@ZacFran
ZacFran / Reverse_Engineering.md
Created August 1, 2023 13:24
@ZacFran
ZacFran / Web_Exploitation.md
Last active August 15, 2023 21:44

Notes

  • Hyper-Text Transfer Protocol
    HTTP methods
    Response Codes
    HTTP Fields
wget -r -l2 -P /tmp ftp://ftpserver/
wget --save-cookies cookies.txt --keep-session-cookies --post-data 'user=1&password=2' https://website
wget --load-cookies cookies.txt -p https://website/interesting/article.php
@ZacFran
ZacFran / Penetration_Testing.md
Last active August 14, 2023 17:04

Notes

phase 1: Mission Definition

  • Define mission goals and targets
  • Define the Rules of engagement

phase 2: Recon

  • Gather publicy availble inforamtion.

@ZacFran
ZacFran / Network_filtering.md
Created July 19, 2023 13:22

Notes

  • Blocking types of data within a network

Block-lists

  • White-list
    explicitly specify the "good" traffic
    Blocks the rest
  • Black-lists
    Explicity specify the "bad" traffic
    Rest allowed

Intrusion Systems

@ZacFran
ZacFran / network_analysis.md
Last active August 11, 2023 12:40

Notes

Fingerprinting

  • identification of a remote system

POF

  • a command line tool with will identify the type of system and browser.

Traffic Baselining

  • Snapshot of network traffic over a given amount of time.

Network data types