ZacFran

Notes

SSH Keys
SSH keys are asymetric(public/private) key pairs that can be used to authenticate a user to a system in combination with or to replace the use of a password
If you are able to find a users private ssh key it can potentially be used to gain access to other systems

Using Stolen SSH Keys

Bring private key to your own box

ZacFran

Notes

Identify and perform privilege escalation and integrity-level elevation

• AutoElevate executables
  | Some core windows executables are able to auto-elevate to higher integrity level

    (Get-Command calc.exe).Path
    sigcheck -m C:\WINDOWS\system32\calc.exe
  

• Scheduled Tasks
  | vulnerable scheduled tasks will have a "Run as User" or "Task to Run"

ZacFran

Notes

• Enumaeration for Privilege Escalation
  | tools to find weak sudo permissions, vulnerable suid/sgid executables, impoperly configured cron jobs, vulnerable services, and kernel exploits
• Sudo
  | The switch user command "su" can be used to change user context, and can be used to become the superuser (root) in order to perform system administration
• SUID/SGID | Allow users to preoform privileged actions.

Insecure Permissions

• Cron Jobs | The Linux version of schedule tasks, give users the ability to run commands/scripts at specified times.

ZacFran

Box one

• Nmap Scan first box
• Run nmap scripts
• check for robots.txt
• SSH tunnel to web port

IN the browser

Enum all files!!!!

FILE TO Read - dircetory triverl

• etc/passwd -take not of users
• etc/host - network enum

ZacFran

RECON PHASE

Ping Sweep Scripts

LINUX

for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;done

Windows

for /L %i in (1,1,255) do @ping -n 1 -w 200 192.168.1.%i > nul && echo 192.168.1.%i is up