(Linux) privilege escalation is all about: Collect - Enumeration, more enumeration and some more enumeration. Process - Sort through data, analyse and prioritisation. Search - Know what to search for and where to find the exploit code. Adapt - Custom…

Index What is SUDO? Scenario. Sudoer FIle Syntax. Exploiting SUDO zip tar strace tcpdump nmap scp except nano & pico git ftp/gdb What is SUDO ?? The SUDO(Substitute User and Do) command, allows users to delegate privileges resources proceeding activi…

Privilege Escalation Download the Basic-pentesting vitualmation from the following website: https://www.vulnhub.com/entry/basic-pentesting-1,216/ 1.Scan the target server using nmap. nmap -Pn -sS --stats-every 3m --max-scan-delay --defeat-rst-ratelim…

catalog . 程序功能概述 . 感染文件 . 前置知识 . 获取ROOT权限: Linux Kernel <= - Local Privilege Escalation 1. 程序功能概述 . 得到root权限 . 感染文件 . 进行破坏 Relevant Link: https://github.com/karottc/linux-virus 2. 感染文件 该病毒采取感染.C源代码文件的方式进行传播感染,即在每个被感染的源代码的主函数中插入恶意函数的调用,以及在文件的其他位置插入恶意逻…

目录 . How To Start A System Level Attack . Remote Access Attack . Local Access Attack . After Get Root Shell 1. how to start a system level attack 对系统层面的攻击,即包括我们常说的提权,也包括很多其他维度的攻击方式,为了完成这个目标,我们需要对目标系统上可能存在的弱点做些明智的猜测,这个过程就是"弱点映射(vulnerability mapping)&…

In this blog post we'll go over a Linux kernel privilege escalation vulnerability I discovered which enables arbitrary code execution within the kernel. The vulnerability affected all devices based on Qualcomm chipsets (that is, based on the "msm&quo…

/**  * CVE-2014-4014 Linux Kernel Local Privilege Escalation PoC  *  * Vitaly Nikolenko  * http://hashcrack.org  *  * Usage: ./poc [file_path]  *  * where file_path is the file on which you want to set the sgid bit  */ #define _GNU_SOURCE #include <s…

/* * FreeBSD 9.0 Intel SYSRET Kernel Privilege Escalation exploit * Author by CurcolHekerLink * * This exploit based on open source project, I can make it open source too. Right? * * If you blaming me for open sourcing this exploit, you can fuck your…

Windows: DfMarshal Unsafe Unmarshaling Elevation of Privilege (Master) Platform: Windows (not tested earlier, although code looks similar on Win8+) Class: Elevation of Privilege Note, this is the master issue report for the DfMarshal unmarshaler. I’m…

# Exploit Title: Memu Play - Privilege Escalation (PoC) # Date: // # Author: Alejandra Sánchez # Vendor Homepage: https://www.memuplay.com/ # Software Link: https://www.memuplay.com/download-en.php?file_name=Memu-Setup&from=official_release # Version…

本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负! // PoC exploit for /dev/cpu/*/msr, 32bit userland on a 64bit host // can do whatever in the commented area, re-enable module support, etc // requires CONFIG_X86_MSR and just uid 0 // a small race exists between the…

/* Anonymous * * How to use: sudo rm -rf / * * greetz: djrbliss, kad, Ac1dB1tch3z, nVidia! * * Only complete fix patch nvidia drivers and redefine * IS_BLACKLISTED_REG_OFFSET: #define IS_BLACKLISTED_REG_OFFSET(nv, offset, length) 1 */ #define _GNU_SO…

Source: http://joystick.artificialstudios.org/2014/10/mac-os-x-local-privilege-escalation.html Nowadays, exploitation of user-level vulnerabilities is becoming more and more difficult, because of the widespread diffusion of several protection methods…

Here I will list some parameters which people use very ofen, I will attach the output of the command with one parameters as well. 1.   Create a new user:useradd Parameter:                                                                               …

1. useradd  解释:添加新用户,在/etc/password文件中添加一行记录. 参数: -g    用于添加账户时指定该账户的私有组,如果不指定-g参数,useradd命令会自动创建与该用户同名的组名作为该账户的私有组 -G    用于添加附属组 -D    用于显示或设置useradd命令所使用的默认值 -d    指定用户主目录,如果目录不存在,则同时使用-m来创建主目录 -m    使用者目录若不存在,则自动创建 -u    指定用户的用户号,如果同时有-o选项,则可重复使用其…

https://github.com/bidord/pykek ms14-068.py Exploits MS14-680 vulnerability on an un-patched domain controler of an Active Directory domain to get a Kerberos ticket for an existing domain user account with the privileges of the following domain group…

Windows: XmlDocument Insecure Sharing Elevation of Privilege Platform: Windows (almost certainly earlier versions as well). Class: Elevation of Privilege Security Boundary (per Windows Security Service Criteria): AppContainer Sandbox Summary: A numbe…

墙外通道:http://bits-please.blogspot.com/2016/01/android-privilege-escalation-to.html In this blog post we'll go over two vulnerabilities I discovered which, when combined, enable arbitrary code execution within the "mediaserver" process from any co…

#include "stdafx.h" #include <Windows.h> #include "resource.h" void DropResource(const wchar_t* rsrcName, const wchar_t* filePath) { HMODULE hMod = GetModuleHandle(NULL); HRSRC res = FindResource(hMod, MAKEINTRESOURCE(IDR_DATA1),…

MS05-018 MS05-018 Works for Windows 2K SP3/4 | Windows XP SP1/2 Download ms05-018.exe: https://github.com/xiaoxiaoleo/windows_pentest_tools/tree/master/%E6%8F%90%E6%9D%83%E5%B7%A5%E5%85%B7/windows%E6%8F%90%E6%9D%83%E5%B7%A5%E5%85%B7/MS05018%E2%80%94C…

英文原文: Basic Linux Privilege Escalation 在开始之前,我想指出 - 我不是专家. 据我所知,在这个巨大的领域没有一个“魔法”的答案. 这只是我的发现,写出来,共享而已(是我的起点). 下面列举的项中会出现几个不同命令,都是做同样的事,在不同的场景使用可能会有不一样的亮点.我知道有更多的东西有待探索, 这只是一个基本和粗略的指导. 并不是每个命令都适用于每个系统,因为Linux版本之间有很大的不同. "It" will not jump off the…

英文原文: Basic Linux Privilege Escalation 在开始之前,我想指出 - 我不是专家. 据我所知,在这个巨大的领域没有一个“魔法”的答案. 这只是我的发现,写出来,共享而已(是我的起点). 下面列举的项中会出现几个不同命令,都是做同样的事,在不同的场景使用可能会有不一样的亮点.我知道有更多的东西有待探索, 这只是一个基本和粗略的指导. 并不是每个命令都适用于每个系统,因为Linux版本之间有很大的不同. "It" will not jump off the…

日期:2019-08-02 10:53:52 更新:2019-08-19 15:48:01 作者:Bay0net 介绍:中间件.套件等等敏感信息,做个记录. 0x01. 基本信息 遇到文件包含.任意文件下载等漏洞的时候,可以结合这篇文章,进行下一步攻击. 0x02.配置文件 查找文件 如果能够命令执行,直接使用查找命令吧... Linux 相关: # 查找文件 find / -name filename.ext # 全盘查找含有 flag 的文件 grep flag -r / Windows 相…

http://f4l13n5n0w.github.io/blog/2015/05/05/jing-yan-fen-xiang-oscp-shen-tou-ce-shi-ren-zheng/ “120天的旅程即将结束,以一场历时24小时没有选择题的考试,收获屠龙路上第一座里程碑.…” 这是我通过OSCP认证考试时,第一时间的感受.自豪和欣喜之情不亚于2008年我拿下CCIE R&S的时候. 关于 PWK (Pentesting with Kali Linux) 和OSCP (Offensive S…

Before starting, I would like to point out - I'm no expert. As far as I know, there isn't a "magic" answer, in this huge area. This is simply my finding, typed up, to be shared (my starting point). Below is a mixture of commands to do the same t…

来自:https://www.securitysift.com/download/linuxprivchecker.py #!/usr/env python ############################################################################################################### ## [Title]: linuxprivchecker.py -- a Linux Privilege Escala…

http://blog.includesecurity.com/2014/03/exploit-CVE-2014-0038-x32-recvmmsg-kernel-vulnerablity.html On January 31st 2014 a post appeared on oss-seclist [1] describing a bug in the Linux kernel implementation of the x32 recvmmsg syscall that could pot…

BlackArch-Tools 简介 安装在ArchLinux之上添加存储库从blackarch存储库安装工具替代安装方法BlackArch Linux Complete Tools List 简介 BlackArch Linux是针对渗透测试人员和安全研究人员的基于Arch Linux的渗透测试分发版.BlackArch Linux预装有上千种专用工具以用于渗透测试和计算机取证分析.BlackArch Linux与现有的Arch安装兼容.您可以单独或成组安装工具.https://blackar…

Kioptrix Level 1.1 Walkthrough Preparation: Download the virtual machine  from the following website: https://www.vulnhub.com/entry/kioptrix-level-11-2,23/ The target server: Kioptirx Level 1.1(#2) 1. Discover the IP address of the target server. We…

准备工作 在vulnhub官网下载lampiao靶机Lampião: 1 ~ VulnHub 导入到vmware,设置成NAT模式 打开kali准备进行渗透(ip:192.168.200.6) 信息收集 利用nmap进行ip端口探测 nmap -sS 192.168.200.6/24 探测到ip为192.168.200.18的靶机,开放了80端口和22端口 再用nmap对所有端口进行探测,确保没有别的遗漏信息 nmap -sV -p- 192.168.200.18 还有一个1898端口也是htt…