Outils d'utilisateurs
oscp_survival_guide
Différences
Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
|
oscp_survival_guide [2021/02/06 22:26] M0N5T3R [EDIT: Useful and fast exploit Cheat sheet :] |
oscp_survival_guide [2025/01/28 19:42] (Version actuelle) M0N5T3R |
||
|---|---|---|---|
| Ligne 2721: | Ligne 2721: | ||
| - | ====== EDIT: Useful and fast exploit Cheat sheet : ====== | + | ====== EDIT: Useful and fast exploit - Cheat sheet : ====== |
| **Port 22 - SSH** | **Port 22 - SSH** | ||
| Ligne 2925: | Ligne 2925: | ||
| - | **LDAP - 389,636** | + | **Port 389,636 - LDAP ** |
| <code>ldapsearch -h 10.11.1.111 -p 389 -x -b "dc=mywebsite,dc=com" | <code>ldapsearch -h 10.11.1.111 -p 389 -x -b "dc=mywebsite,dc=com" | ||
| ldapsearch -x -h 10.11.1.111 -D 'DOMAIN\user' -w 'hash-password' | ldapsearch -x -h 10.11.1.111 -D 'DOMAIN\user' -w 'hash-password' | ||
| Ligne 2932: | Ligne 2932: | ||
| </code> | </code> | ||
| - | **HTTPS - 443** | + | **Port 443 - HTTPS** |
| <code>Read the actual SSL CERT to: | <code>Read the actual SSL CERT to: | ||
| find out potential correct vhost to GET | find out potential correct vhost to GET | ||
| Ligne 2941: | Ligne 2941: | ||
| nmap -sV --script=ssl-heartbleed 10.1.10.111 | nmap -sV --script=ssl-heartbleed 10.1.10.111 | ||
| mod_ssl,OpenSSL version Openfuck | mod_ssl,OpenSSL version Openfuck | ||
| - | <code> | + | </code> |
| - | **500 - ISAKMP IKE** | + | |
| + | **Port 500 - ISAKMP IKE** | ||
| <code>ike-scan 10.11.1.111</code> | <code>ike-scan 10.11.1.111</code> | ||
| - | **513 - Rlogin** | + | **Port 513 - Rlogin** |
| <code>apt install rsh-client | <code>apt install rsh-client | ||
| rlogin -l root 10.11.1.111 | rlogin -l root 10.11.1.111 | ||
| </code> | </code> | ||
| - | **541 - FortiNet SSLVPN** | + | **Port 541 - FortiNet SSLVPN** |
| <code>https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/ | <code>https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/ | ||
| </code> | </code> | ||
| - | **1433 - MSSQL** | + | **Port 1433 - MSSQL** |
| <code>nmap -p 1433 -sU --script=ms-sql-info.nse 10.11.1.111 | <code>nmap -p 1433 -sU --script=ms-sql-info.nse 10.11.1.111 | ||
| use auxiliary/scanner/mssql/mssql_ping | use auxiliary/scanner/mssql/mssql_ping | ||
| Ligne 2988: | Ligne 2989: | ||
| mount -t 10.11.1.111:/ /tmp/NFS | mount -t 10.11.1.111:/ /tmp/NFS | ||
| </code> | </code> | ||
| + | |||
| + | |||
| **Port 2100 - Oracle XML DB** | **Port 2100 - Oracle XML DB** | ||
| <code>Default passwords https://docs.oracle.com/cd/B10501_01/win.920/a95490/username.htm | <code>Default passwords https://docs.oracle.com/cd/B10501_01/win.920/a95490/username.htm | ||
| </code> | </code> | ||
| + | |||
| + | |||
| **Port 3306 - MySQL** | **Port 3306 - MySQL** | ||
| <code>nmap --script=mysql-databases.nse,mysql-empty-password.nse,mysql-enum.nse,mysql-info.nse,mysql-variables.nse,mysql-vuln-cve2012-2122.nse 10.11.1.111 -p 3306 | <code>nmap --script=mysql-databases.nse,mysql-empty-password.nse,mysql-enum.nse,mysql-info.nse,mysql-variables.nse,mysql-vuln-cve2012-2122.nse 10.11.1.111 -p 3306 | ||
| Ligne 2997: | Ligne 3002: | ||
| https://www.adampalmer.me/iodigitalsec/2013/08/13/mysql-root-to-system-root-with-udf-for-windows-and-linux/ | https://www.adampalmer.me/iodigitalsec/2013/08/13/mysql-root-to-system-root-with-udf-for-windows-and-linux/ | ||
| </code> | </code> | ||
| + | |||
| + | |||
| **Port 3389 - RDP** | **Port 3389 - RDP** | ||
| <code> | <code> | ||
| Ligne 3020: | Ligne 3027: | ||
| - | **WinRM - 5985** | + | **Port 5985 - WinRM ** |
| <code>https://github.com/Hackplayers/evil-winrm | <code>https://github.com/Hackplayers/evil-winrm | ||
| gem install evil-winrm | gem install evil-winrm | ||
| Ligne 3029: | Ligne 3036: | ||
| - | **Redis - 6379** | + | **Port 6379 - Redis ** |
| <code>https://github.com/Avinash-acid/Redis-Server-Exploit | <code>https://github.com/Avinash-acid/Redis-Server-Exploit | ||
| python redis.py 10.10.10.160 redis | python redis.py 10.10.10.160 redis | ||
| Ligne 3035: | Ligne 3042: | ||
| - | **MsDeploy - 8172** | + | **Port 8172 - MsDeploy ** |
| <code>Microsoft IIS Deploy port | <code>Microsoft IIS Deploy port | ||
| IP:8172/msdeploy.axd | IP:8172/msdeploy.axd | ||
| Ligne 3294: | Ligne 3301: | ||
| - | **Get full shell on jail shelle** | + | **Get full shell on jail shell** |
| <code> | <code> | ||
| python -c “import pty;pty.spawn(‘/bin/sh’);” | python -c “import pty;pty.spawn(‘/bin/sh’);” | ||
| echo ‘os.system(‘/bin/bash’)’ | echo ‘os.system(‘/bin/bash’)’ | ||
| perl -e ‘exec “/bin/sh”;’ | perl -e ‘exec “/bin/sh”;’ | ||
| + | /bin/sh -i | ||
| + | /bin/bash -i | ||
| </code> | </code> | ||
| Ligne 3317: | Ligne 3326: | ||
| - | ** note template** | + | **Note template** |
| <code> | <code> | ||
| To work fast use CherryTree to take notes and use this template : | To work fast use CherryTree to take notes and use this template : | ||
oscp_survival_guide.1612646813.txt.gz · Dernière modification: 2021/02/06 22:26 par M0N5T3R
Outils de la Page
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
