Outils d'utilisateurs
privilege_escalation
Différences
Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
|
privilege_escalation [2024/02/09 19:16] M0N5T3R |
privilege_escalation [2024/06/04 12:02] (Version actuelle) M0N5T3R |
||
|---|---|---|---|
| Ligne 1: | Ligne 1: | ||
| {{ :privesc.jpg?nolink&1600 |}} | {{ :privesc.jpg?nolink&1600 |}} | ||
| + | ====== MacOs ====== | ||
| - | ====== active directory ====== | + | https://www.ns-echo.com/posts/cve_2023_33298.html |
| - | https://github.com/CravateRouge/bloodyAD | + | |
| - | https://github.com/antonioCoco/RemotePotato0 | + | ====== docker ====== |
| + | https://flast101.github.io/docker-privesc/ | ||
| + | https://github.com/stealthcopter/deepce | ||
| + | |||
| + | |||
| + | ====== active directory ====== | ||
| + | https://github.com/CravateRouge/bloodyAD | ||
| + | https://github.com/antonioCoco/RemotePotato0 | ||
| + | https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 | ||
| + | https://github.com/Dec0ne/KrbRelayUp | ||
| + | https://github.com/GhostPack/Certify | ||
| + | https://github.com/mandiant/ADFSDump | ||
| Ligne 42: | Ligne 53: | ||
| - | * WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS | + | * WINPEAS : WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS |
| + | * WindowsEnum :A Powershell Privilege Escalation Enumeration Script.z | ||
| + | https://github.com/absolomb/WindowsEnum | ||
| * Watson 2.0 : Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809 --- Server 2016 & 2019 https://github.com/rasta-mouse/Watson | * Watson 2.0 : Windows 10 1507, 1511, 1607, 1703, 1709, 1803, 1809 --- Server 2016 & 2019 https://github.com/rasta-mouse/Watson | ||
| Ligne 59: | Ligne 72: | ||
| * https://github.com/enjoiz/Privesc | * https://github.com/enjoiz/Privesc | ||
| * https://github.com/GhostPack/Seatbelt | * https://github.com/GhostPack/Seatbelt | ||
| + | * https://github.com/knight0x07/ImpulsiveDLLHijack | ||
| + | * https://github.com/PowerShellMafia/PowerSploit/blob/master/Exfiltration/Get-GPPPassword.ps1 | ||
| * site:exploit-db.com privilege escalation windows 7 | * site:exploit-db.com privilege escalation windows 7 | ||
| * https://github.com/abatchy17/WindowsExploits - Collection of precompiled Windows exploits | * https://github.com/abatchy17/WindowsExploits - Collection of precompiled Windows exploits | ||
| Ligne 70: | Ligne 85: | ||
| *-> post/multi/recon/local_exploit_suggester - suggests local meterpreter exploits that can be used | *-> post/multi/recon/local_exploit_suggester - suggests local meterpreter exploits that can be used | ||
| *-> post/windows/gather/enum_patches - helps to identify any missing patches | *-> post/windows/gather/enum_patches - helps to identify any missing patches | ||
| + | |||
| + | |||
| Ligne 87: | Ligne 104: | ||
| **Liste de ressources :** | **Liste de ressources :** | ||
| - | https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities | ||
| - | |||
| - | https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers | ||
| - | |||
| - | https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks | ||
| - | |||
| - | https://github.com/LordNoteworthy/windows-exploitation | ||
| - | |||
| - | https://nixhacker.com/understanding-and-exploiting-symbolic-link-in-windows/ | ||
| - | https://troopers.de/downloads/troopers19/TROOPERS19_AD_Abusing_privileged_file_operations.pdf | ||
| - | |||
| - | https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html | ||
| - | https://www.cyberark.com/resources/threat-research-blog/follow-the-link-exploiting-symbolic-links-with-ease | ||
| - | |||
| - | https://github.com/Wh04m1001?tab=repositories | ||
| - | |||
| - | https://secret.club/2020/04/23/directory-deletion-shell.html | ||
| + | https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/ | ||
| + | https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities | ||
| + | https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers | ||
| + | CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service | ||
| + | https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks | ||
| + | https://github.com/LordNoteworthy/windows-exploitation | ||
| + | https://nixhacker.com/understanding-and-exploiting-symbolic-link-in-windows/ | ||
| + | https://troopers.de/downloads/troopers19/TROOPERS19_AD_Abusing_privileged_file_operations.pdf | ||
| + | https://blog.zecops.com/research/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ | ||
| + | https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html | ||
| + | https://www.cyberark.com/resources/threat-research-blog/follow-the-link-exploiting-symbolic-links-with-ease | ||
| + | https://github.com/Wh04m1001?tab=repositories | ||
| + | https://secret.club/2020/04/23/directory-deletion-shell.html | ||
| + | https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ | ||
| **Liste de writeups** | **Liste de writeups** | ||
| - | https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows-1/ | ||
| - | |||
| - | |||
| - | https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/ | ||
| - | |||
| - | https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/ | ||
| - | https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service | + | https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows-1/ |
| + | https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/ | ||
| + | https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/ | ||
| + | https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service | ||
| ====== Linux ====== | ====== Linux ====== | ||
| Ligne 139: | Ligne 150: | ||
| **Linux Privilege Escalation using SUID Binaries** | **Linux Privilege Escalation using SUID Binaries** | ||
| https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/ | https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/ | ||
| + | |||
| + | |||
| + | |||
| + | |||
| **Escalate to root using pkexec** | **Escalate to root using pkexec** | ||
| Ligne 250: | Ligne 265: | ||
| LinPEAS - Linux Privilege Escalation Awesome Script https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS | LinPEAS - Linux Privilege Escalation Awesome Script https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS | ||
| + | Linux enumeration tools for pentesting and CTFs - https://github.com/diego-treitos/linux-smart-enumeration | ||
| **auto exploit** | **auto exploit** | ||
privilege_escalation.1707502587.txt.gz · Dernière modification: 2024/02/09 19:16 par M0N5T3R
Outils de la Page
Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
