Skip to main content

Posts

Showing posts from June, 2019

Learn Buffer Over Flow From Links

SLmail Explanation Finding Bad Characters with Immunity Debugger & Mona.py OSCP BOF Explanation FTP Buffer Overflow BOF -- Different kinds 0xrick Win32 BOF Exploitation 1) Complete pwk Buffer Over Flow 2) Buffer OverFlow Exploit Code - Examples HTB 1) Process Memory Explained 2) Linux Buffer Overflow Intro     Buffer Overflow Part II     Buffer Overflow III 3) PWK/OSCP – Stack Buffer Overflow Practice – vortex's blog 4) Exploit writing tutorial part 1 : Stack Based Overflows | Corelan Team 5) Simple Buffer Overflows 6) 32-Bit Windows Buffer Overflows Made Easy – VeteranSec 7) dostackbufferoverflowgood 8) OSCP Prep / Buffer Overflow 9) Unreal IRCD Exploit Explained 10) Exploit-db Simple Buffer Overflow Paper 11) 64-bit Binary ROP Exploitation Buffer Over Flow - HTB Discussion Video 1 Application

Windows Priv Escallation

1.     Windows Privilege Escalation Commands  _ new 2.     Transferring Files to Windows 3.    Priv Esc Commands 4.    Priv Esc Guide  5.    Payload All the Things --> great Coverage 6.    WinRM -- Windows Priv Esc    7. Newb Guide - Windows Pentest    8. Kerberos Attacks Explained     9. How to Attack Kerberos 101    Use PowerSploit/PrivEsc/Powerup.ps1 to find some potential info check for Non-windows processes in windows using netstat Step 1: Check net user and admin and user rights Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1. Step 3: Try to get Meterpreter. Step 4: Load mimikatz ,try bypass UAC , check SAM SYSTEM etc. Step 5: check for weird programs and registry. Step 6: If the box is Domain Controller - Enum - Enum SMB Users/Ldap Users/ Blood Hound - GUI AD Enum & Kerberos Enum - Bruteforce   Atacking AD with LDAP & kerberos      Step 7: Got Creds - try psexec.py or crackm