Offensive Tips

Intro

Offensive Tips, Exploits
Git: https://gitlab.com/charles.gargasson/offensivetips
https://media.giphy.com/media/l46C6sdSa5DVSJnLG/giphy.gif
Same project idea
- https://book.hacktricks.xyz/
- https://github.com/swisskyrepo/PayloadsAllTheThings
- https://mal-hiboux.gitlab.io/howl-to/

Methodology

New Target

  • Port scan

New Service

  • Search for service version

  • Search related OS info

  • Search for exploit

New Website

  • Check URLs for other vhosts

  • Scan dirs (wfuzz/fuff/dirb/gobuster)

  • Check requests with ZAP/Burp, especialy on user inputs and forms

New Credentials

  • Try it everywhere and with differents protocols (rdp,ssh,smb)

  • Try password mutation (usr1_srv => usr2_srv)

New System Account

  • Run enumeration scripts

  • Look for sudo entries and check them on https://gtfobins.github.io/

  • Search for files ( ~/home and find / -user $(whoami) 2>/dev/null )