Offensive Tips

Intro

Offensive Tips, Exploits

Git: https://gitlab.com/charles.gargasson/offensivetips

Sources ❤️ :

- https://book.hacktricks.xyz/

- https://www.ired.team/

- https://www.thehacker.recipes/

- https://github.com/swisskyrepo/PayloadsAllTheThings

- https://beta.hackndo.com/

- https://mayfly277.github.io/

- https://byt3bl33d3r.github.io/

- https://0xdf.gitlab.io/

Methodology

The “did you try ?” list

New Target

• Full TCP port scan

• Check for SNMP

New Service

• Search for service version, and google it !! (service xxx v1.2.3 exploit git cve poc)

• Search related OS info, ALWAYS try to ask google for kernel version exploit !!

New Website

• Check URLs for other vhosts

• Scan dirs (wfuzz/fuff/dirb/gobuster)

• Check requests with ZAP/Burp, especialy on user inputs and forms

• Default passwords

New Credentials

• Try it everywhere and with differents protocols (rdp,ssh,smb,rpc,winrm)

• Try password mutation (usr1_srv => usr2_srv)

New System Account

• Run enumeration scripts (linpeas/winpeas)

• Look for sudo entries and check them on https://gtfobins.github.io/

• ALWAYS check services path for secrets (ex : /var/www/html)