Introduction
Related tools
- Nmap
- Metasploit
- Exploit Database Website
- enum4linux, SMB share enumeration
Key concepts
- Enumeration
- Port scanning
nmap -sC -sV
- SMB shares
smbclient -L target_ip
- FTP server
- WinRM
- Port scanning
- Gaining access
- Web shell
- Privillege escalation
- Restricted shell
- Usually done with rbash
- Look for binaries you can execute and check its functionalities to see if you can take advantage of anything
- Permission
- Check binaries for SUID permission bit
- Kernel explits
- Restricted shell