OSCP Notes
Search…
Post Exploitation methodology
Post-exploitation refers to any actions taken after a session is opened.
Some of the actions you can take in an open session include:
    Collect System Information (Run script or manual find)
    Pivot
    Run Meterpreter Modules
    Search the File System

Linux Privilege Escalation Checklist

    Kernel Exploit (Use script)
    Exploiting services which are running as root netstat -antup and ps -aux | grep root
    Exploiting SUID Executables
    Exploiting SUDO rights/user
    Exploiting badly configured cron jobs
    Exploiting users with ‘.’ in their PATH

Linux script

Windows script

1
windows-exploit-suggestor.py
2
3
windows_privesc_check.py
4
5
windows-privesc-check2.exe
Copied!

See Linux Post exploitation command line

Things to look for

    Miss-configured services (cronjobs)
    any running as a privileged user?
    Incorrect file permissions (exportfs, sudo)
    Miss-configured environment ($PATH)
    Binary with SUID bit
    Software or OS with known vulnerabilities

SUDO

Can you su to root without a password?
1
su root
Copied!
Are you a sudo user already? Do you have access to powerful commands like chown or chmod?
1
sudo su -
Copied!
Log in as another user''
1
sudo -i -u <username>
Copied!

Privilege Escalation using SUID Binaries

Grep hardcoded passwords

1
grep -i user [filename]
2
grep -i pass [filename]
3
grep -C 5 "password" [filename]
4
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"
Copied!
Last modified 1yr ago