提权

on under web
1 minute read

0x00 linux

1.https://www.kernel-exploits.com
2.http://hackforums.net/showthread.php?tid=3970076
3.http://exploit.linuxnote.org/
4.https://itunsecurity.wordpress.com/2015/08/16/vulnhub-com-writeup-darknet/(LinEnum.sh,linuxprivchecker.py,
  unix-privesc-check)
    LinEnum.sh
        https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
    linuxprivchecker.py
        http://www.securitysift.com/download/linuxprivchecker.py
    unix-privesc-check
        http://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz
5.https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/?redirect
6.https://www.youtube.com/watch?v=XEZxUCayKxY
    http://thekidsmagic.com/watch/e9tX1JvhwhM/internal-server-error-symlink-bypass-2016-by-sen-haxor
    https://junookyo.blogspot.com/2013/06/bypass-symlink-on-linux-servers-by-sen-hacker.html
    php中bypass symlink,bypass forbidden,bypass safe mode
7.http://bobao.360.cn/learning/detail/3267.html
8.脏牛
9.https://github.com/ngalongc/AutoLocalPrivilegeEscalation
10.http://im1gd.me/2017/03/30/linux/

2>笔记

1>linux提权时,编译exploit.c文件时必须在对方系统中编译,或者与对方系统一样的系统中编译,否则本地编译出exploit文件后
  上传到对方机器运行时会出现can not execute binary file的错误
2>执行exp时出现permission denied的问题
    a)exp没有+x权限,解决方法:chmod +x exp
    b)没有exp中的解释器shell的执行权限,解决方法:换一个解释器
    https://www.ibm.com/developerworks/cn/aix/library/au-unixerrors/
3>linux不同版本内核下载
    https://www.kernel.org/pub/linux/kernel

0x01 windows

1.https://github.com/GDSSecurity/Windows-Exploit-Suggester
2.http://www.7kb.org/138.html
3.http://www.52wa.net/post-198.html
4.http://le4f.net/post/post/windows-x64-local-privilege-escalation
5.https://forum.90sec.org/forum.php?mod=viewthread&tid=9067#lastpost
6.https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp
7.http://www.freebuf.com/articles/web/76892.html
8.https://github.com/foxglovesec/Potato
9.in meterpreter:
    meterpreter>background
    msf>use post/multi/recon/local_exploit_suggester 
    msf>show options
    msf>exploit
    or  
    meterpreter>run post/multi/recon/local_exploit_suggester
10.http://bobao.360.cn/learning/detail/3257.html
11.cobaltstrike3.6 在原来的基础上新增了elevate功能,便于提权,和 bypass uac
	https://forum.90sec.org/forum.php?mod=viewthread&tid=10172
	链接:http://yun.baidu.com/s/1slIqkNj 密码:rutn 
12.http://ttt.sssie.com/post-60.html
13.http://bobao.360.cn/learning/detail/3439.html
14.http://im1gd.me/2017/03/30/linux/
15.https://forum.90sec.org/forum.php?mod=viewthread&tid=10604
16.https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/tactical_groups/privilege_escalation/fodhelper_bypassuac.md
    利用eventvwr.exe和fodhelper.exe提权

0x02 其他

1.mysql udf高版本提权 https://blog.csdn.net/qq_36512966/article/details/79287874

web, local, exploit
home
github
archive
category