提权
1 minute read
0x00 linux
1>links
1.https://www.kernel-exploits.com
2.http://hackforums.net/showthread.php?tid=3970076
3.http://exploit.linuxnote.org/
4.https://itunsecurity.wordpress.com/2015/08/16/vulnhub-com-writeup-darknet/(LinEnum.sh,linuxprivchecker.py,
unix-privesc-check)
LinEnum.sh
https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
linuxprivchecker.py
http://www.securitysift.com/download/linuxprivchecker.py
unix-privesc-check
http://pentestmonkey.net/tools/unix-privesc-check/unix-privesc-check-1.4.tar.gz
5.https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/?redirect
6.https://www.youtube.com/watch?v=XEZxUCayKxY
http://thekidsmagic.com/watch/e9tX1JvhwhM/internal-server-error-symlink-bypass-2016-by-sen-haxor
https://junookyo.blogspot.com/2013/06/bypass-symlink-on-linux-servers-by-sen-hacker.html
php中bypass symlink,bypass forbidden,bypass safe mode
7.http://bobao.360.cn/learning/detail/3267.html
8.脏牛
9.https://github.com/ngalongc/AutoLocalPrivilegeEscalation
10.http://im1gd.me/2017/03/30/linux/
2>笔记
1>linux提权时,编译exploit.c文件时必须在对方系统中编译,或者与对方系统一样的系统中编译,否则本地编译出exploit文件后
上传到对方机器运行时会出现can not execute binary file的错误
2>执行exp时出现permission denied的问题
a)exp没有+x权限,解决方法:chmod +x exp
b)没有exp中的解释器shell的执行权限,解决方法:换一个解释器
https://www.ibm.com/developerworks/cn/aix/library/au-unixerrors/
3>linux不同版本内核下载
https://www.kernel.org/pub/linux/kernel
0x01 windows
1>links
1.https://github.com/GDSSecurity/Windows-Exploit-Suggester
2.http://www.7kb.org/138.html
3.http://www.52wa.net/post-198.html
4.http://le4f.net/post/post/windows-x64-local-privilege-escalation
5.https://forum.90sec.org/forum.php?mod=viewthread&tid=9067#lastpost
6.https://github.com/PowerShellEmpire/PowerTools/tree/master/PowerUp
7.http://www.freebuf.com/articles/web/76892.html
8.https://github.com/foxglovesec/Potato
9.in meterpreter:
meterpreter>background
msf>use post/multi/recon/local_exploit_suggester
msf>show options
msf>exploit
or
meterpreter>run post/multi/recon/local_exploit_suggester
10.http://bobao.360.cn/learning/detail/3257.html
11.cobaltstrike3.6 在原来的基础上新增了elevate功能,便于提权,和 bypass uac
https://forum.90sec.org/forum.php?mod=viewthread&tid=10172
链接:http://yun.baidu.com/s/1slIqkNj 密码:rutn
12.http://ttt.sssie.com/post-60.html
13.http://bobao.360.cn/learning/detail/3439.html
14.http://im1gd.me/2017/03/30/linux/
15.https://forum.90sec.org/forum.php?mod=viewthread&tid=10604
16.https://github.com/Cyb3rWard0g/ThreatHunter-Playbook/blob/master/tactical_groups/privilege_escalation/fodhelper_bypassuac.md
利用eventvwr.exe和fodhelper.exe提权
0x02 其他
1.mysql udf高版本提权 https://blog.csdn.net/qq_36512966/article/details/79287874