Notes*
Eğer ms08-67 exploiti var olmasına rağmen exploit edilemiyorsa veya encoding hatası alınırsa payloadı değiştir. Daha küçük payloadlar kullan. windows/shell_reverse_tcp gibi. meterpreter kullanma. payload büyük olursa metasploit "Exploit failed: No encoders encoded the buffer successfully." hatasını verir.
**Eğer administrator hesabı pasif ise STATUS_USER_SESSION_DELETED hatası verilir
Enable RDP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
netsh advfirewall firewall set rule group="remote desktop" new enable=YesUser Yoksa:
ERROR: Failed to open connection - NT_STATUS_LOGON_FAILURE
User ve ama yetki yoksa ERROR:
Cannot connect to svcctl pipe. NT_STATUS_ACCESS_DENIED.
exploitin başarılı olması için IPC$ paylaşımına erişmesi lazım.
"You just need access to the IPC$ share, not a named pipe."
Disable Firewall
XP:
netsh firewall set opmode mode=DISABLE
New Windows Ver:
netsh advfirewall set allprofiles state offCompile C code to exe in Linux
ShellShock
Find writable files for user: find / -writable -type f 2>/dev/null | grep -v ^/proc
Find files which have stickey bit on /bin/find / -perm -4001 -type f 2>/dev/null
shellshock
Add diretory to PATH
Samba version
64 Bit c and c++ compile in Linux
ssh user enumeration
udev 2.6
If /etc/passwd is writable;
then;
root is gained!
writable file and directory
Last updated
Was this helpful?