handbook/tools/0.Bookmark/Exploit-Workflow.md

72 lines
1.4 KiB
Markdown
Raw Normal View History

2024-08-30 23:07:22 +00:00
## How to work through a vulnerable host
#### Scan for vulnerabilities
We're searching for vulnerabilities in the host, application, or information leakage.
- NMAP scanning
- vhost enumeration
- Gobuster
- Ping scanning
- Google Dorking
---
#### Determine Versions
After gathering information about the host and applications, we need to determine what versions they have.
- Banner grabbing
- netcat / telnet
- Shodan and Censys
- Inspect headers
- Throw intentional errors
---
#### Find Exploits
Find exploits for identified versions and software on host
- searchsploit
- exploit-db
- Google
- Shodan
---
#### Craft Payload
Create malicious payload through identified exploit. Allows further exploitation through reverse shells or other similar exploitation routes.
- msfvenom
- searchsploit
---
#### Execute Payload
Execute the payload we made, there can be some very interesting and creative ways to achieve this!
- Invoke-Command
- runas
- sudo
---
#### Establish Persistence
Ensure that our exploits will stay persistent on the host
- service takeovers
- cron jobs
- startup scripts
---
#### Escalate Privileges
Move from a foothold to root!
- get-process
- PowerUp.ps1
- LinEnum.sh
- LinPEAS
- WinPEAS
- suid/guid
- sudo -l
---
#### Exfiltrate Data
Steal the data on the host!
- Invoke-WebRequest
- iwr
- curl
- Imagination!!