42 lines
1.3 KiB
Markdown
42 lines
1.3 KiB
Markdown
|
|
|||
|
|
## Top Commands
|
|||
|
|
|
|||
|
|
Windows Exploit Suggester
|
|||
|
|
```Terminal
|
|||
|
|
#Windows Machine
|
|||
|
|
- Run systeminfo on the windows machine
|
|||
|
|
|
|||
|
|
#Linux Machine
|
|||
|
|
- Copy all the data result and create a .txt document with all the information in it
|
|||
|
|
- Run ./windows-exploit-suggester.py --update ---> Create a fresh database of new exploits
|
|||
|
|
- Run ./windows-exploit-suggester.py -i DATA-FOUND.TXT -d DATABASE.xlm
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- https://github.com/AonCyberLabs/Windows-Exploit-Suggester
|
|||
|
|
|
|||
|
|
|
|||
|
|
WES-NG (Windows Exploit Suggester - Next Generation)
|
|||
|
|
```Terminal
|
|||
|
|
#Linux
|
|||
|
|
wes.py --update
|
|||
|
|
|
|||
|
|
#Windows Machine
|
|||
|
|
systeminfo
|
|||
|
|
|
|||
|
|
#Linux
|
|||
|
|
wes.py systeminfo.txt
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
- https://github.com/bitsadmin/wesng
|
|||
|
|
|
|||
|
|
Info
|
|||
|
|
Some exploit suggesting scripts (e.g. winPEAS) will require you to upload them to the target system and run them there. This may cause antivirus software to detect and delete them. To avoid making unnecessary noise that can attract attention, you may prefer to use WES-NG, which will run on your attacking machine (e.g. Kali or TryHackMe AttackBox).
|
|||
|
|
|
|||
|
|
|
|||
|
|
Metasploit
|
|||
|
|
```MSFconsole
|
|||
|
|
multi/recon/local_exploit_suggester
|
|||
|
|
```
|
|||
|
|
|
|||
|
|
Info
|
|||
|
|
If you already have a Meterpreter shell on the target system, you can use the `multi/recon/local_exploit_suggester` module to list vulnerabilities that may affect the target system and allow you to elevate your privileges on the target system.
|