UPDATE: Excellent resource here: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
- Recon
- Find vuln
- Exploit
- Escalate
- Document it
UPDATE: Excellent resource here: https://scund00r.com/all/oscp/2018/02/25/passing-oscp.html
# NOTE: the most updated version of PowerView (http://www.harmj0y.net/blog/powershell/make-powerview-great-again/) | |
# has an updated tricks Gist at https://gist.github.com/HarmJ0y/184f9822b195c52dd50c379ed3117993 | |
# get all the groups a user is effectively a member of, 'recursing up' | |
Get-NetGroup -UserName <USER> | |
# get all the effective members of a group, 'recursing down' | |
Get-NetGroupMember -GoupName <GROUP> -Recurse | |
# get the effective set of users who can administer a server |
# | |
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
# based on the RSnake original http://ha.ckers.org/xss.html | |
# Retrieved on 2013-11-20 | |
# Much of this wildly obsolete | |
# | |
# XSS Locator 2 | |
'';!--"<XSS>=&{()} |
This is a note for myself describing various Visual Basic macros construction strategies that could be used for remote code execution via malicious Document vector. Nothing new or fancy here, just a list of techniques, tools and scripts collected in one place for a quick glimpse of an eye before setting a payload.
All of the below examples had been generated for using as a remote address: 192.168.56.101.
List:
# IMPORTANT! | |
# This gist has been transformed into a github repo | |
# You can find the most recent version there: | |
# https://github.com/Neo23x0/auditd | |
# ___ ___ __ __ | |
# / | __ ______/ (_) /_____/ / | |
# / /| |/ / / / __ / / __/ __ / | |
# / ___ / /_/ / /_/ / / /_/ /_/ / | |
# /_/ |_\__,_/\__,_/_/\__/\__,_/ |
# | |
# https://www.owasp.org/index.php/XSS_Filter_Evasion_Cheat_Sheet | |
# based on the RSnake original http://ha.ckers.org/xss.html | |
# Retrieved on 2013-11-20 | |
# Much of this wildly obsolete | |
# | |
# XSS Locator 2 | |
'';!--"<XSS>=&{()} |