resources-post.md

Post Exploitation Resources

Local Privilege Escalation

Guides

• Linux
  • g0tmi1k
• Windows
  • Windows Privilege Escalation Fundamentals

Tools

• WinPwn (S3cur3Th1sSh1t)
• PEAS (carlospolop)
• PrivEscCheck (itm4n)
• linuxprivescchecker
  • http://www.securitysift.com/download/linuxprivchecker.py
  • https://gist.github.com/sh1n0b1/e2e1a5f63fbec3706123
• LinEnum
• linux local enumeration script
• linux exploit suggestor
• unix privesc check (pentestmonkey)
• PEAS
• linux smart enumeration

Misc

• pspy - linux process monitoring
• Windows File Type Manager
• PrintSpoofer blog post
  • alternatives: {hot,juicy}Potato, RoguePotato, SweetPotato, zcgonvh/EfsPotato
• Hwacha (linux ssh swiss army knife)
• sshgobrute (static binary for ssh brute)
• recipeforroot.com

Living Off the Land

• Linux (gtfobins)
• Windows (lolbas)
• UACME
  • Defeating Windows User Account Control

Leveraging Password Hashes

• Practical Usage of NTLM Hashes
• Dumping Domain Password Hashes (pentestlab.blog)

Post Pivot Resources

"A tarball containing a statically linked copy of nmap and all its scripts that you can upload and run on any box is very useful for this. The various nfs-* and especially smb-* scripts nmap has will be extremely useful." - Phineas Fisher

Guides

• practical guide to NTML relaying
• No PSExec Needed
• pedantic guide to pivoting - part 1
• Offensive Lateral Movement (SpecterOps)
• WMI Persistence (fireeye)

port forwarding / proxies

• ssh remote/local
• Red Teamer's Pivoting Guide
• SCANNING EFFECTIVELY THROUGH A SOCKS PIVOT WITH NMAP AND PROXYCHAINS
• dynamic port forwarding
• nmap + tor + proxychains

Tips & Tricks

• the-hackers-choice (thc) favourite tips, tricks, and hacks