OSCP Day 15

 

 

 

 

Fixing Exploits

File Transfers

Antivirus Evasion

Privilege Escalation

 

 

 

OS별 기본 정보 수집 커맨드 :

 

1) Enumerating Users, Hostname, Operating System Version and Architecture :
Linux : whoami ; id ; hostnmame ; uname -a ; cat /etc/`*-release ; cat /etc/issue ; cat /proc/version; /etc/passwd
Windo : whoami ; net user ; net user student


2) Enumerating Running Processes and Services : 
Linux : ps axu ; ps -ef ; ps -eo command ;
WIndo : tasklist /SVC


3) Enumerating Networking Information : 
Linux : ip a ; ifconfig ; /sbin/route ; netstat(ss) -anp 
windo : ipconfig /all && route print && netstat -ano


4) Enumerating Firewall Status and Rules :
Linux : grep -Hs iptables /etc/`* ; cat /etc/iptables-backup
Windo : netsh advfirewall show currentprofile && netsh advfirewall firewall show rule name=all


5) Enumerating Schedule Tasks : 
Linux : ls -lah /etc/cron* ; cat /etc/crontab 
Windo : schtasks /query /fo LIST /v


6) Enumerating Installed Application and patch Levels :
Linux : dpkg -l(debian) ; rmp -l(redhat)
Windo : wmic product get name, version, vendor && wmic qfe get Caption, Description, HotFixID, InstalledOn


7) Enumerating Readable/Writable Files and Directories :
Linux : find / -writable -type d 2>/dev/null
Windo : c:\Tools\privilege_escalation\SysinternalsSuite>accesschk.exe -uws "Everyone"
"C:\Program Files" 
or powershell
PS C:\Tools\privilege_escalation\SysinternalsSuite>Get-ChildItem "C:\Program Files" -
Recurse | Get-ACL | ?{$_.AccessToString -match "Everyone\sAllow\s\sModify"}


8) Enumerating Unmounted Disks :
Linux : mount ; cat /etc/fstab ; lsblk
windo : mountvol


9) Enumerating Device Drivers and Kernel Modules :
Linux : lsmod ; 찾으면 /sbin/modinfo libata(대상)
Windo : c:\Users\student>powershell
PS C:\> driverquery.exe /v /fo csv | ConvertFrom-CSV | Select-Object
‘Display Name’, ‘Start Mode’, Path

Get-WmiObject Win32_PnPSignedDriver | Select-Object DeviceName,
DriverVersion, Manufacturer | Where-Object {$_.DeviceName -like "*VMware*"}


10) Enumerating Binaries That AutoElevate :
Linux : find / -perm -u=s -type f 2>/dev/null
Windo : 아래의 AlwaysInstallElevated 값이 0x1로 되어 있으면 모든 사용자는 상승된 권한으로 
윈도우스 인스톨 패키지 실행이 가능함.
reg query HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Installer
reg query HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Installer