Wolf Information Security and Penetration Testing

WORKFLOWS

Exploit Workflow

This document will be a living document on how to exploit a vulnerable host. The reason this will be a living document is because technology is ever changing, and so should you be!

How to work through a vulnerable host

Scan for vulnerabilities

We’re searching for vulnerabilities in the host, applications, and information leakage.

☐ nmap Scanning
☐ GoBuster
☐ Ping Scanning
☐ Google Dorking

Determine Versions

After gathering information about the host and applications, we need to determine what versions they have.

☐ Banner Grabbing
☐ netcat/telnet
☐ Shodan and Censys
☐ Inspect headers
☐ Throw intentional errors

Find Exploits

Find exploits for identified versions and software on host

☐ searchsploit
☐ exploit-db
☐ Google
☐ Shodan

Craft Payload

Create malicious payload through identified exploit. Allows further exploitation through reverse shells or similar exploitation routes.

☐ msfvenom
☐ searchsploit

Execute Payload

Execute the payload we made, there can be some very interesting and creative ways to achieve this, so keep at it!

☐ Invoke-Command
☐ runas
☐ sudo
Establish Persistence

Ensure that our exploits will stay persistent on the host

☐ service take overs
☐ cron jobs
☐ startup scripts

Escalate Privs

Move from a foothold to root! (I AM GROOT!… oh wait, that should be ROOT!)
☐ get-process
☐ PowerUp.ps1 (Powershell escalation)
☐ LinEnum.sh
☐ LinPEAS
☐ WinPEAS
☐ suid/guid
☐ sudo -l

Exfiltrate Data

Steal the data on the host!
☐ Invoke-WebRequest
☐ iwr
☐ curl

☐ Use your imagination, the possibilities are endless!