Attack Vectors I SAW

These are all the attack vectors I saw in lab exercises & challenges!!

Web Attack Vectors / Foothold vectors

  1. SQL Injection (Mainly MS SQL server based)

  2. SMB - web root - file upload exploitation

  3. Apache vulnerability - SSH key disclosure via directory traversal

  4. Vulnerable CMS version running

  5. Vulnerable service running on NMAP with RCE available (google everything from NMAP)

  6. CMS with default credentials

  7. Phishing attack on potential emails with - Link Libraries or Macro Word/Excel

  8. Kerberoasting & AS-REP Roasting

  9. Netcat into unknown port & run "help" or "version" & exploit it

  10. /.git exploitation (git log & git show <commit>)

  11. NetNTLM v2 exfiltrating with Responder & cracking it

  12. SNMP (Port 161, 162,.. - UDP) exploitation

Linux PrivEsc

  1. SUID exploitation - doas, screen-4.5.0, etc.

  2. Sudo v1.8.31 PrivEsc

  3. Cross use of SSH keys

  4. Localhost Port with an interesting service

  5. PsPy process hunting

  6. zip cracking and exfiltrating creds

  7. Kernel Exploitation - DirtyPipe

Windows PrivEsc

  1. SeImpersonate Privilege

  2. Localhost Port with an interesting service

  3. Modifiable Service

  4. Scheduled tasks (some were unknown ones where blindly exploited by replacing binary)

  5. DLL Hijacking

  6. Creds in registeries of services like PuTTY, etc.

Lateral Movement

  1. Credentials Spraying on services like - SMB, WINRM, RDP, SSH, FTP

  2. SAM & SYSTEM files from Windows backup

  3. Sql_svc exploit via impacket-mssqlclient.py

Post Exploitation

  1. *.kdbx, *.txt, *.ps1 files containing credentials

  2. Mimikatz - 5 main commands

  3. Hidden files containing creds

PreviousTroubleshooting Reverse ShellNextEXAM ATTEMPT TO-DO

Last updated