The Nen-Book
  • Whoami
  • Write-ups
    • Intigriti 1337Up 2024
      • Intigriti 1337Up 2024-CTF OSINT Challenges
      • Intigriti 1337Up Live 2024-CTF Web Challenges
    • CyCTF Quals 2024
      • OSINT Challenges CyCTF Quals 2024
      • Old Friend OSINT Challenge CyCTF 2024 Quals Writeup
    • PicoCTF
      • PicoCTF 2024 Web Exploitation Challenges
      • PicoCTF 2024 General Skills Challenges
      • PicoCTF 2021 Web Exploitation Challenges Walkthrough
      • PicoCTF 2019 Web Exploitation Challenges
  • πŸ•ΈοΈWeb_AppSec πŸ•ΈοΈ
    • Web_Recon
    • ATO
    • Backend_Technology_Tips
    • XSS
    • SSRF
    • CSRF
    • XXE
    • SSTI
    • Insecure_Deserialization
    • Open_Redirects
    • Information_Disclosures
    • Rate_Limiting
    • Clickjacking
    • Broken Access Control & IDORS
    • Bash_Scripting
    • Authentication_Vulnerabilities
    • App_Logic_Errors
  • πŸ“ΊNetwork_Pentesting πŸ“Ί
    • Scanning & Enumeration
    • Active_Directory
      • AD_Overview_&_ Lab Build
      • AD_Initial_Attack_Vectors
      • AD_Post-Compromise_Enumeration
      • AD_Post-Compromise_Attacks
    • Buffer_Overflow_Attacks
    • Web_Applications
    • Privilege_Escalation
  • 🌩️Cloud_Security 🌩️
    • AWS Pentesting
  • 🀡APISec 🀡
    • API_Recon
    • Broken_Access_Control & Info_Leaks
  • πŸ”¬Code_Review πŸ”¬
    • Source_Code_Review_101
    • Code Review Tools
  • 🐝Bug_Bounty 🐝
    • Picking_A_BugBounty_Program
    • Writing_A_Good_Report
  • πŸ“‘Purple Teaming & MITRE ATT&CK πŸ“‘
    • Introducing the ATT&CK Framework
    • MITRE Engenuity
    • Threat-Informed Defense
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Network_Pentesting πŸ“Ί

Privilege_Escalation

PreviousWeb_ApplicationsNextAWS Pentesting

Last updated 19 days ago

first thing we need know which user we are currently using by commands: whoami and net user to get more details(Windows ) and on linux we can use id command for more details or reading passwd file

cat /etc/passwd

then we need know which machine we are on and what it can do so we can check it’s name by hostname command in both linux and Windows

but we need more info about the OS and Kernal so we will use systeminfo(Windows) command what concern us here is (OS Name,OS Version,System Type)

systeminfo

in Linux use uname -a

uname -a
or 
cat /etc/issue

Network Enum

Ok so now we know some info about the OS then we start to look for running processes in order to find any process that u can deal with and at the same it uses higher privileges on Windows :

tasklist /svc

it shows u the procesess that are running on the same account not the higher priv

on linux :

ps aux

since we control a machine in internal network we need to scan the network for new interesting hosts or ports and perform pivoting

in windows :

ipconfig /all
route print
netstat -ano

in linux:

for Open Ports:

ss -anp

Firewall Enum

πŸ“Ί
  • Network Enum
  • Firewall Enum
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled
Untitled