MR X, Author At Cyber Security Research Blogs

Linux privilege Escalation methods

All Blog, Linux privilege escalation, OSCP Study material 20th November 201913th July 2021 Mr.x

What is Privilege escalation? Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight in an operating system or software applicationContinue readingLinux privilege Escalation methods

Beginner Friendly Step-by-Step Methodology for Windows Privilege Escalation

Windows-Pentesting 8th November 201910th October 2023 Mr.x

Here is a beginner-friendly Windows privilege escalation methodology. This guide assumes you are starting with a very limited shell like a web shell, Netcat reverseContinue readingBeginner Friendly Step-by-Step Methodology for Windows Privilege Escalation

Windows Attack Anatomy

Windows-Pentesting, All Blog 8th November 201913th July 2021 Mr.x

Incorrect permissions in services Find unquoted paths ClearText passwords Pass the hash AlwaysInstallElevated Port Forwarding Vulnerable drivers Kernal Exploits Automated tools Powersploit Metasploit Incognito RottenpotatoContinue readingWindows Attack Anatomy

Windows privilege escalation – part 3 | Kernal-Exploits

Windows-Pentesting 21st October 201913th July 2021 Mr.x

EoP – Kernel Exploitation List of exploits kernel : https://github.com/SecWiki/windows-kernel-exploits #Security Bulletin #KB #Description #Operating System MS17-017 　[KB4013081]　　[GDI Palette Objects Local Privilege Escalation]　　(windows 7/8) CVE-2017-8464 　[LNK Remote Code Execution Vulnerability]　　(windowsContinue readingWindows privilege escalation – part 3 | Kernal-Exploits

Local Active Directory Implementation -2

Windows-Pentesting 7th October 201913th July 2021 Mr.x

Step 20:- Once you log in to the admin account. Click on Start and then go to Administrative Tools. Then click on Active Directory UsersContinue readingLocal Active Directory Implementation -2

CHEATSHEET – LFI & RCE & WEBSHELLS

OSCP Study material, All Blog 24th September 201910th October 2023 Mr.x

Basic LFI In the following examples, we include the /etc/passwd file, check the Directory & Path Traversal chapter for more interesting files. http://example.com/index.php?page=../../../etc/passwd Null byte ⚠️ In versions of PHPContinue readingCHEATSHEET – LFI & RCE & WEBSHELLS

WebShells & Exploitation – LFI to RCE

OSCP Study material 24th September 201913th July 2021 Mr.x

Commands can be sent to the web-shell using various methods, with HTTP POST request being the most common. However, hackers are not exactly people whoContinue readingWebShells & Exploitation – LFI to RCE

Web Shells & Exploitation Fundamentals

OSCP Study material 24th September 201913th July 2021 Mr.x

A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application.Continue readingWeb Shells & Exploitation Fundamentals

Linux detailed Enumeration – Commands

OSCP Study material, Linux privilege escalation 11th September 201913th July 2021 Mr.x

This blog is largely forked from the g0tmi1k’s blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Thanks, G0tm1lk for your amazing contribution to the industry. Operating System What’s the distribution type? WhatContinue readingLinux detailed Enumeration – Commands

Linux Privilege Escalation Tools & Techniques

OSCP Study material, Linux privilege escalation 10th September 201913th July 2021 Mr.x

In this blog, we will discuss about different Linux privilege escalation techniques & Methodologies. Tools LinuxSmartEnumeration – Linux enumeration tools for pentesting and CTFswget “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh”Continue readingLinux Privilege Escalation Tools & Techniques

Author: MR X