Scan for vulnerabilities

We're searching for vulnerabilities in the host, application, or information leakage.

• NMAP scanning

• vhost enumeration

• Gobuster

• Ping scanning

• Google Dorking

Determine Versions

After gathering information about the host and applications, we need to determine what versions they have.

• Banner grabbing

• netcat / telnet

• Shodan and Censys

• Inspect headers

• Throw intentional errors

Find Exploits

Find exploits for identified versions and software on host

• searchsploit

• exploit-db

• Google

• Shodan

Craft Payload

Create malicious payload through identified exploit. Allows further exploitation through reverse shells or other similar exploitation routes.

• msfvenom

• searchsploit

Execute Payload

Execute the payload we made, there can be some very interesting and creative ways to achieve this!

• Invoke-Command

• runas

• sudo

Establish Persistence

Ensure that our exploits will stay persistent on the host

• service takeovers

• cron jobs

• startup scripts

Escalate Privileges

Move from a foothold to root!

• get-process

• PowerUp.ps1

• LinEnum.sh

• LinPEAS

• WinPEAS

• suid/guid

• sudo -l

Exfiltrate Data

Steal the data on the host!

• Invoke-WebRequest

  • iwr

• curl

• Imagination!!