scripts and key wordlists used for OSCP/PWK
- Basic Active Directory Attacks
- Machine Enumeration Checklist
- Basic PrivEsc
- if you have SeImpersonatePrivilege from
whoami /privs- use Potato/PrintSpoofer - Windows PrivEsc Checklist
- Linux PrivEsc Checklist
- if you have SeImpersonatePrivilege from
- one-liners
- Tools Transfer
Advanced Active Directory Reference
-
nmap -p-, -sU, -sV, -A
--script vuln
-
Onesixtyone, enum4linux,
FTP?
-
Nikto, gobuster, curl, Burp if needed
-
FTP, LFI, SQLi/Union, OR OS Inject
OR shitty webapp exploit - view pagesource
-
Shell
-
Root
-
Screenshot proof with ifconfig