Hacking

Priviledge Escalation Hunting – Scheduled Tasks and Scripts

TLDR: If you have been hunting for privescs before you will know it’s normally not a fast task, you will have a shed ton of data to look at. Sure WINPEAS is good but it’s not a silver bullet.

Here is a really small script which focuses on system administration files/scripts, scheduled tasks and scheduled task history to help you hunt for weaknesses:

Read more “Priviledge Escalation Hunting – Scheduled Tasks and Scripts”
Education

Deploy a mini Pentester Lab with Docker

I build VM labs. Lots of them, but I tend to go full machines. I was checking out the new TCM web app course the other day (honestly i’ll write a review if I get time to finish it!) and it’s built around using docker for DVWA and OWASP JUICE SHOP so I figured I should write a quick blog about how to deploy these so people can get started learning in minutes.

Now here we have:

  • DVWA
  • JUICESHOP
  • METASPLOITABLE

but you don’t have to stop there, i’m sure there’s others you can use as well!

This isn’t an exhaustive guide, but it will get the docker instances up and running.

Docker Pull DVWA
Read more “Deploy a mini Pentester Lab with Docker”
Copyright (c) Xservus Limited