From 357658371f718329daa24a9d344264bf8fe93145 Mon Sep 17 00:00:00 2001 From: Swissky <12152583+swisskyrepo@users.noreply.github.com> Date: Sun, 6 Oct 2019 20:59:58 +0200 Subject: [PATCH] SSRF URL for Google Cloud --- Methodology and Resources/Windows - Privilege Escalation.md | 5 ++++- Server Side Request Forgery/README.md | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/Methodology and Resources/Windows - Privilege Escalation.md b/Methodology and Resources/Windows - Privilege Escalation.md index 8205602..bf2b67c 100644 --- a/Methodology and Resources/Windows - Privilege Escalation.md +++ b/Methodology and Resources/Windows - Privilege Escalation.md @@ -543,6 +543,8 @@ The Microsoft Windows Unquoted Service Path Enumeration Vulnerability. All Windo ```powershell wmic service get name,displayname,pathname,startmode |findstr /i "Auto" |findstr /i /v "C:\Windows\\" |findstr /i /v """ +wmic service get name,displayname,startmode,pathname | findstr /i /v "C:\Windows\\" |findstr /i /v """ + gwmi -class Win32_Service -Property Name, DisplayName, PathName, StartMode | Where {$_.StartMode -eq "Auto" -and $_.PathName -notlike "C:\Windows*" -and $_.PathName -notlike '"*'} | select PathName,DisplayName,Name ``` @@ -869,4 +871,5 @@ python2 send_and_execute.py 10.0.0.1 revshell.exe * [Pentestlab.blog - WPE-12 - Insecure Registry Permissions](https://pentestlab.blog/2017/03/31/insecure-registry-permissions/) * [Pentestlab.blog - WPE-13 - Intel SYSRET](https://pentestlab.blog/2017/06/14/intel-sysret/) * [Alternative methods of becoming SYSTEM - 20th November 2017 - Adam Chester @_xpn_](https://blog.xpnsec.com/becoming-system/) -* [Living Off The Land Binaries and Scripts (and now also Libraries)](https://github.com/LOLBAS-Project/LOLBAS) \ No newline at end of file +* [Living Off The Land Binaries and Scripts (and now also Libraries)](https://github.com/LOLBAS-Project/LOLBAS) +* [Common Windows Misconfiguration: Services - 2018-09-23 - @am0nsec](https://amonsec.net/2018/09/23/Common-Windows-Misconfiguration-Services.html) \ No newline at end of file diff --git a/Server Side Request Forgery/README.md b/Server Side Request Forgery/README.md index 0318356..20a8878 100644 --- a/Server Side Request Forgery/README.md +++ b/Server Side Request Forgery/README.md @@ -455,6 +455,8 @@ Docs: https://docs.aws.amazon.com/lambda/latest/dg/runtimes-api.html#runtimes-ap ### SSRF URL for Google Cloud +:warning: Google is shutting down support for usage of the **v1 metadata service** on January 15. + Requires the header "Metadata-Flavor: Google" or "X-Google-Metadata-Request: True" ```powershell