Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2025-02-16 14:08:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 2 pages modified

Browse source
This commit is contained in:
CPol 2020-07-27 15:27:48 +00:00 committed by gitbook-bot
parent 8963530f84
commit a08335ec2c
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pentesting/9200-pentesting-elasticsearch.md
View file

@ -117,6 +117,8 @@ If you want just to **search on an index** you can just **specify** it on the **
_Note that the q parameter used to search content **supports regular expressions**_
You can also use something like [https://github.com/misalabs/horuz](https://github.com/misalabs/horuz) to fuzz an elasticsearch service.
### Write permissions
You can check your write permissions trying to create a new document inside a new index running something like the following:

4
windows/windows-local-privilege-escalation/README.md
View file

@ -974,6 +974,10 @@ If you want to read an example of [**how to go from high integrity to System usi
If you manages to **hijack a dll** being **loaded** by a **process** running as **SYSTEM** you will be able to execute arbitrary code with those permissions. Therefore Dll Hijacking is also useful to this kind of privilege escalation, and, moreover, if far **more easy to achieve from a high integrity process** as it will have **write permissions** on the folders used to load dlls.
**You can** [**learn more about Dll hijacking here**](dll-hijacking.md)**.**
### **From Administrator or Network Service to System**
\*\*\*\*[**https://github.com/sailay1996/RpcSsImpersonator**](https://github.com/sailay1996/RpcSsImpersonator)\*\*\*\*
## More help
[Static impacket binaries](https://github.com/ropnop/impacket_static_binaries)