SecuriTree

Windows Security
- Post-exploitation
  - Network Tunneling
    (Ligolo-ng, Chisel)
  - Reverse Shell
  - System Manipulation
  - File Transfer
- Lateral Movement
  - Common Problems
    - Double Hop
    - Remote UAC
  - Techniques
    - Access Token Manipulation
      (RunAs, RunasCs)
    - Pass-the-Ticket (Kerberos)
      (Rubeus, getTGT)
  - Technologies
    - MS-RPC
      - MS-DCOM
      - MS-RRP
      - MS-SCMR
        (PsExec, SmbExec, ScExec)
      - MS-TSCH
      - MS-WMI
        (WmiExec)
    - RDP
    - WinRM
      (winrs, PS Remoting)
- Domain Privesc
  - ACL Abuse
  - AD Delegation Abuse
    - Constrained Delegation
    - Resource-Based Constrained Delegation
    - Unconstrained Delegation
  - AS-Rep Roasting
  - Certificate Service Abuse
  - Credentials Dump
    - DCSync
    - LSASS Memory
    - Local SAM
    - Windows Vault
  - Group Policies
  - Information to steal
    (files, logs, processes, ...)
  - Kerberoasting
  - Local Admin Hunting
  - MSSQL Abuse
  - NTLM Hash Stealing
  - NTLM Relay
  - Password Spraying
  - RDP Hijacking
  - Tasks and Services Abuse
- Reconnaissance
  - Active Directory
  - DNS
  - LDAP
  - NetBIOS
  - NFS
  - Port Scanning
  - RPC
  - SMB
  - SMTP
  - SNMP

#Windows Security #Reconnaissance #NFS

Recon of Network File System (2049)

# List RPC services (NFS included)
rpcinfo -p $ip
 
# Metasploit
scanner/nfs/nfsmount
 
# Automated scan
nmap --script nfs-ls,nfs-showmount,nfs-statfs -p445 $ip
 
# List NFS shares
showmount -e $ip 
 
# Mount NFS share to the local filesystem
mount -t nfs $ip:/$share $dest_dir

Children

NFS