Linux capabilities - setuid + read / Docker group privesc

2019-02-26 17:24:10 +01:00
parent abb81aba7e
commit a58a8113d1
6 changed files with 75 additions and 23 deletions
--- a/Resources/Active
+++ b/Resources/Active
@@ -493,6 +493,10 @@ You need a shell on a user account with a mailbox.
    python secretsdump.py xxxxxxxxxx -just-dc
    ```

+Alternatively you can use the Metasploit module 
+
+[`use auxiliary/scanner/http/exchange_web_server_pushsubscription`](https://github.com/rapid7/metasploit-framework/pull/11420)
+
 ## Privilege Escalation

 ### PrivEsc Local Admin - Token Impersonation (RottenPotato)