Menu
Spawning a TTY: https://netsec.ws/?p=337
Privilege Escalation https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
0 Comments
gobuster dir -u <IP Address> -w <Wordlist> -e -s "200,301,302,401" -t 100
Python 3.8
import os os.setuid(0) os.system("/bin/bash") “If you know the enemy and know yourself, your victory will not stand in doubt.”
- Art of War, Sun Tzu taught. Threat Intelligence is the key for Blue Team while Reconnaissance is the key for the success of the Red Team. Tools for getting the publicly available information of the Target. This will not trigger/alert the target. Common tools: - whois - nslookup #whois: Most of the Unix/Linux will have the whois client by default. whois search will give you information about the registrar, nameservers etc. commmand: whois <domainname> #nslookup command: nslookup -type=<> <domainname> 1.1.1.1 Type a or A - ipv4 aaaa or AAAA -ipv6 mx or MX for mailserver txt or TXT for txt file server 1.1.1.1 - cloudflare 8.8.8.8 - google Nmap is an amazing tools used by Red and Blue teamer for offensive and defensive purposes.To run the Nmap command you'll need a target machine or a list of target machines.
- Used at the recon stage. - Most command command is nmap -sV -sC <target ip-address> * this command is too noisy.
Script: ports=$(nmap -p- --min-rate=1000 -Pn -T4 <IP ADDRESS> | grep '^[0-9]' | cut -d '/' -f 1| tr '\n' ',' | sed s/,$//) nmap -p$ports-Pn-sC-sV <IP ADDRESS> |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |