Blog on Advance InfoSec Concepts
Basic LFI In the following examples, we include the /etc/passwd file, check the Directory & Path Traversal chapter for more interesting files. http://example.com/index.php?page=../../../etc/passwd Null byte ⚠️ In versions of PHP
Commands can be sent to the web-shell using various methods, with HTTP POST request being the most common. However, hackers are not exactly people who
A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application.
This blog is largely forked from the g0tmi1k’s blog https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/ Thanks, G0tm1lk for your amazing contribution to the industry. Operating System What’s the distribution type? What
In this blog, we will discuss detailed commands to escalate the privileges and find the user access to the files and folders. Scheduled tasks Cron
In this blog, we will discuss about different Linux privilege escalation techniques & Methodologies. Tools LinuxSmartEnumeration – Linux enumeration tools for pentesting and CTFswget “https://raw.githubusercontent.com/diego-treitos/linux-smart-enumeration/master/lse.sh”
Searchsploit an exploit search tool by Offensive Security, Unix Ninja & G0tmi1k. It allows you to take a copy of Exploit Database with you. SearchSploit
This blog will focus on port forwarding concepts. Here are some methods we will follow in this blog : – socat windows Netsh SSH proxychains
This is a detailed cheat sheet of How to take the reverse shell via various methods. Here is the list of methods:- Bash TCP BASH
If you have a limited shell that has access to some programs using the command sudo you might be able to escalate your privileges. here I