-
Notifications
You must be signed in to change notification settings - Fork 32
Developer notes
g0tmi1k edited this page Sep 19, 2012
·
10 revisions
-> @enum software (checks to see what is installed. E.g. gcc, nc, python, perl, ruby, mysql etc)
-> @enum php (checks to php settings, e.g. safe mode enabled)
-> @enum password (search www-root for "passw{,or}d(| |\t)=(| |\t)('|")*('|")")
-> @enum wordpress (could be any "known" web app - settings and functions from that)
-> @enum ip (have fun fun stuff with ipv6)
-> http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html
-> http://pentestmonkey.net/tools/audit/unix-privesc-check
-> export HISTFILE=/dev/null
-> *cough*base64*cough*
-> Client (Powershell)
-> Server (Commands)
-> Reverse connection (Commands)
-> Theme (C:\ instead of <user>@<path>)
-> Create a while loop to forever connect back to attacker (every 5 mins?)
-> Tested a few backdoors methonds out - need to finish testing the rest ASAP
-> ...Like Metasploit
-> Support "cookie" method
-> LFI to shell
-> Enable 'Tab Complete' on commands
-> Log all commands entered (e.g. @history to file)
-> Log the display to a file (e.g. |tee to file)
-> "refresh" the commands which are displayed in the banner
-> Interesting files (e.g. "@enum history")
-> Inject BeEF
-> Install PHP code page (thus PHP meterpeter) <- "@enum writable" if we have permission
-> Web Proxy - get to internal network? (http://laudanum.inguardians.com)
-> MySQL