-
Notifications
You must be signed in to change notification settings - Fork 32
Developer notes
g0tmi1k edited this page Jul 11, 2012
·
10 revisions
-> http://g0tmi1k.blogspot.co.uk/2011/08/basic-linux-privilege-escalation.html
-> http://pentestmonkey.net/tools/audit/unix-privesc-check
-> export HISTFILE=/dev/null
-> *cough*base64*cough*
-> Client (powershell)
-> Server (Commands)
-> Create a while loop to forever connect back to attacker (every 5 mins?)
-> Tested a few backdoors methonds out - need to finish testing the rest ASAP
-> ...Like Metasploit
-> Able to handle 'reverse' connections too (e.g. an alternative netcat)
-> Enable 'Tab Complete' on commands
-> Log all commands entered (e.g. @history to file)
-> Log the display to a file (e.g. |tee to file)
-> "refresh" the commands which are displayed in the banner
-> Interesting files (e.g. "@enum history")
-> Inject BeEF
-> Install PHP code page (thus PHP meterpeter) <- "@enum writable" if we have permission
-> Web Proxy - get to internal network? (http://laudanum.inguardians.com)