CTF commands and files

CTF Linux
Created At :
Count:330 Views 👀 :
  1. Revers shell
    1. Python
    2. Shell
  2. Spawn tty
  3. Python server
  4. Enumeration
    1. running process
    2. linenum
    3. Unix privesc
    4. Linprivchecker.py
    5. Websites
    6. Commands
  5. Privesc
  6. directory traversal

Revers shell

Python

https://docs.j7k6.org/wordpress-malicious-plugin-reverse-shell-metasploit/

Shell

https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php

Spawn tty

https://netsec.ws/?p=337

python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl —e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')
(From within IRB)
exec "/bin/sh"
(From within vi)
:!bash
(From within vi)
:set shell=/bin/bash:shell
(From within nmap)
!sh

Python server

python -m SimpleHTTPServer 80

Enumeration

running process

https://github.com/DominicBreuker/pspy/releases/tag/v1.2.0

linenum

https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

Unix privesc

https://pentestmonkey.net/tools/audit/unix-privesc-check

Linprivchecker.py

https://github.com/reider-roque/linpostexp/blob/master/linprivchecker.py

Websites

https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_-_linux.html'

Commands

cat /home/*/.bash_his*   
cat /etc/passwd

Privesc

sudo -l
find / -perm -u=s -type f 2>/dev/null
find / -user root -perm -4000 -print 2>/dev/null
find / -user root -perm -4000 -exec ls -ldb {} \;
find . -perm /4000 
find . -perm /2000 
find . -perm /6000

directory traversal

https://www.netspi.com/blog/technical/web-application-penetration-testing/directory-traversal-file-inclusion-proc-file-system/

/proc/sched_debug
/proc/mounts
/proc/net/arp
/proc/net/route
/proc/net/tcp and /proc/net/udp
/proc/net/fib_trie
/proc/version
/proc/[PID]/cmdline
/proc/[PID]/environ
/proc/[PID]/cwd
/proc/[PID]/fd/[#]

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme