Tag

bash

Cheat Sheets, Resources

Linux TTY Shell Cheat Sheet

Introduction

During a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:

  • More shell stability, as things like CTRL+C will no longer close down the connection.
  • Ability to use up, down, left, and right arrows to navigate through and modify commands.
  • Ability to use applications or commands that use a login prompt such as Sudo, MySQL, SSH, etc.
  • Ability to use tab-auto completion in commands.
  • Ability to view commands, output, and file contents in the same terminal size as the host machine.

This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.

Read more
May 13, 2021 | by Stefano Lanaro | Leave a comment
Guides, Linux, Privilege Escalation

Linux Privilege Escalation – Credentials Harvesting

Introduction

Linux-based operating systems and applications often store clear text, encoded or hashed credentials in files or in memory.

When gaining initial access to a Linux machine and performing privilege escalation enumeration steps, often passwords can be found through these means and they can be used to further escalate privileges.

There are various methods to harvest credentials in a Linux system in order to escalate privileges, the following ones are the most common and they are always worth a try.

Read more
March 28, 2021 | by Stefano Lanaro | Leave a comment
Cheat Sheets, Resources

Shell File Transfer Cheat Sheet

Introduction

When performing enumeration steps during a penetration test, there is often the need to transfer files to or from the victim machine, for example to run custom scripts or analyze files further in a controlled environment.

There are different techniques and tools that can be used to transfer files and depending on the target operating system and installed software these may or may not work. The purpose of this cheat sheet is to provide an exhaustive resource for transferring files using command-line interfaces.

Read more
February 5, 2021 | by Stefano Lanaro | Leave a comment