xct's notes
Search…
Introduction
Red Team
Active Directory
Host Enum
Payloads
Passwords
Privilege Escalation
Evasion & Bypasses
Concepts & Research
Binary Exploitation
Web
Cloud
Mobile
Hardware
Crypto
Templates
Misc
DNS
Rsync
Kiosk Breakout
Redis
Linux Race
Stego
Mail
LDAP
Git
Electron
OpenBSD
Docker
Checklist Boot2Root
Linux Snippets
Memcache
Web Remote Desktop
Networking
C2 Setup
Tools
Other
Blue Team
Active Directory
Malware Analysis
SIEM
Misc
Labs
Keys & Signing
Language & Framwork Specifics
Misc
HackTheBox
Crossfit
Luanne
APT
Attended
Delivery
Cereal
Powered By GitBook
Linux Snippets

Get capabilities

1
/sbin/getcap -r / 2>/dev/null
Copied!

Get suid binaries

1
find / -perm -u=s -type f 2>/dev/null
Copied!

Check sudo configuration

1
sudo -l
2
cat /etc/sudoers
Copied!

Check open files on linux

1
fuser <filename>
2
lsof <filename>
Copied!

Check for unmounted disks on linux

1
ls /dev
Copied!

Bash port scan

1
for p in {1..65535}; do echo hi > /dev/tcp/<ip>/$p && echo port $p is open > scan 2>/dev/null; done
Copied!

Using gateway finder to detect rogue gateways

1
arp-scan -l | tee <name>.txt
2
python gateway-finder.py -f arp.txt -i <public ip>
Copied!

Mount vmdk file

1
modprobe nbd
2
qemu-nbd -r -c /dev/nbd2 <name>.vmdk
3
mount /dev/nbd1p1 /mnt
Copied!

Find files by date

1
find / -newermt "<start-date>" ! -newermt '<end-date>' 2>/dev/null
Copied!

Get proper tty on shell

1
# stty method
2
python -c "import pty; pty.spawn('/bin/bash')"
3
ctrl+z
4
stty raw -echo
5
fg
6
<enter>
7
<enter>
8
# rlwrap method
9
rlwrap <command>
Copied!

Get Apt History

1
gunzip -dc history.log.1.gz | less #from /var/log/apt
Copied!
Previous
Checklist Boot2Root
Next
Memcache
Last modified 1yr ago
Copy link
Contents
Get capabilities
Get suid binaries
Check sudo configuration
Check open files on linux
Check for unmounted disks on linux
Bash port scan
Using gateway finder to detect rogue gateways
Mount vmdk file
Find files by date
Get proper tty on shell
Get Apt History