removable disk could lead to privilege escalation

privilege escalation linux with flash disk

removable media with setUID , setGID files could gives privilege escalation
example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command
nice like

it will say root

problem occurs from mounted partition without noexec,nosuid parameter

enjoy ur automount

and

happy hacking 😉

nmap cheat sheet

nmap scan sheet cheat 😀

Host Discovery

arp scan

Stealth Scan

 

Idle Scan

 

Version Scan

Continue reading nmap cheat sheet

port forward & pivoting with meterpreter

Lets assume u attacked machine with 2 nic cards

our ip is 10.0.0.5

first one ip is 10.0.0.10 that you reach it from

and in ifconfig shows the machine has a different   ip 10.0.2.30

you can scan the network 10.0.2.x via meterpreter

arp_scan

we can connect to the rdp server of the machine 10.0.2.30

via adding route from out localport 9389 to the machine 10.0.2.30:3389

Continue reading port forward & pivoting with meterpreter

MetaSploit Payload to Executable EXE

Continue reading MetaSploit Payload to Executable EXE

bruteforce ftp files and folders

sometimes if the listing not working we need to brute force files and folders

here is a simple python script to bruteforce folders

ftp bruteforce files

note this script will try to download files in ur dictionary attack

so recommend to run it inside tmp folder

 

Get Environment Variable memory Address

some time u put the shellcode inside  the environment and u will need the address of it to build ur payload

here is a simple C code to get the address

 

 

TrueCrypt Password bruteforce

hello guys this  script will simply will mount the container

with password form the given password list

 

Files Encrypt with GPG

GPG = Gnu Privacy Guard

To secure file from unauthorised  access with password in linux/unix is very simple method 🙂

lets assume we have a secure file with some financials stuff called orders.xls

and we want to email it to our partners  and we  want to get sure just he is the only one will be able to read it

first we will encrypt the file with password

gpg -c orders.xls

it will create a file orders.xls.gpg   this file that will be sent to our patenter

notice the gig extension in the end of the file

this file will be only decrypted if  our patenter enter the correct password

decrypt the file with password