Tag Archives: infosec

removable disk could lead to privilege escalation

privilege escalation Linux with flash disk

removable media with setUID, setGID files could give privilege escalation
example copy nice command to ur flash storage and ask ur friend to print files in his system then run the command
nice like

it will say root

the problem occurs from a mounted partition without noexec,nosuid parameter

enjoy ur automount

and

happy hacking 😉

nmap cheat sheet

nmap scan sheet cheat 😀

Host Discovery

arp scan

Stealth Scan

 

Idle Scan

 

Version Scan

Continue reading

port forward & pivoting with meterpreter

Let’s assume u attacked machine with 2 nic cards

our IP is 10.0.0.5

first, one ip is 10.0.0.10 that you reach it from

and in ifconfig shows, the machine has a different  IP 10.0.2.30

you can scan the network 10.0.2.x via meterpreter

arp_scan

we can connect to the RDP server of the machine 10.0.2.30

via adding a route from out local port 9389 to the machine 10.0.2.30:3389

Continue reading

MetaSploit Payload to Executable EXE

Continue reading

bruteforce ftp files and folders

sometimes if the listing not working we need to brute force files and folders

here is a simple python script to brute-force folders

FTP brute force files

note this script will try to download files in your dictionary attack

so recommend to run it inside tmp folder

 

TrueCrypt Password bruteforce

hello, guys, this  script will simply mount the container

with the password form the given password list

 

Files Encrypt with GPG

GPG = Gnu Privacy Guard

To secure file from unauthorised access with the password in Linux/Unix is very simple method 🙂

lets assume we have a secure file with some financials stuff called orders.xls

and we want to email it to our partners  and we  want to get sure just he is the only one will be able to read it

first we will encrypt the file with password

gpg -c orders.xls

it will create a file orders.xls.gpg   this file that will be sent to our partners

notice the gig extension in the end of the file

this file will be only decrypted if  our partners enter the correct password

decrypt the file with password