Gotcha, just realized that. Ill fix it
That one is pretty amazing too. I used it for the OSCP labs a couple times.
Hey guys,
I have created this tool: https://github.com/operatorequals/gatheros
just to cope with Info Gathering in team environments (CTFs, etc).
There is also a blog post that describes its usage.
This topic was automatically closed after 30 days. New replies are no longer allowed.
Necrobumping this because it’s a really good article.
Anybody got any more thoughts on this? Do we have any new methods?
This can be good if cronjobs are presents, checking for new processes
#!/bin/bash
IFS=$'\n'
old=$(ps -eo command)
while true; do
new=$(ps -eo command)
diff <(echo "$old") <(echo "$new")
sleep 1
old=$new
done
Neat! I am new to the thinking methodology, and your article sounded like “Information Gathering” is a serious topic for concern. Gotta save this for now, thanks John!
A while back I stumbled across a great enumeration script that hits most of the points brought up here. Take a look at https://github.com/rebootuser/LinEnum. This is the first thing I try to run on a fresh low-priv shell.
Linuxprivchecker could also be a good alternative to traditionnal tools. I revamped the original one to make it works with all python versions.
Hope it helps,
Best,
Nitrax
That’s fucking awesome. Thanks man
Thanks, great info !
Jake William’s Wild West Hacking Fest 2018 talk “Privilege Escalation FTW” was relased a week ago, it has some good stuff too (Linux and Windows) :
Just found this, too:
If you’re looking for WIndows privesc, this is nice.
pspy does this in a more efficient way for not really-hardened boxes
for CTF/boot2root, i also check file time using “user.txt” as a reference
Yo! Nice tut (?), but just curious if there’s a possibility for another one except for windows? Just a thought.
Also, I might put some of these commands in a bash script for automation of prosperity.
Again, awesome tut! This will be helpful for HTB. ~Cheers!
–Techno Forg–
Some more stuff to check for
Check for accidental passwords typed after unsuccessful sudo
cat ~/.bash_history | grep -A5 sudo
Check for open tmux
sessions (possibly logged into root shells)
tmux ls
Find writable files / dirs outside of your home directory
find / -writable -type f -o -writable -type d 2>/dev/null | grep -Ev "^(/proc|/home/user|/tmp)"
Check home directories of other users for readable files:
find /home | grep -Ev "^/home/user"
Find files that were modified in the last 10min (useful to spot funky stuff going on)
find / -mmin -10 2>/dev/null | grep -Ev "^/proc"
- Check mounts
- Grab banners for local ports (using
nc
or other methods) - Read
crontab
job files and look for crappy backup scripts - Read service configuration (Especially httpd)
- Scroll over
ps -ef
output and check for passwords passed as command-line arguments
I don’t know why, but this blew my mind. Nice!
This topic was automatically closed after 39 days. New replies are no longer allowed.