Update readme.md

pull/375/head
WWVB 2019-03-26 08:57:48 -04:00 committed by GitHub
parent d31b0174b7
commit fa33a23a72
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 11 deletions

View File

@ -6,19 +6,18 @@
## Description
## Target = Unlocked Linux machine (only tested on Ubuntu 18.04 LTS)
Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
###Base install of OS, plus OPENSSH-SERVER & NET-TOOLS (if NET-TOOLS is not installed, the route command will not return data [noting major])
## Loot = Contents of ~/$USER/.ssh folder (pub/priv RSA keys, known_hosts, etc..)
whoami
ip addr
route -n
/etc/passwd
/etc/shadow (on the off chance you get a root terminal)
uname -a
### whoami
### ip addr
### route -n
### /etc/passwd
### /etc/shadow (on the off chance you get a root terminal)
### uname -a
Two opportunites for persistence are injected:
Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job
added that calls it on a schedule (aka Call Me Later)
###Two opportunites for persistence are injected:
###Attacker's RSA key is added to ~/$USER/.ssh/authorized_keys (aka I'll Call You)
###Reverse_TCP shell script is dropped in the ~/$USER/.config folder and a CRON job added that calls it on a schedule (aka Call Me Later)
## Configuration = HID STORAGE