AWS Configuration How to configure aws to get access to its functions: ❯ aws configure AWS Access Key ID [****************6TDC]: AQLA5M37BDN6FJP76TDCAWS Secret Access Key [****************Fo1A]: ...

Abusing dereference Reviewing the code inside we get this: #!/bin/bash file=`date +%N` /usr/bin/rm -rf /opt/backups/* /usr/bin/tar -cvf "/opt/backups/$file.tar" /var/www/app/ sha1sum "/opt/backups/...

Step 1: We first determine the SSH process ID of the user on the compromised host: ps aux |grep sshd Step 2: Determine the SSH_AUTH_SOCK environment variable for the sshd PID: grep SSH_AUTH_SOCK ...

Users actions who -a `current logged user` w <user> `info of actual logged users` whoami id last `last logged user` All User UID and GID Info for user in $(cat /etc/passwd |cut -f1 -d":"); ...

Get MySQL Version mysql –version Get sudo Version sudo -V Get Apache2 Version apache2 -v Get CouchDB Version couchdb -V Get Postgres Version psql -V List All Packages Installed and Vers...

List Inetd Services ls -al /etc/init.d/ List xinetd Services ls -al /etc/xinetd.d/ Contents of Xinetd services cat /etc/xinetd.d/* Find services in /etc/init.d not owned by root and list the...

/proc/(PID)/cmdline This file shows the parameters passed to the kernel at the time it is started. It looks like the following: --------------------------------------------------- [*] PATH: /proc/...

To understand Spring4Shell, it is important that we understand CVE-2010-1622. Spring MVC (Model-View-Controller) is part of the Spring Framework which makes it easy to develop web applications foll...

ARP-SCAN This tool sends a ARP requests to a given IP or network and retrieves the MAC address: arp-scan -I tap0 -g 10.142.111.0/24 FPING Reconnaisance of alive hosts: fping -I ens33 -g 10.10.0....

Finding the Vulnerability First you need to find a script (.sh,.pl,.cgi,etc.), most commonly under cgi-bin folder, for this task the best tool is nikto: nikto -h <IP> Testing the Vulnerabil...