Generate a list of the IPs of live hosts. nmap -iR 10 -n -oX out.xml grep Nmap cut -d -f5 > live-hosts.txt. Linux grep command cheat sheet The grep command is a way to search through a file for a specific pattern of characters. Scan for web servers and grep to show which IPs are running web servers. Have you got a shell? Can you interact with the system? Is packet sniffing possible? What can be seen? Listen to live traffic What other users & hosts are communicating with the system? What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway? What NIC(s) does the system have? Is it connected to another network? name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla What applications are installed? What version are they? Are they currently running?Īny of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?Īny plain text usernames and/or passwords?įind. Which service(s) are been running by root? Of these services, which are vulnerable - it's worth a double check! What services are running? Which service has which user privilege? ps -ef grep xyz, displays process information for xyz. To use grep, you specify the pattern you want to search. In this page, you can find Linux Commands Cheat Sheet that includes all important Linux Commands. It is commonly used by programmers, system administrators, and analysts to search for specific patterns in logs, configuration files, and other types of data. Here are some cheatsheets and quick references contributed by open source angels. This cheat sheet is intended to be a quick reminder for the main concepts involved in using the command line program grep and assumes you already understand. What can be learnt from the environmental variables? Grep is a command-line tool that allows you to search for specific patterns or words in a file or group of files. What's the distribution type? What version?
Grep cheat sheet trial#
Try - Get ready for (lots of) trial and error. Not every exploit work for every system "out of the box". Thanks for creating this cheat-sheet Dave. Search - Know what to search for and where to find the exploit code.Īdapt - Customize the exploit, so it fits.
Process - Sort through data, analyse and prioritisation. (Linux) privilege escalation is all about:Ĭollect - Enumeration, more enumeration and some more enumeration.
Taken from the Post-Exploitation Primer Google Doc sheet.
0 kommentar(er)
