Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
[Read more…]
Finding Public Exploits
There are thousands of exploits out in the wild, even more being traded privately or held back as 0 days. Clearly we want to get access to as many of these resources as we can to maximize the chance of successful exploitation. A warning must be given to anyone downloading exploits. There are several fake exploits out there specifically designed to harm or destroy your computer. Never download exploits from a source and run them without first checking what they do and what commands they will be executing on your system. It’s highly recommended that you decode any encoded values to find what they actually mean. For example this exploit when decoded runs the “rm -rf” command on your system. Saying that, some of the resources outlined here such as exploit-db and security focus can be considered pretty trustworthy.