You're in, now what?
Let's not make any assumptions regarding how you spawned a shell. Just that you did...
This case, I have a reverse Netcat shell.
This blog wasn't created with the idea of teaching you how to get a shell or command prompt on a system, but rather what to do with a shell once you have one.
I will however, assume that you were sneaky in doing so. You were careful to be stealthy about your business.
So, don't start getting sloppy now.
Look both ways before proceeding ;)
So, as the title states, "You're in, now what?"
Me, I might be concerned with who else might be logged in to the box at the same time I am.
So, I have a windows system running a netcat listener (google it) with a reverse connection from a linux system:
So, I have a windows system running a netcat listener (google it) with a reverse connection from a linux system:
Linux Reverse Shell:
First lets determine my current context.
>whoami
***(click image for full detail)
Root? Nice..
Now let's figure out who else is logged in to the box.
The first is simple.
>w
(I like this one)
***(click image for full detail)
I can see that my reverse Netcat session shows as a root( tty1) session. And I can see that root is logged in locally.
"Be wary wary quiet..."
Another way,
>who -a
***(click image for full detail)
(Full of juicy info)
Or you could try this,
>users
***(click image for full detail)
(limited results)
Attack of the roots!
And last, but not least (haha, get it, last?)
>last
***(click image for full detail)
Wow. I even get some addressing info. Even frequency of use.
"
Last looks through /var/log/wtmp and displays a log of the last users logged on, including those currently logged on.
"
Windows Reverse Shell:
>qwinsta
Shows both console and rdp sessions.
***(click image for full detail)
**If this had been an RDP connection, you would see rdp-tcp instead of console.
So, Geek is currently logged into the local console.
How hard was that? It wasn't.
More next time.
Rob
