Monday, March 14, 2011

You're in, now what?

You're in, now what?

Let's not make any assumptions regarding how you spawned a shell. Just that you did...
This case, I have a reverse Netcat shell.

This blog wasn't created with the idea of teaching you how to get a shell or command prompt on a system, but rather what to do with a shell once you have one.

I will however, assume that you were sneaky in doing so. You were careful to be stealthy about your business.

So, don't start getting sloppy now.

Look both ways before proceeding ;)

So, as the title states, "You're in, now what?"

Me, I might be concerned with who else might be logged in to the box at the same time I am.

So, I have a windows system running a netcat listener (google it) with a reverse connection from a linux system:

Linux Reverse Shell:
First lets determine my current context.

>whoami
***(click image for full detail)

Root? Nice..

Now let's figure out who else is logged in to the box.

The first is simple.

>w
(I like this one)

***(click image for full detail)


I can see that my reverse Netcat session shows as a root( tty1) session. And I can see that root is logged in locally.

"Be wary wary quiet..."

Another way,

>who -a

***(click image for full detail)
(Full of juicy info)


Or you could try this,

>users


***(click image for full detail)
(limited results)
Attack of the roots!

And last, but not least (haha, get it, last?)



>last

***(click image for full detail)


Wow. I even get some addressing info. Even frequency of use.

"
Last looks through /var/log/wtmp and displays a log of the last users logged on, including those currently logged on.
"

Windows Reverse Shell:

>qwinsta

Shows both console and rdp sessions.


***(click image for full detail)
**If this had been an RDP connection, you would see rdp-tcp instead of console.
So, Geek is currently logged into the local console.
How hard was that? It wasn't.
More next time.
Rob


Saturday, March 5, 2011

Judge Lets Sony Unmask Visitors to PS3-Jailbreaking Site

Odd, I thought that I woke up in America, you know the country with that 1st amendment thingy, I guess not. Better go back to bed. Link