issue155:c_c
Différences
Ci-dessous, les différences entre deux révisions de la page.
Les deux révisions précédentesRévision précédente | |||
issue155:c_c [2020/04/02 11:17] – auntiee | issue155:c_c [2020/04/02 13:53] (Version actuelle) – andre_domenech | ||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
**Since Lucas absconded, we cannot fill his slot with more Lucas-stuff, | **Since Lucas absconded, we cannot fill his slot with more Lucas-stuff, | ||
- | Depuis que Lucas s'est éclipsé, nous ne pouvons plus remplir cet article avec des choses de Lucas ; aussi, nous sommes passés à quelque chose qui me semble amusant et interactif. (C'est aussi parce que je ne connais rien à Rust et Go). Ça aide peut-être aussi certains d' | + | Depuis que Lucas s'est éclipsé, nous ne pouvons plus remplir cet article avec des choses de Lucas ; aussi, nous sommes passés à quelque chose qui me semble amusant et interactif. (C'est aussi parce que je ne connais rien à Rust and Go.) Ça aide peut-être aussi certains d' |
**Last issue, we did a quick overview of permissions on a Linux system. This issue, we will quickly discuss tools. We need to lay some groundwork first, before going to practical. Tools are handy if you do not want to do every last thing by hand. That said, you still need to know your command-line tools (commands). We already looked at ‘id’ and ‘whoami’. You also need to know ‘ifconfig’ and ‘ip’, to see what network interfaces are up. ‘Netstat’, | **Last issue, we did a quick overview of permissions on a Linux system. This issue, we will quickly discuss tools. We need to lay some groundwork first, before going to practical. Tools are handy if you do not want to do every last thing by hand. That said, you still need to know your command-line tools (commands). We already looked at ‘id’ and ‘whoami’. You also need to know ‘ifconfig’ and ‘ip’, to see what network interfaces are up. ‘Netstat’, | ||
Ligne 37: | Ligne 37: | ||
**Where would you start? Good question! The ‘find’ or ‘which’ command can be your friend. You need to know what you are working with. For example: ‘find / -name python*’ or ‘which python’. So we need to look for cc, gcc, python, perl, at least. Maybe put that at the top of your list and work down. There is no surefire way, so trial and error is perfectly acceptable. See if you can access or read some of the common locations. Always read the user’s history file. (history). Look for mounted file systems or unusual ones (df). Etcetera, etcetera. Mundane things, like ‘cron’, can be a goldmine! Make a list as you go along and refine that list. Check for things like ‘curl’ and ‘wget’ and ‘nc’ that allow you to transfer files, if you do not have what you need. (Like the bash script above). Your toolbox is the shell itself. SSH is as valid to your PC as it is to that PC. It is advisable to create an archive of your enumeration and send it to an offline PC where you can work on your ‘intel’ at your own pace. There may be commands you have never used (mknod), that you need to brush up on. As they say, all is fair in love and war. Practice makes perfect? | **Where would you start? Good question! The ‘find’ or ‘which’ command can be your friend. You need to know what you are working with. For example: ‘find / -name python*’ or ‘which python’. So we need to look for cc, gcc, python, perl, at least. Maybe put that at the top of your list and work down. There is no surefire way, so trial and error is perfectly acceptable. See if you can access or read some of the common locations. Always read the user’s history file. (history). Look for mounted file systems or unusual ones (df). Etcetera, etcetera. Mundane things, like ‘cron’, can be a goldmine! Make a list as you go along and refine that list. Check for things like ‘curl’ and ‘wget’ and ‘nc’ that allow you to transfer files, if you do not have what you need. (Like the bash script above). Your toolbox is the shell itself. SSH is as valid to your PC as it is to that PC. It is advisable to create an archive of your enumeration and send it to an offline PC where you can work on your ‘intel’ at your own pace. There may be commands you have never used (mknod), that you need to brush up on. As they say, all is fair in love and war. Practice makes perfect? | ||
- | Par où commencer ? Bon question ! La commande « find » ou « which » peut vous venir en aide. Vous devez savoir avec quoi vous travaillez. Par exemple : « find / -name python* » ou « which python ». Aussi, nous devons au moins chercher cc, gcc, python, perl. Mettez peut-être ce point en tête de votre liste et allez-y. Il n'y a pas de voie toute tracée, donc le tâtonnement est parfaitement acceptable. Regardez si vous pouvez | + | Par où commencer ? Bonne question ! La commande « find » ou « which » peut vous venir en aide. Vous devez savoir avec quoi vous travaillez. Par exemple : « find / -name python* » ou « which python ». Aussi, nous devons au moins chercher cc, gcc, python, perl. Mettez peut-être ce point en tête de votre liste et allez-y. Il n'y a pas de voie toute tracée, donc le tâtonnement est parfaitement acceptable. Regardez si vous pouvez |
**Now for some online reading: | **Now for some online reading: | ||
Ligne 65: | Ligne 65: | ||
Le prochain numéro sera plus opérationnel ! | Le prochain numéro sera plus opérationnel ! | ||
- | Je vous y donnerez | + | Je vous y donnerai |
Des réclamations ou des commentaires ? Oui, je suis un écervelé. Envoyez-nous vos mails à : misc@fullcirclemagazine.org | Des réclamations ou des commentaires ? Oui, je suis un écervelé. Envoyez-nous vos mails à : misc@fullcirclemagazine.org |
issue155/c_c.1585819034.txt.gz · Dernière modification : 2020/04/02 11:17 de auntiee