- What is the pipe used by the attacker for reverse shell?
- Which command was used to modify firewall rules?
- What is the wrong configurated file probably used by the attacker for privilege escalation?
Bulamadım yardımcı olur musunuz?
Let’s start with question 3 first. For the 3rd question, I recommend you look at the security and permissions section. We have a command to find suid files, you should take a good look at the files that appear as a result of that command. For firewall, we had a command that showed firewalls in Linux. You can use iptables -L to see which firewall is being used. There are some important firewall types. This firewall appears especially in the /usr/share section.For the first problem, I suggest you look at the tmp folder, which is one of the attackers’ favorite folders, as a clue. The format is /t**/*. enjoy your work
Thanks. I just couldn’t find the first question. I solved the others. I’ll look now.
1 Like