“Go the path of least resistance – sure, it’s cool to pop Meterpreters, but it’s really not always even necessary. It can be much easier.”
“Roanoke native Logan Diomedi found an interest in computers at an early age and won his first Capture-the-Flag (CTF) at 16. Since then he has placed in the top 3 on several other national CTFs throughout the years, including events run by the NSA, Radford University, and NYU Poly. He specializes in application analysis/pivoting and lateral movement on enterprise networks though he maintains a broad skill base and is particularly fond of hunting “zero days” on embedded devices and closed-source software for responsible disclosure.
It’s been a busy year…
Hey guys! I have a ton of posts coming in the next couple of weeks, but one thing I wanted to go ahead and throw on here was DIGMEUP – a really simple automated Bash script for doing quick and dirty recon.
Thanks to the help of @neoice and Joseph Dicarlo for helping me put this together. There is a download link for the PoC .RPM AND .DEB files at the bottom! (Please stop putting NOPASSWD in sudoers for package managers! I truly actually
(PART TWO AT BOTTOM OF THE PAGE)There are many well known and documented attack vectors for the sudo command that exist. Please see my Useful Resources page for the Windows & Linux Privilege Escalation piece that contains a ton of helpful knowledge
Head on over to the Useful Resources section located at the top of the site or at this link. Once you’re there, you’ll find my ever growing and wide array of reference resources, as well as lesser known gems and tricks that