search
ShopAuthorPatreonHTB Pro Labs
Page cover

🟒To Attack a Linux Machine

Methodology To Attack a Linux Machine

Ok after scanning the network we detect some Linux machines and now?

What do we need to investigate in order to get root on the remote machine?

First scan all 65535 TCP ports available, don't scan them all at once. Start by scanning the most common ones then go increasing the port ranges.

Do the same for all 65535 UDP ports.

After scanning all ports we hope to find some services running on them, grab all banners from remote services, and investigate them.

The objective is to find services that can allow us to connect to the machine without authentication or send files to the machine, or a web server since it gives us a lot more to investigate in order to find an entry point.

If we don't find anything useful running on the host it's time to run different scans against the host. Remember don't be noisy, prepare yourself for the next exams.

hashtag
Juice Information

  1. Linux Kernel version

  2. The version of the Services running

  3. Sometimes we can detect users remotely

hashtag
SSH Service

SSH is hard to exploit but can be brute forced, if you find a valid user try to brute force ssh.

Read more about SSH Penetration Testingarrow-up-right here:

LogoPopLabSecPopLabSecchevron-right
SSH Penetration Testingchevron-right

hashtag
FTP Service

Old FTP can be an entry point into the remote system, maybe an anonymous user is allowed and we can get some files or better send files to the server.

Search for files inside the available folders in case you found a Web server folder send a PHP reverse shell.

Pay attention to hidden folders and the folder's names and paths as well.

FTP is nice to be brute-forced if you have a valid user. If you want to learn more about FTP Penetration Testingarrow-up-right read my full article about it!

LogoFTP Penetration Testing: A Comprehensive Guide - PopLabSecPopLabSecchevron-right

hashtag
Samba Service

SMB is the most common entry point it has tons of CVEs and most of the time is poorly configured, Check my article about SMB Penetration testingarrow-up-right and learn how o breach it!

SMB Penetration Testingchevron-right
LogoSMB Penetration Testing: A Comprehensive Guide - PopLabSecPopLabSecchevron-right

hashtag
DNS Service

spacechevron-right

hashtag
MySQL Service

MySQL Penetration Testingchevron-right

hashtag
Web Servers

Remember! Users from web applications are different from system users.

Read More about hacking Web Servers here:

LogoWelcome! | Hacking Web Servershacking-webservers.popdocs.netchevron-right
Hacking Web Servers

Read More about hacking Web Applications here:

LogoWelcome! | Hacking Web Applicationshacking-web-applications.popdocs.netchevron-right
Hacking Web Applications

hashtag
What do we want?

A stable highly privileged shell of course. Root access!

Transfer files to the machine.

Download files from the machine.

Pivoting into other networks.

PreviousTo Scan a NetworkNextTo Attack a Windows Machine

Last updated