Privilege Escalation References

Linux Priv Esc
http://www.thepentesters.net/tutorials/tricks-escaping-linux-restricted-environments/
https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/
https://github.com/pentestmonkey/unix-privesc-check
http://www.dankalia.com/tutor/01005/0100501004.htm
http://www.softpanorama.org/Tools/Find/finding_world_writable_abandoned_and_other_abnormal_files.shtml
https://github.com/mubix/post-exploitation/wiki/Linux-Post-Exploitation-Command-List

Windows Priv Esc
https://www.insomniasec.com/downloads/publications/WindowsPrivEsc.ppt
http://toshellandback.com/2015/11/24/ms-priv-esc/
http://www.toshellandback.com/2015/08/30/gpp/
http://www.slideshare.net/chrisgates/windows-attacks-at-is-the-new-black-26672679
http://www.fuzzysecurity.com/tutorials/16.html

Installing YateBTS on a Clean Ubuntu Install (16.04 LTS)

Install Prerequisites
$ sudo apt-get install subversion
$ sudo apt-get install autoconf
$ sudo apt-get install libgsm1-dev
$ sudo apt-get install libgusb-dev
$ mkdir ~/tools

Install Yate
$ which -a yate-config (make sure only have 1 instance installed)
$ cd ~/tools
$ svn checkout http://voip.null.ro/svn/yate/trunk yate
$ cd yate
$ ./autogen.shr
$ ./configure
$ sudo make install-noapi

Install YateBTS
$ cd ~/tools
$ svn checkout http://voip.null.ro/svn/yatebts/trunk yatebts
$ cd yatebts
$ ./autogen.sh
$ ./configure
$ sudo make install

Configure your username permissions for running YateBTS
$ sudo addgroup yate
$ sudo usermod -G yate [your-username]
$ sudo touch /usr/local/etc/yate/snmp_data.conf /usr/local/etc/yate/tmsidata.conf
$ sudo chown root:yate /usr/local/etc/yate/*.conf
$ sudo chmod g+w /usr/local/etc/yate/*.conf

Configure YateBTS values
$ sudo vim /usr/local/etc/yate/ybts.conf
Radio.Band= 900 (set your countries value here)
Radio.C0=0 (determined by your band)
Identity.MCC=001 (uncomment)

$ sudo vim /etc/security/limits.conf (increase yate’s priority value, append these lines)
@yate hard nice -20
@yate hard rtprio 99

$ sudo vim /usr/local/etc/yate/ybts.conf
radio_read_priority=highest (uncomment and change to highest)
radio_send_priority=high (uncomment and change to high)

$ sudo vim /usr/local/etc/yate/ysnmpagent.conf (change SNMP port numbers so normal users can use them)
port=20161 (uncomment and change value)
remote_port=20162 (uncomment and change value)

$ sudo vim /usr/local/etc/yate/subscribers.conf (set country code)
country_code=61 (e.g. for Australia)

Start and test YateBTS
$ yate
$ telnet localhost 5038
nib list registered (list registered devices)
nib list rejected (list rejected devices)

  • Try and connect to the “101” 2G network on your two test devices
  • Take your two test IMSI numbers from nib list rejected and add regexp= to /usr/local/etc/yate/subscribers.conf
  • Now you can make calls to each other with your allocated phone numbers (you will recieve an sms when you join the network) or text ELIZA questions on 35492

Installing a BladeRF on a Clean Ubuntu Install (16.04 LTS)

Installing a BladeRF
$ sudo add-apt-repository ppa:bladerf/bladerf
$ sudo apt-get update (you may get some 404s but it’s ok)
$ sudo apt-get install bladerf
$ sudo apt-get install libbladerf-dev
$ sudo apt-get install bladerf-firmware-fx3
$ sudo apt-get install bladerf-fpga-hostedx40 (for the 40 kLE hardware)
OR 
$ sudo apt-get install bladerf-fpga-hostedx115 (for the 115 kLE hardware)

Plug in the BladeRF
$ bladeRF-cli --flash-firmware /usr/share/Nuand/bladeRF/bladeRF_fw.img

Plug out the BladeRF and plug back in again
$ bladeRF-cli -p
Backend: libusb
Serial: d6cbcb056cc2aa1e37d14c41f15fe3af
USB Bus: 4
USB Address: 3

$ bladeRF-cli -i
bladeRF> version
bladeRF-cli version: 1.3.1-0.2016.01~rc1-3
libbladeRF version: 1.5.1-0.2016.01~rc1-3
Firmware version: 1.9.0
FPGA version: 0.5.0