Orc
Orc copied to clipboard
zMarch
Orc is a post-exploitation framework for Linux written in Bash
As an extension of #79, I came across this, which actually does the whole goddamn thing I'd been trying to get at, and documents it pretty well: https://github.com/arget13/DDexec I'll try...
We can ~probably implement this trickery so we can execute arbitrary shellcodes. Maybe as a helper function? https://twitter.com/David3141593/status/1386663070991360001 The example pops /bin/sh ``` cd /proc/$$;read amem;base64 -d
In the context of linux machines that do not have access to the internet (think of hackthebox challenge boxes - where you, the user, vpn into a lab environment, and...
This honestly might be better as something we fork and pull in remotely at runtime, but I'd be interested in thoughts on implementing something like Mimipenguin for dumping creds out...
If we can find a domain-joined Linux, i've seen some tricks that might let us extract hashes and secrets etc. I've not had too much of a deep look, noting...
This works, but its not reliable/stable enough to commit yet. I was thinking instead of just flagging one service in there, actually using grep -E with a list of VM...
The folks at THC have a rather nice host-info-gathering script, some of which could possibly be folded into Orc. https://raw.githubusercontent.com/hackerschoice/thc-tips-tricks-hacks-cheat-sheet/master/tools/whatserver.sh
