kdlsw Posted April 29, 2017 Share Posted April 29, 2017 I found it quite difficult to actually get a shell these days, I am wondering how you guys do it, anyway, here is what I did On the LAN side, with mitm attack and injection, beef, it’s reasonably efficient to harvest credential, but a little hard to pwn a device, usually I need to send a fake social engineering request to let the victim to run some payloads. Remotely, I can bind some malicious payloads with normal files, and with a lot of social engineering, I can sometime get a shell then escalate privilege with my scripts. But these tricks (both LAN and internet) are not always reliable as they highly depending on social engineering, people these days don’t install program easily and they check URLs a lot. I am not sure what to do next to get shells more reliably, are there any better ways to handle it instead of hoping the user is a layman? Should I look into shellcode exploits and client side vulnerability? And most consoles are behind a router, which made direct vulnerability scan impossible I assume? Please, any suggestions will be appreciated, thank you! Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.