Linux Killchain



Make revshells here


find a way to upload the payload to the target

ssh, ftp, web upload, wordpress plugin, smb/nfs share, injection, etc


run the exploit and if it doesn't work then go back to weaponization by trying another payload

#Privledge Escalation / Installation

Find system info like a local neofetch


Local IP info

hostname -I

Better su perm search command:

find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null

Check those programs against GTFO bins