bring everything up

Author: mubix

.gitignore

@@ -0,0 +1 @@
+.DS_Store

LICENSE

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2013 pwnwiki
+Copyright (c) 2013 Rob Fuller
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of
 this software and associated documentation files (the "Software"), to deal in

README.md

@@ -1,4 +1,35 @@
-pwnwiki.github.io
-=================
+Post Exploitation Wiki
+======================
 
-PwnWiki - Previously known as the Post Exploitation Wiki
+This wiki is powered by MDwiki which is a self contained wiki in a single HTML file.
+
+All you have to do to use the wiki is clone the repo to anywhere you can open HTML, served or local.
+
+Contributors please see here: https://github.com/mubix/post-exploitation-wiki/wiki/Contributor-Wiki
+
+### Live Online Copy:
+
+You can find a copy of the project online at: http://mubix.github.io/post-exploitation-wiki/. If you are reading this from the live website and want to get to the Github repository click here -> https://github.com/mubix/post-exploitation-wiki.
+
+### Offline Use:
+
+  1. Clone the repository or pull the archive ([download zip](https://github.com/mubix/post-exploitation-wiki/archive/master.zip)) of the repo
+  2. Open index.html
+  3. Most modern browsers don't allow the access of local files from a locally loaded HTML file. On Windows you can use [Mongoose Tiny](http://cesanta.com/downloads.html) or [HFS](http://www.rejetto.com/hfs/) to host the files locally. On OSX and Linux `python -m SimpleHTTPServer` seems to work just fine.
+
+### Reference Binaries:
+
+If the binary referenced isn't built into the respective OS, can be found here:
+https://github.com/mubix/post-exploitation
+
+#### Known issue with Chrome:
+
+Chrome doesn't allow local file access from local files loaded in the
+browser (ala index.html loading index.md). There are two ways around this. Use a web server to host
+it (Apache, nginx, python SimpleHTTPServer, etc) or start Chrome with the `--allow-file-access-from-files`
+argument. See here for more details: http://dynalon.github.io/mdwiki/#!faq.md
+
+
+### More info about MDwiki:
+
+http://dynalon.github.io/mdwiki/#!index.md

images/logo.jpg

@@ -0,0 +1,36 @@
+![](images/logo.jpg)
+
+[Image Generated Here](http://www.addletters.com/pictures/restaurant-sign-generator/4729076.htm#.Um8oRyQeLuN)
+
+### PostExploitation.com is a collection TTPs (tools, tactics, and procedures) for what to do after access has been gained.
+
+- - - - - - 
+
+### Live Online Copy:
+
+You can find a copy of the project online at: http://mubix.github.io/post-exploitation-wiki/
+
+### Offline Use:
+
+  1. Clone the repository or pull the archive ([download zip](https://github.com/mubix/post-exploitation-wiki/archive/master.zip)) of the repo
+  2. Open index.html
+  3. Most modern browsers don't allow the access of local files from a locally loaded HTML file. On Windows you can use [Mongoose Tiny](http://cesanta.com/downloads.html) or [HFS](http://www.rejetto.com/hfs/) to host the files locally. On OSX and Linux `python -m SimpleHTTPServer` seems to work just fine.
+
+#### Referenced tools can be found here: https://github.com/mubix/post-exploitation (If they aren't built into the OS)
+
+- - - - - -
+#### Submitting Content
+
+We realize that everyone has their favorite commands they run. Is your go-to content not up here? Want to submit it? Either submit a pull request or if you don't want to spend the time becoming a Git Jedi, just visit our [Google Form](https://docs.google.com/forms/d/1N7-jRjnUXoz-UwB2h0du2IrskFJW6hBGs4YsTwvEncE/viewform). Thanks! 
+
+- - - - - -
+Curators:
+
+  * [@mubix](https://twitter.com/mubix) [gimmick:TwitterFollow](@mubix)
+  * [@WebBreacher](https://twitter.com/webbreacher) [gimmick:TwitterFollow](@WebBreacher)
+  * [@tekwizz123](https://twitter.com/tekwizz123) [gimmick:TwitterFollow](@tekwizz123)
+  * [@jakx_](https://twitter.com/jakx_) [gimmick:TwitterFollow](@jakx_)
+  
+If you would like to become a curator, please contact [[email protected]](mailto:[email protected])
+
+[gimmick:ForkMeOnGitHub ({ color: 'red',  position: 'right' })](http://www.github.com/mubix/post-exploitation-wiki/)

images/output.jpg

@@ -0,0 +1,31 @@
+# Links
+
+Hardware
+---------
+
+| Link | Description | Cost |
+|------|-------------|------|
+| [Raspberry Pi](http://www.raspberrypi.org/) | Small board, and low cost, there is a Kali Linux that is designed to run on it, but pretty slow processor | $25 |
+| [PwnPlug/Pad/etc](http://pwnieexpress.com/collections/premium-pentesting-products) | Plug is a based off a Sheeva plug with an attack distro (ubuntu based) installed on it. Looks a lot like a wall wart. | $995|
+| [BeagleBoard Black](http://beagleboard.org/Products/BeagleBone%20Black) | Description Needed | $45 |
+| [Hak5 Rubber Ducky](http://hakshop.myshopify.com/collections/usb-rubber-ducky) | A USB stick that acts as a keyboard, types out payloads quickly and automatically. | $36 |
+| [Hak5 Wifi Pineapple](http://hakshop.myshopify.com/collections/wifi-pineapple) | Wireless attack router | $99 |
+| [Odroid X2](http://en.wikipedia.org/wiki/Odroid) | More RAM than the Pi (2GB) | $135 |
+| [Udoo](http://www.udoo.org/)| Comparable with the Odroid X2 / Pwn Plug and Raspbery Pi | $100 |
+| [GoodFet/Facedancer](http://goodfet.sourceforge.net/) | A open source JTAG adapter "loosely based upon the TI MSP430 FET UIF and EZ430U boards". The Facedancer board allows you to emulate USB devices so that one host can manipulate the USB devices or services of a second host. The Goodfet boards are an earlier edition of the Facedancer boards but are more general purpose, supporting JTAG and, with recent additions, USB to become a universal serial bus. | $70 [Facedancer21](http://int3.cc/collections/frontpage/products/facedancer21)<br /> $50 [GoodFET42](https://www.adafruit.com/product/1279) |
+
+Software
+---------
+
+
+Web Apps
+---------
+
+
+Code Repos
+---------
+
+| Link | Description |
+|------|-------------|
+| [Panoptic](https://github.com/lightos/Panoptic) | Finds exploitable paths for LFI and RFI |
+| [Daniel Miessler's SecLists Repo](https://github.com/danielmiessler/SecLists) | Solid repository of word lists for every occasion |

index.html

@@ -0,0 +1,3 @@
+# Place Holder
+
+Content coming. Feel free to submit ;-)

index.md

@@ -0,0 +1,15 @@
+
+# Linux Blind Files
+
+In some cases during exploitation you as an attacker gain the ability to read arbitrary files. As an attacker you need go-to files that cover as many different OS versions as possible in order to either confirm exploitation or gather intelligence on the exploited system. For this we use a "blind file".
+
+The files below are things to pull when all you can do is to blindly read. Examples of vulnerabilities or situations where this would be helpful might be: local file includes (LFI), directory traversals or remote file share instances like SMB, FTP, NFS or otherwise.
+
+| File     | Description / Importance |
+| -------- | ------------------------ |
+| `/etc/issue` | A message or system identification to be printed before the login prompt. |
+| `/etc/motd` | Message of the day banner content. Can contain information about the system owners or use of the system. | 
+| `/etc/passwd` | List of account names, groups, home directory, and shell (should be globally readable). |
+| `/etc/resolv.conf` | Contains the current name servers (DNS) for the system. This is a globally readable file that is less likely to trigger IDS alerts than `/etc/passwd`. |
+| `/etc/shadow` | List of all user's password hashes (requires root). |
+| `/home/[USERNAME]/.bash_history`<br>`~/.bash_history`<br>`/root/.bash_history` | Shell history for [USERNAME], the current user or root respectively. This file can contain passwords and other sensitive commands and content. |