Linux incident response cheat sheet...
Download link of uac tool:
https://github.com/tclahr/uac
https://github.com/tclahr/uac/releases
Please download the latest release of the tool from the above link. You will get the tool under Assets section for example named as: uac-3.3.0.tar.gz
Setting up uac tool:
Taking the tool to the victim/compromised machine:
scp uac-3.3.0.tar.gz lab@192.168.10.135:/tmp
scp uac-3.3.0.tar.gz lab@192.168.10.135: (if you do not give /tmp then the tool will be placed under that lab user home directory. Now provide the password of the target system)
ssh lab@192.168.10.135 (Access the target system with creds)
cd /tmp
tar zxf uac-3.3.0.tar.gz
cd uac-3.3.0/
sudo ./uac -p ir_triage /root (Run the tool using root user or with sudo privilege. -p for profile. Captured artifacts will be saved on /root directory)
Avi
Comments
Post a Comment