phil/CTF_CheatSheet
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added More 2

Browse Source
This commit is contained in:
Phil 2021-12-15 16:00:50 +00:00
parent 1b90ff351d
commit ac1ca41383
1 changed files with 47 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

73
README.md
View File

@ -3,21 +3,34 @@
## Stage 1 - Lay of the Land ## Stage 1 - Lay of the Land
### Scans ### enumeration
#### Nmap * Passive Recon
* Shodan
* Wayback Machine
* The Harvester
* Active Recon
* Nmap
* Masscan
* Network discovery
* RPCClient
* Enum4all
* List all the subdirectories and files
* Gobuster
* Backup File Artifacts Checker
* Web Vulnerabilities
* Repository Github
* Burp
* Web Checklist
* Nikto
* Payment functionality
##### Powershell * Basic Scan
```
nmap -sn -n --disable-arp-ping IP | grep -v "host down"
```
-sn : Disable port scanning. Host discovery only.
-n : Never do DNS resolution
##### Bash
> Basic Scan
``` ```
sudo nmap -sSV -p- IP -oA nmap/initial -T4 sudo nmap -sSV -p- IP -oA nmap/initial -T4
sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
@ -27,38 +40,46 @@ sudo nmap -sSV -oA OUTPUTFILE -T4 -iL INPUTFILE.csv
• -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE" • -oA OUTPUTFILE tells Nmap to output the findings in its three major formats at once using the filename "OUTPUTFILE"
• -iL INPUTFILE tells Nmap to use the provided file as inputs • -iL INPUTFILE tells Nmap to use the provided file as inputs
> This configuration is enough to do a basic check for a CTF VM * CTF Scan
``` ```
nmap -sV -sC -oA nmap/initial IP nmap -sV -sC -oA nmap/initial IP
• -sV : Probe open ports to determine service/version info
• -sC : to enable the script
• -oA : to save the results
``` ```
-sV : Probe open ports to determine service/version info
-sC : to enable the script
-oA : to save the results
After this quick command you can add "-p-" to run a full scan while you work with the previous result After this quick command you can add "-p-" to run a full scan while you work with the previous result
```
nmap -sV -sC -oA -p- nmap/initial IP
```
* Aggressive Nmap
> Aggressive Nmap
``` ```
nmap -A -T4 scanme.nmap.org nmap -A -T4 scanme.nmap.org
• -A: Enable OS detection, version detection, script scanning, and traceroute • -A: Enable OS detection, version detection, script scanning, and traceroute
• -T4: Defines the timing for the task (options are 0-5 and higher is faster) • -T4: Defines the timing for the task (options are 0-5 and higher is faster)
``` ```
#### Masscan * Masscan
```bash ```bash
masscan IP -p 1-65535 --rate 100 -oX masscan.xml masscan IP -p 1-65535 --rate 100 -oX masscan.xml
``` ```
### enumeration
#### GoBuster * Using DirBuster or GoBuster
> Dir Mode ```bash
``` ./gobuster -u http://buffered.io/ -w /secondary/wordlists/more-lists/dirb/ -t 10
gobuster dir -u URL -w /secondary/wordlists/more-lists/dirb/ -u url
-w wordlist
-t threads
More subdomain :
./gobuster -m dns -w subdomains.txt -u google.com -i
gobuster -w wordlist -u URL -r -e /secondary/wordlists/more-lists/dirb/
``` ```