Rh17S15/pentesting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9adabe37a3967a6c03a832d6cc3e07aa7388e107
pentesting/Cheatsheet.md
Rh17S15 9adabe37a3 first commit
2025-06-10 17:23:40 +02:00

116 lines
2.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
#### to install:
- magic wormhole
- tldr
- rlwrap
-
```bash
sudo apt update --fix-missing && sudo apt install magic-wormhole tealdeer rlwrap
```
#### for keyring
-> if there is some kind of keyring error
```bash
sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
```
# information gathering
### nmap
for quick scan of available ips
```bash
nmap -sn ip/24
```
to filter output for open ips
```bash
nmap -sn 192.168.1.0/24 | grep "for " | awk '{print $5}' > ips.txt
```
scan open ports
```bash
nmap -sCV -A -p $(nmap 192.168.1.155 -p- | grep open | awk -F '/' '{print $1}' | tr '\n' ',' | sed 's/.$//') 192.168.1.155
```
## TTY Spawn Shell
Often during pen tests you may obtain a shell without having tty, yet wish to interact further with the system. Here are some commands which will allow you to spawn a tty shell. Obviously some of this will depend on the system environment and installed packages.
### Python spawn shell
python -c 'import pty; pty.spawn("/bin/bash")'
Fully Interactive TTY
#### All the steps to stabilize your shell
**The first step:**
python3 -c 'import pty;pty.spawn("/bin/bash")'
Which uses Python to spawn a better-featured bash shell. At this point, our shell will look a bit prettier, but we still wont be able to use tab autocomplete or the arrow keys.
**Step two is:**
export TERM=xterm
This will give us access to term commands such as clear.
**Finally (and most importantly) we will background the shell using**
Ctrl + Z
Back in our own terminal we use
stty raw -echo; fg
This does two things: first, it turns off our own terminal echo which gives us access to tab autocompletes, the arrow keys, and Ctrl + C to kill processes
stty rows 38 columns 116
### OS system spawn shell
echo os.system("/bin/bash")
### Bash spawn shell
/bin/sh -i
### Perl spawn shell
perl —e 'exec "/bin/sh";'
### Ruby spawn shell
ruby: exec "/bin/sh"
### Lua spawn shell
lua: os.execute("/bin/sh")
### IRB spawn shell
exec "/bin/sh"
### VI spawn shell
:!bash
### VI(2) spawn shell
:set shell=/bin/bash:shell
### Nmap spawn shell
!sh
Reference in New Issue View Git Blame Copy Permalink