\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{datgrlnj2} \pdfinfo{ /Title (gsec1.pdf) /Creator (Cheatography) /Author (datgrlnj2) /Subject (GSEC1 Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{A3A3A3} \definecolor{LightBackground}{HTML}{F3F3F3} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{GSEC1 Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{datgrlnj2} via \textcolor{DarkBackground}{\uline{cheatography.com/56728/cs/38452/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}datgrlnj2 \\ \uline{cheatography.com/datgrlnj2} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 19th November, 2023.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{x{3.92 cm} x{4.08 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{AircrackNG}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{aircrack-ng : The primary cracking tool} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{aireplay-ng : Tool for injecting and replaying wireless frames} \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{airmon-ng: Tool to enable and disable wireless interface monitoring} \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{airodump-ng : Tool to capture wireless frames} \tn % Row Count 6 (+ 1) % Row 4 \SetRowColor{LightBackground} airmon-ng & identify wireless cards \tn % Row Count 8 (+ 2) % Row 5 \SetRowColor{white} airmon-ng start wlan0 & start in monitor mode \tn % Row Count 10 (+ 2) % Row 6 \SetRowColor{LightBackground} airodump-ng wlan0mon & look at available wireless networks and clients \tn % Row Count 13 (+ 3) % Row 7 \SetRowColor{white} aircrack-ng SEC401\_WEP.cap & Crack pcap with WEP \tn % Row Count 15 (+ 2) % Row 8 \SetRowColor{LightBackground} aircrack-ng -w all \seqsplit{SEC401\_WPA2PSK.pcap} & crack WPA2-PSK with dictionary named "all" \tn % Row Count 18 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{hashcat}} \tn % Row 0 \SetRowColor{LightBackground} hashcat -{}-help | grep "Attack Modes" -A9 & show different hash modes \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} shadow file & \$1 for MD5, \$5 SHA-256, \$6 for SHA-512 \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{hashcat -{}-help |grep "MD5 (Unix)"} \tn % Row Count 5 (+ 1) % Row 3 \SetRowColor{white} hashcat -m 500 -a 0 -o cracked.txt shadow \seqsplit{/usr/share/wordlists/sqlmap}.txt & -m 500 MD5 unix, -a 0 straight \tn % Row Count 9 (+ 4) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{cracked hashes stored in hashcat.potfile} \tn % Row Count 10 (+ 1) % Row 5 \SetRowColor{white} echo -e '\$\$\textbackslash{}n\$\#\textbackslash{}n\$@\textbackslash{}n\$!\textbackslash{}n' \textgreater{} sec401-rules & create custom rules file appending \$, \#, @, ! \tn % Row Count 13 (+ 3) % Row 6 \SetRowColor{LightBackground} hashcat -m 500 -r sec401-rules -a 0 -o cracked.txt shadow \seqsplit{/usr/share/wordlists/sqlmap}.txt & dictionary with rules \tn % Row Count 18 (+ 5) % Row 7 \SetRowColor{white} python bitcoin2john.py btc\_wallet.dat \textgreater{} btc\_hash.txt & get SHA-256 hash from btc wallet \tn % Row Count 21 (+ 3) % Row 8 \SetRowColor{LightBackground} hashcat -{}-help | grep Bitcoin & -m 11300 bitcoin/litecoin wallet \tn % Row Count 23 (+ 2) % Row 9 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{hashcat -m 11300 -a 0 -o cracked.txt btc\_hash.txt \seqsplit{/usr/share/wordlists/sqlmap}.txt} \tn % Row Count 25 (+ 2) % Row 10 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{cat cracked.txt | grep bitcoin} \tn % Row Count 26 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4.24 cm} x{3.76 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{snort}} \tn % Row 0 \SetRowColor{LightBackground} sudo tail snort.conf & last 15 lines of file \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{alert: The action to take when a match is found} \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{icmp: The protocol to match on} \tn % Row Count 4 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{\$EXTERNAL\_NET any -\textgreater{}: A variable representing any external network such as the Internet and any source port} \tn % Row Count 7 (+ 3) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{\$HOME\_NET any: A variable representing a trusted internal network and any destination port} \tn % Row Count 9 (+ 2) % Row 5 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{(msg: "COMMUNITY ICMP Linux DoS sctp Exploit": The message to include in the alert} \tn % Row Count 11 (+ 2) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{icode:2; itype:3;: The ICMP Type and Code on which to match} \tn % Row Count 13 (+ 2) % Row 7 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{content:"|28 00 00 50 00 00 00 00 F9 57 1F 30 00 00 00 00 00 00 00 00 00 00 00 00|";: The hexadecimal content included in the packet payload on which to perform a match} \tn % Row Count 17 (+ 4) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{reference:nessus,19777;: A reference to a corresponding Nessus plugin} \tn % Row Count 19 (+ 2) % Row 9 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{\seqsplit{classtype:attempted-user;:} The vulnerability class type} \tn % Row Count 21 (+ 2) % Row 10 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{sid:100000164; rev:2;): The unique Snort signature ID and revision number} \tn % Row Count 23 (+ 2) % Row 11 \SetRowColor{white} snort -c \seqsplit{/etc/snort/snort.conf} -i eth0 -A full & -c is config file, -A alerting full \tn % Row Count 26 (+ 3) % Row 12 \SetRowColor{LightBackground} /var/log/snort & alert and snort.log \tn % Row Count 28 (+ 2) % Row 13 \SetRowColor{white} xxd & dumps contents of file in hex \tn % Row Count 30 (+ 2) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4.24 cm} x{3.76 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{snort (cont)}} \tn % Row 14 \SetRowColor{LightBackground} snort -c \seqsplit{/etc/snort/snort.conf} -r \seqsplit{/home/sec401/labs/401}.4/snort/snort.pcap -A full & run against PCAP \tn % Row Count 4 (+ 4) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{p{0.8 cm} p{0.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Process Hacker}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{In process, Modules tab shows DLLs can right click send to VT} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Token tab see the SAT (Security access token)} \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{Memory tab} \tn % Row Count 4 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{\seqsplit{https://www.cjwdev.com/Software/NtfsReports/Download.html}} \tn % Row Count 6 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Powershell scripting}} \tn % Row 0 \SetRowColor{LightBackground} Get-Process & list of running processes \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Get-Process -Name lsass | Format-List *} \tn % Row Count 3 (+ 1) % Row 2 \SetRowColor{LightBackground} \$PaintApp = Get-Process -Name mspaint & add name to variable \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} \$PaintApp.Kill() & Kill paint app \tn % Row Count 6 (+ 1) % Row 4 \SetRowColor{LightBackground} Get-Process | Select-Object Name,Id,Path | Export-Csv -Path ProcList.csv & Save the Name, Id, and Path properties of all running processes to a comma-delimited text file. \tn % Row Count 11 (+ 5) % Row 5 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{ise .\textbackslash{}ProcList.csv} \tn % Row Count 12 (+ 1) % Row 6 \SetRowColor{LightBackground} Get-Process | Select-Object Name,Id,Path | Out-GridView & output in graphical app \tn % Row Count 15 (+ 3) % Row 7 \SetRowColor{white} cls & clear clutter \tn % Row Count 16 (+ 1) % Row 8 \SetRowColor{LightBackground} Get-Service & display background service \tn % Row Count 18 (+ 2) % Row 9 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Clear-DnsClientCache} \tn % Row Count 19 (+ 1) % Row 10 \SetRowColor{LightBackground} Get-Service | Select-Object DisplayName,Status | ConvertTo-Html | Out-File -FilePath Services.html & save list of services to HTML file \tn % Row Count 24 (+ 5) % Row 11 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{dir .\textbackslash{}Services.html | Format-List *} \tn % Row Count 25 (+ 1) % Row 12 \SetRowColor{LightBackground} dir | Sort-Object CreationTime | Select-Object CreationTime,FullName & sort the listed files by the date and time they were created \tn % Row Count 29 (+ 4) % Row 13 \SetRowColor{white} Copy-Item -Path .\textbackslash{}Services.html -Destination .\textbackslash{}Copied.html & dir *.html \tn % Row Count 32 (+ 3) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Powershell scripting (cont)}} \tn % Row 14 \SetRowColor{LightBackground} Get-FileHash -Algorithm SHA256 -Path *.html & filehash of all HTML files in current directory \tn % Row Count 3 (+ 3) % Row 15 \SetRowColor{white} Get-Content -Path .\textbackslash{}Copied.html & view contents of a file \tn % Row Count 5 (+ 2) % Row 16 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{Get-Content -Path .\textbackslash{}Copied.html} \tn % Row Count 6 (+ 1) % Row 17 \SetRowColor{white} Get-WmiObject -Query "SELECT * FROM Win32\_BIOS" -ComputerName LocalHost & Query BIOS information from a remote computer \tn % Row Count 10 (+ 4) % Row 18 \SetRowColor{LightBackground} Get-WinEvent -ListLog * | Select-Object LogName & see names of all local event logs \tn % Row Count 13 (+ 3) % Row 19 \SetRowColor{white} Get-WinEvent -LogName System -MaxEvents 10 | Select-Object TimeCreated,Id,Message & get last 10 events from System log, time, ID and message \tn % Row Count 18 (+ 5) % Row 20 \SetRowColor{LightBackground} Get-WinEvent -LogName System -MaxEvents 10 -ComputerName LocalHost | Select-Object TimeCreated,Id,Message | Export-Csv -Path LogData.csv & export to csv file \tn % Row Count 25 (+ 7) % Row 21 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Get-Help -Full Get-WinEvent} \tn % Row Count 26 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{TCPdump}} \tn % Row 0 \SetRowColor{LightBackground} FTP and capture first 3 packets & tcpdump -i eth0 port 21 -c 3 \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} -X display hex and ASCII first 4 packets & tcpdump -X -i eth0 port 21 -c 4 \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} -a print ASCII, FTP, specify source & tcpdump -a -i eth0 port 21 and src 10.10.10.20 \tn % Row Count 7 (+ 3) % Row 3 \SetRowColor{white} listen on loopback on port 333 & tcpdump -i lo tcp port 333 \tn % Row Count 9 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.52 cm} x{4.48 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Applocker}} \tn % Row 0 \SetRowColor{LightBackground} AppIDSvc (Application Identity) & applocker service \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} secpol.msc & local security policy-\textgreater{} Application Control Policies -\textgreater{} AppLocker \tn % Row Count 5 (+ 3) % Row 2 \SetRowColor{LightBackground} Publisher & For digitally signed apps. More secure than the Path condition and relatively easy to maintain \tn % Row Count 10 (+ 5) % Row 3 \SetRowColor{white} Path & The Path condition is conceptually simplistic. With this method you set up allowlists and blocklists based on an application's location on the file system \tn % Row Count 17 (+ 7) % Row 4 \SetRowColor{LightBackground} File Hash & It is seen as a more secure option than using the Path and when the file is not or cannot be digitally signed. \tn % Row Count 23 (+ 6) % Row 5 \SetRowColor{white} Applocker & create and define rules that apply to security groups and even a single user. Rules can be applied to Windows binaries, DLLs, installers, and various script files, such as .ps1, .cmd, and .js. \tn % Row Count 32 (+ 9) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.92 cm} x{4.08 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{Malware analysis}} \tn % Row 0 \SetRowColor{LightBackground} strings -n 14 trojan1 | more & string 14 characters or longer \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} python -c 'print("A" *100)' \textgreater{} bof & python -c 'print("A" * 1000)' \textgreater{} bof \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{hping}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{hping3 -{}-help | more} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-c: The count option enables you to specify the number of packets to send.} \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-i: The interval option enables you to specify the time between sending each packet.} \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{hping3 -{}-help | grep Mode -A7} \tn % Row Count 6 (+ 1) % Row 4 \SetRowColor{LightBackground} hping3 -{}-help | grep "\textbackslash{}-\textbackslash{}-spoof" -A7 -B1 & hping3 -{}-help | grep "\textbackslash{}-\textbackslash{}-base" -A15 -B1 \tn % Row Count 8 (+ 2) % Row 5 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-a: This option enables you to spoof the source IP address, which you will do soon.} \tn % Row Count 10 (+ 2) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-t: This option enables you to set the TTL to any wanted value.} \tn % Row Count 12 (+ 2) % Row 7 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-N: This option enables you to set the IP ID to any wanted value.} \tn % Row Count 14 (+ 2) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-f: This option enables you to force fragmentation of a packet.} \tn % Row Count 16 (+ 2) % Row 9 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-s: Set the source port number, which is usually a random ephemeral port.} \tn % Row Count 18 (+ 2) % Row 10 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-p: Set the destination port number.} \tn % Row Count 19 (+ 1) % Row 11 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-w: Set the window size.} \tn % Row Count 20 (+ 1) % Row 12 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-b: Try sending a packet with a bad checksum.} \tn % Row Count 21 (+ 1) % Row 13 \SetRowColor{white} hping3 -S 10.10.10.10 -p 21 -c 1 & SYN packet to TCP port 21 -c 1 packet \tn % Row Count 23 (+ 2) % Row 14 \SetRowColor{LightBackground} hping3 -S 10.10.10.10 -a 10.11.12.13 -p 21 -c 1 & spoof IP address \tn % Row Count 26 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{secedit}} \tn % Row 0 \SetRowColor{LightBackground} secedit.exe /analyze & review cmd line switches \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} secedit.exe /analyze /db temp.sdb /cfg \seqsplit{SecurityTemplate.inf} /log log.txt & compare log settings from template to local computer \tn % Row Count 6 (+ 4) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{look for mismatch in the output} \tn % Row Count 7 (+ 1) % Row 3 \SetRowColor{white} secedit.exe /configure & review cmd line switches \tn % Row Count 9 (+ 2) % Row 4 \SetRowColor{LightBackground} secedit.exe /configure /db temp.sdb /cfg \seqsplit{SecurityTemplate.inf} & reconfigure the computer by applying security template \tn % Row Count 13 (+ 4) % Row 5 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Get-Content .\textbackslash{}out.txt | Select-String -Pattern "Mismatch"} \tn % Row Count 15 (+ 2) % Row 6 \SetRowColor{LightBackground} Get-Help -Full Get-Content & Get-Help -Full Select-String \tn % Row Count 17 (+ 2) % Row 7 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{Start-Process PowerShell.exe} \tn % Row Count 18 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{3.2 cm} x{4.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{GPG}} \tn % Row 0 \SetRowColor{LightBackground} gpa \& & open GNU privacy assistant \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} eom sans-logo.png & eom is image viewer \tn % Row Count 4 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{p{0.8 cm} p{0.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{TCPdump}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-i Specify from which network interface you would like tcpdump to sniff.} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-s Number of bytes "snaplen" to capture per packet. Default is 262,144 bytes.} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-c Number of packets to capture before stopping.} \tn % Row Count 5 (+ 1) % Row 3 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-n Don't resolve hostnames or well-known port numbers to their service.} \tn % Row Count 7 (+ 2) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-X Show packet contents in hexadecimal and ASCII.} \tn % Row Count 8 (+ 1) % Row 5 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{-XX Show packet contents in hexadecimal and ASCII, as well as the Ethernet header.} \tn % Row Count 10 (+ 2) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{-e Display Ethernet header data.} \tn % Row Count 11 (+ 1) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{nmap}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{nmap -{}-help | more} \tn % Row Count 1 (+ 1) % Row 1 \SetRowColor{white} nmap -{}-help | grep "HOST DISCOVERY" -A10 & 10 lines after host discovery \tn % Row Count 3 (+ 2) % Row 2 \SetRowColor{LightBackground} nmap -{}-help | grep "SCAN TECHNIQUES" -A8 & 8 lines after scan techniques \tn % Row Count 5 (+ 2) % Row 3 \SetRowColor{white} -sS performs a SYN or Stealth scan to each port designated and does not send the final ACK in the 3-way handshake. This is to try to avoid having the connection attempt logged because some older systems do not log the attempt until the 3-way handshake completes. & The -{}-reason option is useful because it specifies how it determined the state of the port. The -{}-packet-trace option shows all packets sent and received. \tn % Row Count 19 (+ 14) % Row 4 \SetRowColor{LightBackground} -sT attempts a TCP connect scan to each port designated and completes the 3-way handshake to see if the port is open & -oA prints the output to the file you specify in normal, XML, and grepable formats. \tn % Row Count 25 (+ 6) % Row 5 \SetRowColor{white} -sA performs an ACK scan to each port designated. This means that it does not first send a SYN packet as expected and sends a packet only with the ACK flag set. The idea is to try and pass through some filters, wrongly making the assumption that if the ACK flag is set, that it must be from an active TCP session that is permitted. If a system receives an unsolicited packet with the ACK flag set, it will respond back with the RST flag. This does not indicate that a particular port is open, but does indicate that the IP address is active on the network, similar to a ping command. & -oG prints the output to the file you specify in grepable format. \tn % Row Count 55 (+ 30) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{nmap (cont)}} \tn % Row 6 \SetRowColor{LightBackground} -sW also performs an ACK scan but also interrogates the TCP window size because some systems set the window size to 0 if the port is closed. & -oS prints the output to the file you specify in "script kiddie" format, which is mostly for fun. \tn % Row Count 7 (+ 7) % Row 7 \SetRowColor{white} -sM performs a Maimon scan and is named after the author Uriel Maimon. This scan technique modifies the TCP flags that proved useful in identifying some BSD-derived operating systems. & -oX prints the output to the file you specify in XML format. \tn % Row Count 17 (+ 10) % Row 8 \SetRowColor{LightBackground} -sU option tells Nmap to scan UDP ports instead of TCP ports. Other scans, such as "Null", "FIN", and "Xmas", each use different combinations of the TCP flags to try and elicit a response. We will not cover every one of the commands because there are far too many, and they are all well documented in the Nmap documentation. & -oN prints the output to the file you specify, exactly how it is displayed on the screen. \tn % Row Count 34 (+ 17) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{nmap (cont)}} \tn % Row 9 \SetRowColor{LightBackground} nmap -{}-help | grep "PORT SPECIFICATION" -A7 & nmap -{}-help | grep "OUTPUT" -A8 \tn % Row Count 3 (+ 3) % Row 10 \SetRowColor{white} nmap -{}-help | grep "TIMING AND PERF" -A12 & -{}-max-rate : This option tells Nmap to send packets no faster than the number specified per second. \tn % Row Count 8 (+ 5) % Row 11 \SetRowColor{LightBackground} -T: This option enables you to choose a value between 0 and 5, each performing the scan at different speeds-{}-{}-the lower the number, the slower the scan is performed. & -{}-min-rate : This option tells Nmap to send packets no slower than the number specified per second. \tn % Row Count 17 (+ 9) % Row 12 \SetRowColor{white} -{}-max-retries: This option tells Nmap how many times to retransmit probe attempts to a system. & -{}-host-timeout: This option tells Nmap how quickly to give up on a host. \tn % Row Count 22 (+ 5) % Row 13 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{nmap -sT -{}-reason 10.10.10.10 -oN scan1.txt} \tn % Row Count 23 (+ 1) % Row 14 \SetRowColor{white} nmap -sU 10.10.10.10 -p69,161 -oN scan2.txt & UDP scan \tn % Row Count 26 (+ 3) % Row 15 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{nmap -n -{}-packet-trace -sS 10.10.10.10 -p80} \tn % Row Count 27 (+ 1) % Row 16 \SetRowColor{white} nmap -n -sT -O 10.10.10.10 -p21,80 & OS version scanning \tn % Row Count 29 (+ 2) % Row 17 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{nmap -n -sT -A 10.10.10.10 -p21,80} \tn % Row Count 30 (+ 1) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{x{4 cm} x{4 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{nmap (cont)}} \tn % Row 18 \SetRowColor{LightBackground} ls \seqsplit{/usr/share/nmap/scripts/p*} & scripting engine path \tn % Row Count 2 (+ 2) % Row 19 \SetRowColor{white} \mymulticolumn{2}{x{8.4cm}}{nmap -sU -p161 -{}-script snmp-brute 10.10.10.10 -{}-script-args \seqsplit{snmp-brute.communitiesdb=community.lst}} \tn % Row Count 4 (+ 2) % Row 20 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{snmpcheck -t 10.10.10.10 -c publ1c | grep "User accounts" -A12} \tn % Row Count 6 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}