Tools & Cheat Sheet

Nmap

nmap -p- -T5 --min-rate=1000 10.10.10.239 -oG fkclai.nmap
nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.239 -o nmap-result.txt

Directory Brute Force

feroxbuster -u http:///pikatwoo.pokatmon.htb -x php

dirb http://10.10.10.239/ /usr/share/wordlists/dirb/common.txt -o dirb-239.result

ffuf -u http://10.10.11.199:8080/v1/AUTH_andrew/FUZZ -w /opt/SecLists/Discovery/Web-Content/raft-medium-words.txt -mc all -ac

APK Analysis

# Static APK Analysis

apktool d mobile-app.apk
//Check the AndroidManifest.xml

# Configure

HTTP Tunnel

Chisel

Source: https://github.com/jpillora/chisel.git

https://0xdf.gitlab.io/2020/08/10/tunneling-with-chisel-and-ssf-update.html

1. Reverse Tunneling

 
// Hacker Machine
// setup a reverse server and listen the port 12345
./chisel server -p 12345 --reverse


//Victim Machine
// Listen on hacker 1337, forward to dump host ip on port 8000
./chisel client [hacker IP]:12345 R:1337:[dump host ip]:8000

// Hacker Machine
http://localhost:1337/ => http://[dump host ip]:8000

1. TCP basic tunneling

// Chisel server 1.1.1.1
./chisel server -p 1234

// Chisel Client 2.2.2.2 port 1337
./chisel client 1.1.1.1:1234 1337:www.exploit-db.com:443
wget https://localhost:9001/raw/45782