mirror of
https://github.com/AbdullahRizwan101/CTF-Writeups
synced 2024-11-10 06:34:17 +00:00
Update Cheat Sheet.md
This commit is contained in:
parent
f30215498c
commit
5dea9a26df
1 changed files with 11 additions and 3 deletions
|
@ -169,6 +169,7 @@ msfvenom --list formats
|
|||
run getgui -u [USER_NAME] -p [PASS]
|
||||
|
||||
# Git
|
||||
|
||||
### Dumping repository
|
||||
`./gitdumper.sh <location_of_remote_or_local_repostiory_having./.git> <destination_folder>`
|
||||
|
||||
|
@ -198,7 +199,6 @@ Here `api-endpoint` can be for example `/api/v1/resources/books\?FUZZ\=.bash_his
|
|||
|
||||
### Web Shell Bash
|
||||
`bash -c "<bash_rev_shell>"`
|
||||
|
||||
# Wordlists
|
||||
|
||||
### Directory Bruteforcing
|
||||
|
@ -206,8 +206,17 @@ Here `api-endpoint` can be for example `/api/v1/resources/books\?FUZZ\=.bash_his
|
|||
* /usr/share/wordlists/dirb/common.txt
|
||||
* /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt
|
||||
|
||||
### Credential Bruteforcing
|
||||
#### Gobuster
|
||||
`gobuster dir -u http://<ip>/ -w <path_to_wordlist>`
|
||||
`gobuster dir -u http://<ip>/ -w <path_to_wordlist> -s "204,301,302,307,401,403"` (use status code if 200 is configured to respond on the web server to every get request)
|
||||
|
||||
### Feroxbuster
|
||||
`feroxbuster -u http://<ip>/ -w <path_to_wordlist>`
|
||||
|
||||
### Dirsearch
|
||||
`python3 dirsearch.py -u http://<ip>/ -w <path_to_text>`
|
||||
|
||||
### Credential Bruteforcing
|
||||
* /usr/share/wordlists/rockyou.txt
|
||||
* /usr/share/wordlists/fasstrackt.txt
|
||||
* using `crackstation`
|
||||
|
@ -248,7 +257,6 @@ This spiders the given url and finding keyowrds then makes a wordlists through i
|
|||
* logoff id|user_name
|
||||
|
||||
|
||||
|
||||
export HISTFILE=/dev/null found this it might help you out a little when doing KOTH it basically stops bash logging your commands in the ~/.bash_history file <br/>
|
||||
sudo ifconfig tun0 down<br/>
|
||||
sudo ip link set tun0 down<br/>
|
||||
|
|
Loading…
Reference in a new issue