👾
ctrl-z
  • 👋Welcome to ctrl-z
  • Cheat Sheets
    • Helpful Command QR
    • Footprinting
    • Information Gathering
    • File Transfers
    • LFI
    • MetaSploit
      • Using msfconsole
      • Creating Metasploit Payloads
    • Shells
      • Shells and Payloads
      • Shell Cheatsheet
    • Password Attacks
    • Attacking Common Services
    • Pivoting & Port Forwarding
    • Web Attacks
      • SQL
        • MySQL & SQLi
        • SQLmap
      • Fuzzing w FFUF
      • Bruteforce w Hydra
      • XSS
    • Active Directory
      • Intro to AD
      • AD Enum&Attack
      • RPC-Client
      • 🥝mimikatz
      • NTLM Relay Attacks
    • 💢Buffer Overflow
    • Priv Esc
      • Linux Priv Esc
      • Windows Priv Esc
        • mimikatz
  • Tools
    • Containers
      • Kubernetes
      • Container Testing Methodology
      • Dropping Kali in your test space
    • Cloud
      • aws cli
    • Command Line
      • Linux Basic CML
      • Windows CML
      • Mac CML
    • Redteam & C2
      • Covenant C2
    • JS Deobuscation
    • Crackmapexec
  • Scripts
    • Priv Esc
  • Loot
  • Write Ups
    • Inject (active at the time)
Powered by GitBook
On this page
  • Nmap scanning
  • Shells
  • Active Directory Enum
  • Finding Files
  1. Cheat Sheets

Helpful Command QR

Nmap scanning

ports=$(nmap -p- --min-rate=1000 -T4 <target-ip> | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)
Description of command

  • ports=$(...): This part of the command assigns the result of the command within the parentheses to the variable ports.

  • nmap -p- --min-rate=1000 -T4 10.129.228.206: This nmap command scans all ports (specified by p-) on the IP address 10.129.228.206. The -min-rate=1000 flag sets the minimum rate of packets sent per second, and the T4 flag sets the timing template to "aggressive" for faster scanning.

  • grep ^[0-9]: This filters the nmap output, keeping only the lines starting with a number (i.e., the lines containing open ports).

  • cut -d '/' -f 1: This command processes the filtered lines by cutting each line at the delimiter / and keeping only the first field, which is the port number.

  • tr '\\n' ',': This translates newline characters \ into commas ,, joining all the port numbers in a single line separated by commas.

  • sed s/,$//: This removes the trailing comma at the end of the line.

nmap -p$ports -sC -sV <target-ip>

Shells

python3 -c 'import pty;pty.spawn("/bin/bash")'

Active Directory Enum

Emumerate users

ldapsearch -h x.x.x.x -x -b "DC=DOMAIN,DC=DOMAIN" -s sub "(&(objectclass=user))"  | grep sAMAccountName: | cut -f2 -d" "
enum4linux -U x.x.x.x  | grep "user:" | cut -f2 -d"[" | cut -f1 -d"]"
kerbrute userenum -d domain.tld --dc x.x.x.x /path/to/username.list > enum_users

Finding Files

find /path/to/directory -type f -exec grep -il "keyword" {} +
find /path/to/directory \( -name "*.key" -o -name "*.pem" -o -name "*.bak" -o -name "*.conf" \) -exec ls -lah {} + 2>/dev/null

PreviousWelcome to ctrl-zNextFootprinting

Last updated 5 months ago