Helpful Command QR

ports=$(nmap -p- --min-rate=1000 -T4 <target-ip> | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

Description of command

ports=$(...): This part of the command assigns the result of the command within the parentheses to the variable ports.

nmap -p- --min-rate=1000 -T4 10.129.228.206: This nmap command scans all ports (specified by p-) on the IP address 10.129.228.206. The -min-rate=1000 flag sets the minimum rate of packets sent per second, and the T4 flag sets the timing template to "aggressive" for faster scanning.

grep ^[0-9]: This filters the nmap output, keeping only the lines starting with a number (i.e., the lines containing open ports).

cut -d '/' -f 1: This command processes the filtered lines by cutting each line at the delimiter / and keeping only the first field, which is the port number.

tr '\\n' ',': This translates newline characters \ into commas ,, joining all the port numbers in a single line separated by commas.

nmap -p$ports -sC -sV <target-ip>

python3 -c 'import pty;pty.spawn("/bin/bash")'

Emumerate users

ldapsearch -h x.x.x.x -x -b "DC=DOMAIN,DC=DOMAIN" -s sub "(&(objectclass=user))"  | grep sAMAccountName: | cut -f2 -d" "

enum4linux -U x.x.x.x  | grep "user:" | cut -f2 -d"[" | cut -f1 -d"]"

kerbrute userenum -d domain.tld --dc x.x.x.x /path/to/username.list > enum_users

find /path/to/directory -type f -exec grep -il "keyword" {} +

find /path/to/directory \( -name "*.key" -o -name "*.pem" -o -name "*.bak" -o -name "*.conf" \) -exec ls -lah {} + 2>/dev/null

Last updated 4 months ago

ports=$(nmap -p- --min-rate=1000 -T4 <target-ip> | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed s/,$//)

Description of command

ports=$(...): This part of the command assigns the result of the command within the parentheses to the variable ports.

nmap -p- --min-rate=1000 -T4 10.129.228.206: This nmap command scans all ports (specified by p-) on the IP address 10.129.228.206. The -min-rate=1000 flag sets the minimum rate of packets sent per second, and the T4 flag sets the timing template to "aggressive" for faster scanning.

grep ^[0-9]: This filters the nmap output, keeping only the lines starting with a number (i.e., the lines containing open ports).

cut -d '/' -f 1: This command processes the filtered lines by cutting each line at the delimiter / and keeping only the first field, which is the port number.

tr '\\n' ',': This translates newline characters \ into commas ,, joining all the port numbers in a single line separated by commas.

nmap -p$ports -sC -sV <target-ip>

python3 -c 'import pty;pty.spawn("/bin/bash")'

Emumerate users

ldapsearch -h x.x.x.x -x -b "DC=DOMAIN,DC=DOMAIN" -s sub "(&(objectclass=user))"  | grep sAMAccountName: | cut -f2 -d" "

enum4linux -U x.x.x.x  | grep "user:" | cut -f2 -d"[" | cut -f1 -d"]"

kerbrute userenum -d domain.tld --dc x.x.x.x /path/to/username.list > enum_users

find /path/to/directory -type f -exec grep -il "keyword" {} +

find /path/to/directory \( -name "*.key" -o -name "*.pem" -o -name "*.bak" -o -name "*.conf" \) -exec ls -lah {} + 2>/dev/null

Last updated 4 months ago