Cashmere makes perfect better BTW I USE ARCH

OffSec Cheatsheet

The purpose of this page is to store commands and techniques that I might want to reuse at some point.
Current state: mess in progress :)





DNS reverse query:

dig @ -x


NSE script list: /usr/share/nmap/scripts/script.db

Nmap scan optimization:
-f:- Used to fragment the packets (i.e. split them into smaller pieces) making it less likely that the packets will be detected by a firewall or IDS. An alternative to -f, but providing more control over the size of the packets: –mtu number, accepts a maximum transmission unit size to use for the packets sent. This must be a multiple of 8. –scan-delay time-ms:- used to add a delay between packets sent. This is very useful if the network is unstable, but also for evading any time-based firewall/IDS triggers which may be in place. –badsum:- this is used to generate in invalid checksum for packets. Any real TCP/IP stack would drop this packet, however, firewalls may potentially respond automatically, without bothering to check the checksum of the packet. As such, this switch can be used to determine the presence of a firewall/IDS.



sqlmap on login form

sqlmap -u "http://$IP/login.php" --data="username=admin&password=test" --method POST


Static binaries:

Ping sweep with /bin/sh:

for i in {1..255}; do (ping -c 1 192.168.1.${i} | grep "bytes from" &); done

Reverse Shell upgrade:

python3 -c 'import pty; pty.spawn("/bin/bash")'
python -c 'import pty; pty.spawn("/bin/bash")'


Debloat the world

CTF-like websites