bajok
~bajok
Cashmere makes perfect better BTW I USE ARCH

OffSec Cheatsheet


The purpose of this page is to store commands and techniques that I might want to reuse at some point.
Current state: mess in progress :)


Tools


Tshark

https://www.wireshark.org/docs/dfref/

Hashcat

https://hashcat.net/wiki/doku.php?id=example_hashes

Dig

DNS reverse query:

dig @10.10.10.10 -x 10.10.10.10

Nmap

NSE script list: https://nmap.org/nsedoc/ /usr/share/nmap/scripts/script.db

Nmap scan optimization:
-f:- Used to fragment the packets (i.e. split them into smaller pieces) making it less likely that the packets will be detected by a firewall or IDS. An alternative to -f, but providing more control over the size of the packets: –mtu number, accepts a maximum transmission unit size to use for the packets sent. This must be a multiple of 8. –scan-delay time-ms:- used to add a delay between packets sent. This is very useful if the network is unstable, but also for evading any time-based firewall/IDS triggers which may be in place. –badsum:- this is used to generate in invalid checksum for packets. Any real TCP/IP stack would drop this packet, however, firewalls may potentially respond automatically, without bothering to check the checksum of the packet. As such, this switch can be used to determine the presence of a firewall/IDS.


Techniques


WAPT

sqlmap on login form

sqlmap -u "http://$IP/login.php" --data="username=admin&password=test" --method POST

Pivoting

Static binaries:
https://github.com/andrew-d/static-binaries
https://github.com/ernw/static-toolbox/

Ping sweep with /bin/sh:

for i in {1..255}; do (ping -c 1 192.168.1.${i} | grep "bytes from" &); done

Reverse Shell upgrade:

python3 -c 'import pty; pty.spawn("/bin/bash")'
python -c 'import pty; pty.spawn("/bin/bash")'

(tmp)

Debloat the world

https://suckless.org/
https://pedantic.software

http://motherfuckingwebsite.com
http://bettermotherfuckingwebsite.com
https://evenbettermotherfucking.website

https://nojs.club/

CTF-like websites

http://www.vimgolf.com/
https://immersivelabs.online/
https://picoctf.com/resources
https://overthewire.org/wargames/
https://www.hackthebox.eu/home
https://tryhackme.com/
https://www.hackthissite.org/
http://www.wechall.net/
https://pwnable.kr/play.php
https://rozwal.to/
https://www.geoguessr.com/
https://ctf.hacker101.com/
https://bugcrowd.com/bajok
https://hack.cert.pl/
https://nps.edu/web/c3o/labtainers
https://www.vulnhub.com/
https://portal.offensive-security.com/sign-up-select-product
https://codered.eccouncil.org/
https://py.checkio.org/station/library/
https://academy.hackthebox.eu/
https://www.osintdojo.com/
https://www.root-me.org/?page=login&lang=en