b2r/koth

Start

Scan ports

nmap <ip>
#or
nmap -A -T4 <ip>

Nikto

nikto -h <ip>

SMB

enum4linux <ip>

Search directories

gobuster dir -u <ip> -w /usr/share/wordlists/dirb/common.txt

Password Cracking

Hydra

hydra -l <username> -P /path/to/rockyou.txt <service> <targer ip>

JohnTheRipper

john --wordlist=</path/to/rockyou.txt> --format=<format> <hash key>

ssh2john

ssh2john <filename> 
#id_rsa to hash

zip2john

zip2john <zip file> > <txt file>

RevShell

Online - Reverse Shell Generatorwww.revshells.com

PrivEsc

sudo -l 
#look for anything intersting

Defend The Title 👑

chattr +i /root/king.txt
#immune the root file

netstat -nlp | grep <port>
#find process that run on x port

ps -p <PROCESS ID>
#search for PID

kill -9 <PROCESS ID>
#kill for the win

Other

Interactive TTY

python -c 'import pty; pty.spawn("/bin/bash")'

#in revshell
$ python -c 'import pty; pty.spawn("/bin/bash")'
CTRL-Z

#in kali
$ stty raw -echo
$ fg

#in revshell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>

Last updated 1 year ago