nmap <ip>
#or
nmap -A -T4 <ip>
gobuster dir -u <ip> -w /usr/share/wordlists/dirb/common.txt
hydra -l <username> -P /path/to/rockyou.txt <service> <targer ip>
john --wordlist=</path/to/rockyou.txt> --format=<format> <hash key>
ssh2john <filename>
#id_rsa to hash
zip2john <zip file> > <txt file>
sudo -l
#look for anything intersting
chattr +i /root/king.txt
#immune the root file
netstat -nlp | grep <port>
#find process that run on x port
ps -p <PROCESS ID>
#search for PID
kill -9 <PROCESS ID>
#kill for the win
python -c 'import pty; pty.spawn("/bin/bash")'
#in revshell
$ python -c 'import pty; pty.spawn("/bin/bash")'
CTRL-Z
#in kali
$ stty raw -echo
$ fg
#in revshell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>
