b2r/koth
Start
Scan ports
nmap <ip>
#or
nmap -A -T4 <ip>Nikto
nikto -h <ip>SMB
enum4linux <ip>Search directories
gobuster dir -u <ip> -w /usr/share/wordlists/dirb/common.txtPassword Cracking
Hydra
hydra -l <username> -P /path/to/rockyou.txt <service> <targer ip>JohnTheRipper
john --wordlist=</path/to/rockyou.txt> --format=<format> <hash key>ssh2john
ssh2john <filename>
#id_rsa to hashzip2john
zip2john <zip file> > <txt file>RevShell
PrivEsc
sudo -l
#look for anything intersting
Defend The Title 👑
chattr +i /root/king.txt
#immune the root filenetstat -nlp | grep <port>
#find process that run on x port
ps -p <PROCESS ID>
#search for PID
kill -9 <PROCESS ID>
#kill for the winOther
Interactive TTY
python -c 'import pty; pty.spawn("/bin/bash")'#in revshell
$ python -c 'import pty; pty.spawn("/bin/bash")'
CTRL-Z
#in kali
$ stty raw -echo
$ fg
#in revshell
$ reset
$ export SHELL=bash
$ export TERM=xterm-256color
$ stty rows <num> columns <cols>Last updated