search

Tools

hashtag
bash

# View apache logs
sudo tail -f /var/log/apache2/access.log

# Find vulnerable private ssh keys
find /home/ -name "id_rsa"

# Descargar fichero de clave ssh por scp
scp linuxvictim@linuxvictim:svuser.key ./

# Buscar fichero de cache kerberos en linux
sudo find / -name "*krb5cc*"

# comprobar version de linux
uname -m
cat /etc/issue
# x86_64: para sistemas de 64 bits basados en Intel o AMD.
# i386 o i686: para sistemas de 32 bits basados en Intel o AMD.
# armv7l: para sistemas de 32 bits basados en ARM.
# aarch64: para sistemas de 64 bits basados en ARM.

# Who else is on this box (lateral movement)?
ls -la /home
cat /etc/passwd

# What executables have SUID bit that can be executed as another user?
find / -type f -user root -perm /u+s -ls 2>/dev/null

# Privilege escalation
sudo -l
cat /etc/sudoers
cat /etc/sudoers.d

# imprimir hora del sistema
date +"%b %d %T"

hashtag
bitsadmin

hashtag
certutil

hashtag
chisel

hashtag
cmd

hashtag
crackmapexec

hashtag
dotnettojscript

hashtag
evil-winrm

hashtag
gcc

hashtag
gobuster

hashtag
hashcat

hashtag
hostrecon

hashtag
impacket

hashtag
johntheripper

hashtag
metasploit

hashtag
meterpreter

hashtag
msfconsole

hashtag
msfvenom

hashtag
mimikatz

hashtag
mssql

Connect with windows-auth

Connect with password

hashtag
netcat nc

hashtag
nmap

hashtag
ntlmrelayx

hashtag
lapstoolkit

hashtag
ldapsearch

hashtag
linpeas

hashtag
powermad

hashtag
PowerShell

Add domain admin

Add local admin with RDP

Change user password

Change user password and cover

Check 64bit shell

Check CLM

Enable PSRemoting

Load Assembly

Run DLL

Runas

PreviousNetwork ForwardingNextCRTO Cheat Sheet

Last updated