Kashishtopi
  • whoami
    • Little bit more about me
  • OSCP Cheatsheet
    • Cheatsheet
      • Scanning
      • Ports
        • 80/443 - HTTP(s)
        • 139/445 - SMB
        • 21 - FTP
        • 53 - DNS
        • 22 - SSH
        • 389/636/3268 - LDAP
        • 161 - SNMP
        • 25 - SMTP
        • 3389 - RDP
        • 135/593 - RPC
        • 5985/5986 - Evil-winrm
        • 3306 - MYSQL
        • 1433 - MSSQL
      • Shells
        • TTY shells
      • File Transfers
      • Host Web Server
    • Attacks
      • WebShell
      • Password Cracking
        • Bruteforce
        • Hash Crack
        • Create Wordlist
      • File Uploads
        • HTML (.hta)
        • Macro
        • OLE
      • LFI / RFI
      • Shellshock
      • Github
      • SQLi
        • MYSQL
        • MSSQL
    • Linux PrivEsc
      • Automated
      • Methodology
      • Quick wins
      • Manual Enum
      • Kernel Exploits
      • SUID
      • Insecure File Perm
      • Password Loot
      • Restrict Shell Escape
      • Sudo
      • Docker
      • Cron Jobs
      • Device Drivers
      • Unmounted Drives
      • Capabilities
      • NFS Root Squashing
    • Windows PrivEsc
      • Kernel exploit
      • Manual
      • Quick Wins
      • Password loot
      • Run As
      • SE Privileges
      • Unquoted Service Path
      • Scheduled Tasks
      • AlwaysInstallElevated
      • Insecure File permission
      • Windows Subsystem
      • UAC Bypass
      • .ODT - Htdocs
      • Autoron
      • upnuphost
    • Active Directory
      • We got Users but no Pass?
      • Enumeration
      • Authentication
      • Pivoting
      • Lateral Movement
      • Hash Dumping
      • Persistence
Powered by GitBook
On this page

Was this helpful?

  1. OSCP Cheatsheet
  2. Cheatsheet

Scanning

Nmap Scans

  1. nmap -T4 -p- -A <IP> # T0 -> slowest but covert, T4 -> aggressive but noisy.

  2. nmap -sU --top-ports 100 -vvv <IP> # UDP Ports

  3. nmap --top-ports 100 -F # Top 100 Ports

  4. nmap -p1-1023 <IP> # Port Range

  5. nmap -p22,80,443 <IP> # Specific Ports

  6. nmap <IP>/24 # Subnet

  7. nmap -sT -p- --min-rate 5000 --max-retries 1 <IP> # TCP Ports

  8. nmap -sU -p- --min-rate 5000 --max-retries 1 <IP> # UDP Ports

RustScan & Autorecon

  1. RustScan: docker run -it --rm --name rustscan rustscan/rustscan:2.0.0 -a <IP> range 0-65535 -- -A

  2. Autorecon: autorecon <IP>

Directory Busting

  1. dirb http:///<IP>/ # If port -> 443, Do HTTPS

  2. gobuster dir -x php,txt,xml,asp,aspx --url http://<IP>/ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-big.txt -b 404 -f

  3. feroxbuster --url http://<IP>/ --filter-status 401,402,403,404 -x txt,cgi,sh,pl,asp,aspx,php --depth 2 --output ferox.result -k --wordlist=/usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -f

  4. ffuf -c -u http://<IP>/FUZZ -w /usr/share/seclists/Discovery/Web-Content/directory-list-2.3-medium.txt

Vulnerability Scanner - Nikto

  1. nikto -host http://<IP>/ # If port -> 443, Do HTTPS

PreviousCheatsheetNextPorts

Last updated 1 year ago

Was this helpful?

Page cover image