Cheat Sheet

Enumeration

TCP

• nmap -p- -T4 -n IP
• masscan -p0-65535 IP -n –rate 1000 -oL masscan
• nmap -sC -sV IP -oA nmap
• netdiscover -r IP
• nmap –script smb-check-vulns.nse –script-args=unsafe=1 -p445 IP

UDP

• nmap -p- -sU IP -oA udpports
• nmap -sU –top-ports 200 IP
• nmap -sU -sS –script=smb-enum-users -p U:137,T:139 192.168.1.200-254

Ports

• 21 FTP
• 22 SSH
• 25 SMTP
• 53 Domain
• 79 Finger
• 80/443 HTTP
• 110 PoP3
• 111 RPCBind
• 135 RPC
• 139/445 SMB
• 161/162 SNMP (UDP)
• 389 LDAP
• 1433 MsSQL
• 1521 Oracle Database
• 2049 NFS
• 3306 MySQL
• 3389 Remote Desktop Service

OpenVPN to Shell

• OpenVPN to shell

Privilege Escalation

• Linux
• Windows

Cryptography

• Hashes

Wordlist

• Good Wordlist
• Custom Wordlist

Steganography

• exiftool filename.png
• binwalk -Me file.png
• steghide
  • steghide -xf filename.jgp