Quick guide for pentest CTFs like Boot2Roots. Methodology: identify problem(s), gather info, analyze clues, test/iterate/repeat, and avoid common mistakes. Wikis HackTricks AppSecExplained Red Team Notes Blogs Overgrowncarrot1 Enumerate Open ports? rustscan, nmap. Running services? Version numbers? Operating System (Linux/Windows)? Domains? /etc/hosts Webserver (Apache/Ngnix)? Subdomins? DNS nslookup $domain dig -query=ANY $domain Common Files robots.txt sitemap.xml .htaccess security.txt manifest.json browserconfig.xml etc PrivEsc sudo -l curl ^ Thanks for reading

1 min · 67 words · Ash


rustscan rustscan -a $ip -g rustscan -a $ip -p $ports -- -sC -sV | tee scan.init nmap nmap -vv -Pn $ip nmap -vv -Pn -p $ports -A $ip feroxbuster feroxbuster -u http://$ipa -w $wordlist | tee fuzz.init FFUF ffuf -u http://$ip/FUZZ -w $wordlist | tee fuzz.init firefox Analysis: Whatruns, Wappalyzer /robots.txt, sitemap(.xml) smb enum4linux $ipa | tee enum4.txt # smb shares Linux Enumeration ls -la /home cat /etc/passwd cat /etc/crontab sudo -l # run sudo with?...

1 min · 107 words · Ash


Full Supported Languages List Alias(es) Here’s what I use for my urls: url: hugo alias: # aliases for multiple - post/hugo - But in order for aliases to work, I have to change aslias to asliases, save. Then change it back to aslias. Strange. Markdown All in One Hands down the best extension to use within VSCode is Markdown All in One. Paste links over text for automatic linking Continues ordered and unordered lists when typing Working Checkbox Items Add the below snippet to footer e....

1 min · 114 words · Ash


whoami /priv whoami /all gci -recurse . gci -recurse -hidden . Manual Enum - C:\Users - C:\ - C:\Windows\Temp Auto Enum - Winpeas - PrivesCheck ( - . .\PrivescCheck.ps1; Invoke-PrivescCheck Transfer - wget http://$ip/ -UseBasicParsing -OutFile $file.ext wget -UseBasicParsing -OutFile PrivescCheck.ps1``` --- Thanks for reading

1 min · 46 words · Ash


Installing Docker. Bash script: #!/bin/bash # Update, install and enable Docker sudo apt update -y && sudo apt upgrade -y sudo apt install -y sudo systemctl enable docker --now # Add current use into docker group sudo usermod -aG docker $USER # Pull latest Rustscan docker pull rustscan/rustscan:latest # Create a ZSH Aliases File touch ~/.zsh_aliases # Add it to ZSH RC echo """if [ -f ~/.zsh_aliases ]; then ....

1 min · 143 words · Ash