Methodology

This page is a constant work in progress and contains my typical thought process in enumerating and hacking a system. I will also have “cheatsheet” commands for various applications.

Discovery

Enumerating Services

Enumerating Web

Shell / Code Execution

Privilege Escalation

Linux

Windows

Tools

General

nmap

Arguments

  • A - All scripts
  • oA - Output to file
  • Pn - No Ping Scan
  • -p- - All Ports
  • sC - Connect Scan
  • sV - Version Scan

Web

sqlmap

Arguments

* * *

Windows

enum4linux

ldapsearch

rpcclient

Auth-Less Login

rpcclient <IP ADDRESS> -U ""

smbclient

List Share

smbclient -L <IP ADDRESS> -U <USERNAME>

Connect Share

smbclient \\\\<IP ADDRESS>\\<SHARE NAME> -U <USERNAME>