Kali - msfconsole (Metasploit)

Start meterpreter listener from command line for Linux target: [crayon-5c1a3854ef5d5731501731/] Start meterpreter listener from command line for Windows target: [crayon-5c1a3854ef5db854827976/] Tips: Use "set AutoRunScript post/windows/manage/migrate" to auto-migrate Use "set ReverseListenerBindAddress 10.1.1.10" to force the listener address to a particular IP. This can be handy for exploits that target 127.0.0.1, [..]

Kali - msfvenom

Attacker = 10.1.1.10 Target = 10.1.1.200 Create a Windows reverse shell executable for netcat listener: [crayon-5c1a3854ef8a4508423356/] Create a Windows reverse shell executable for Meterpreter listener: [crayon-5c1a3854ef8aa395107474/] Create a Linux reverse shell executable for netcat listener: [crayon-5c1a3854ef8ad187120944/] Create a Linux reverse shell executable for Meterpreter listener: [crayon-5c1a3854ef8ae517777952/] Create a reverse [..]

NMAP

TCP scan a single host (on LAN takes about 60 seconds, on fast VPN can take 5 minutes): [crayon-5c1a3854efa5c483921380/] UDP scan a single host (only top 200 ports, otherwise very slow!): [crayon-5c1a3854efa60636771937/] Run an intensive scan on the open ports. Scan TCP and UDP separately to speed up the [..]

Bypassing filters

Linux bash commands: [crayon-5c1a3854efb46819950980/] [crayon-5c1a3854efb4a549668384/] [crayon-5c1a3854efb4b494605191/]    

Various Tools

DBeaver - Client that supports SQL, MySQL, PostgreSQL, MariaDB, SQLite, Oracle, DB2, SQL Server, Sybase, MS Access, Teradata, Firebird, Derby, etc. Reaver - Wireless WPS attack tool PixieWPS - Wireless WPS offline cracker (exploits weak entropy)  

Wireless hacking

WEP - Brute-force key recovery [crayon-5c1a3854efc1b416908895/] Keep aireplay-ng running in the background while we start to [crayon-5c1a3854efc1e240196584/] With aireplay-ng running, start cracking the WEP key using: [crayon-5c1a3854efc20126565491/] WPA2 - Crack using a wordlist [crayon-5c1a3854efc21447085815/] With airodump-ng running in another terminal [crayon-5c1a3854efc22885207236/] Keep replaying until you have captured the handshake [..]

Useful Commands - Windows

Use winexe to execute a command on Windows remotely [crayon-5c1a3854efd55315737726/]  

Create customized wordlist

Create a wordlist containing words from length 1 to 6 with characters 0-9 and A-F: [crayon-5c1a3854efe56209941114/] Create a wordlist containing words with length of 4 with characters mixed alpha-numerical [crayon-5c1a3854efe59092855256/] Say you want to create a wordlist with a length of 8, with the following characteristics: [Capital Letter] [2 [..]

tcpdump examples

Capture packets with host 20.20.20.20 and port 110 and write to file: [crayon-5c1a3854eff28425813177/] Capture ICMP ping requests [crayon-5c1a3854eff2b337708484/] Capture ICMP ping replies [crayon-5c1a3854eff2c077210007/] Capture packets with DSCP tags [crayon-5c1a3854eff2d792586990/] Dump HTTP traffic in ASCII and HEX format [crayon-5c1a3854eff2f197505659/] Grab the user agent from the http header on port 9999 [..]