Kali - msfconsole (Metasploit)

Start meterpreter listener from command line for Linux target: [crayon-5baa8df047db6872435820/] Start meterpreter listener from command line for Windows target: [crayon-5baa8df047dbb179094007/] Tips: Use "set AutoRunScript post/windows/manage/migrate" to auto-migrate Use "set ReverseListenerBindAddress 10.1.1.10" to force the listener address to a particular IP. This can be handy for exploits that target 127.0.0.1, [..]

Kali - msfvenom

Attacker = 10.1.1.10 Target = 10.1.1.200 Create a Windows reverse shell executable for netcat listener: [crayon-5baa8df047ffe819521971/] Create a Windows reverse shell executable for Meterpreter listener: [crayon-5baa8df048002424166617/] Create a Linux reverse shell executable for netcat listener: [crayon-5baa8df048004464521139/] Create a Linux reverse shell executable for Meterpreter listener: [crayon-5baa8df048005507258540/] Create a reverse [..]

NMAP

TCP scan a single host (on LAN takes about 60 seconds, on fast VPN can take 5 minutes): [crayon-5baa8df04813b404741245/] UDP scan a single host (only top 200 ports, otherwise very slow!): [crayon-5baa8df04813e232003968/] Run an intensive scan on the open ports. Scan TCP and UDP separately to speed up the [..]

Bypassing filters

Linux bash commands: [crayon-5baa8df048213978851146/] [crayon-5baa8df048216006804100/] [crayon-5baa8df048217419733298/]    

Various Tools

DBeaver - Client that supports SQL, MySQL, PostgreSQL, MariaDB, SQLite, Oracle, DB2, SQL Server, Sybase, MS Access, Teradata, Firebird, Derby, etc. Reaver - Wireless WPS attack tool PixieWPS - Wireless WPS offline cracker (exploits weak entropy)  

Wireless hacking

WEP - Brute-force key recovery [crayon-5baa8df0482df489041270/] Keep aireplay-ng running in the background while we start to [crayon-5baa8df0482e2612438306/] With aireplay-ng running, start cracking the WEP key using: [crayon-5baa8df0482e3683319219/] WPA2 - Crack using a wordlist [crayon-5baa8df0482e5639332225/] With airodump-ng running in another terminal [crayon-5baa8df0482e6850090420/] Keep replaying until you have captured the handshake [..]

Useful Commands - Windows

Use winexe to execute a command on Windows remotely [crayon-5baa8df0483fb071413648/]  

Create customized wordlist

Create a wordlist containing words from length 1 to 6 with characters 0-9 and A-F: [crayon-5baa8df04852f048379550/] Create a wordlist containing words with length of 4 with characters mixed alpha-numerical [crayon-5baa8df048533424027886/] Say you want to create a wordlist with a length of 8, with the following characteristics: [Capital Letter] [2 [..]

tcpdump examples

Capture packets with host 20.20.20.20 and port 110 and write to file: [crayon-5baa8df0485ff483321788/] Capture ICMP ping requests [crayon-5baa8df048602657908320/] Capture ICMP ping replies [crayon-5baa8df048604439405999/] Capture packets with DSCP tags [crayon-5baa8df048605904661749/] Dump HTTP traffic in ASCII and HEX format [crayon-5baa8df048606525938839/] Grab the user agent from the http header on port 9999 [..]