~/docs/cs/linux_tnt.txt

Scannig

nmap -p- -sC -sV -oN path/out_file.txt –open
nmap -p- –min-rate=10000 -oN path/out_file.txt

Spawn python TTY shell

Remote site
python3 -c ‘import pty; pty.spawn(“/bin/bash”);’
python -c ‘import pty; pty.spawn(“/bin/bash”);’
export PATH=/usr/local/sbin;/usr/local/bin;/usr/sbin/;/sbin;/bin;/usr/games;/tmp
export TERM=xterm-256color
alias ll=’clear ; ls -lsaht –color=auto’
Ctrl + Z

Host site
stty raw -echo ; fg ; reset

Remote site
stty columns 200 rows 200

Fuzzing

Fuzzing files

wfuzz -c -z file,/opt/SecList/Discovery/Web-Content/raft-large-files.txt http://10.11.12.13/FUZZ

Fuzzing directories

wfuzz -c -z file,/opt/SecList/Discovery/Web-Content/raft-large-directories.txt http://10.11.12.13/FUZZ/

Fuzzing files with extension

wfuzz -c -z file,/opt/SecList/Discovery/Web-Content/raft-large-files.txt http://10.11.12.13/FUZZ.php

Fuzzing parameters

wfuzz -c -z file,/opt/SecList/Discovery/Web-Content/burp-parameter-names.txt http://10.11.12.13/target.php?FUZZ=../../../../../../../etc/passwd

Enumeration

enum4linux-ng -A -oA outfile.txt

Check for SUID/GUID binaries

find / -perm -u=s -type f 2>/dev/null
find / -perm -g=s -type f 2>/dev/null