Pentesting Cheatsheets

Reconnaissance / Enumeration

Extracting Live IPs from Nmap Scan

DNS lookups, Zone Transfers & Brute-Force

HTTP Brute-Force & Vulnerability Scanning

Listen on a port (Powershell)

Working with Restricted Shells

Uploading/POSTing Files Through WWW Upload Forms

PUTing File on the Webhost via PUT verb

Generating Payload Pattern & Calculating Offset

Bypassing File Upload Restrictions

Uploading .htaccess to interpret .blah as .php

Generating Payload with msfvenom

Compiling Code From Linux

Compiling Assembly from Windows

Local File Inclusion to Shell

Local File Inclusion: Reading Files

Remote File Inclusion Shell: Windows + PHP

SQL Injection to Shell or Backdoor

SQLite Injection to Shell or Backdoor

Upgradig Non-Interactive Shell

Python Input Code Injection

Local Enumeration & Privilege Escalation

Applocker: Writable Windows Directories

Find Writable Files/Folders in Windows

Check if Powershell Logging is Enabled

Check WinEvent Logs for SecureString Exposure

Check WinEvent for Machine Wake/Sleep times

Check if LSASS is running in PPL

Binary Exploitation with ImmunityDebugger

Setting up Simple HTTP server

MySQL User Defined Fuction Privilge Escalation

Docker Privilege Esclation

Uploading Files to Target Machine

Brute-forcing XOR'ed string with 1 byte key in Python

Generating Bad Character Strings

Converting Python to Windows Executable (.py -> .exe)

Port Scanning with NetCat

Port Scanning with Masscan

Exploiting Vulnerable Windows Services: Weak Service Permissions

Find File/Folder Permissions Explicitly Set for a Given User

AlwaysInstallElevated MSI

Stored Credentials: Windows

Port Forwarding / SSH Tunneling

Recursively Find Hidden Files: Windows

Post-Exploitation & Maintaining Access

Creating User and Adding to Local Administrators

Hide Newly Created Local administrator

Creating SSH Authorized Keys

Creating Backdoor User w/o Password

Creating Another root User

Generating OpenSSL Password

Code Execution / Application Whitelist Bypass