mkdir mkdir -p {content,exploits,nmap} Reload zsh Useful command to reload zsh when it is modified (alias, keys, etc.): source ~/.zshrc Pyenv pyenv install <version> pyenv versions pyenv gl...

Content Git Source retrieve with GitHacker AWS Enumeration Lambda Function Enumeration Authentication Bypass Abusing JWT Server Side Template Injection (SSTI) Tar Symlink Exploitati...

AWS Configuration How to configure aws to get access to its functions: ❯ aws configure AWS Access Key ID [****************6TDC]: AQLA5M37BDN6FJP76TDCAWS Secret Access Key [****************Fo1A]: ...

Abusing dereference Reviewing the code inside we get this: #!/bin/bash file=`date +%N` /usr/bin/rm -rf /opt/backups/* /usr/bin/tar -cvf "/opt/backups/$file.tar" /var/www/app/ sha1sum "/opt/backups/...

Step 1: We first determine the SSH process ID of the user on the compromised host: ps aux |grep sshd Step 2: Determine the SSH_AUTH_SOCK environment variable for the sshd PID: grep SSH_AUTH_SOCK ...

Users actions who -a `current logged user` w <user> `info of actual logged users` whoami id last `last logged user` All User UID and GID Info for user in $(cat /etc/passwd |cut -f1 -d":"); ...

Get MySQL Version mysql –version Get sudo Version sudo -V Get Apache2 Version apache2 -v Get CouchDB Version couchdb -V Get Postgres Version psql -V List All Packages Installed and Vers...

List Inetd Services ls -al /etc/init.d/ List xinetd Services ls -al /etc/xinetd.d/ Contents of Xinetd services cat /etc/xinetd.d/* Find services in /etc/init.d not owned by root and list the...

/proc/(PID)/cmdline This file shows the parameters passed to the kernel at the time it is started. It looks like the following: --------------------------------------------------- [*] PATH: /proc/...

To understand Spring4Shell, it is important that we understand CVE-2010-1622. Spring MVC (Model-View-Controller) is part of the Spring Framework which makes it easy to develop web applications foll...