I am currently re-aggregating my tools here, so expect it to grow along time.
Reconnaissance
| Reconnaissance tools |
Hints and notes |
| HaveIBeenPwned
|
If you manage to create an email alias for a domain, then you may ask HIBP all the pwned accounts. Same if you can create a web redirect/cache poisonning for the TXT file (but pwning DNS for that is dumb) |
Reverse Shell
| Shell technique |
Details |
| Pwncat-cs
|
pip3 install pwncat-cs and run python3 -m pwncat :8080 (see Vulnversity article) |
| TTY/PTY spawn
|
NetSec list for spawning TTY |
Misc
| Misc element |
Description |
| Copy searchsploit exploit |
searchsploit -m {{ID;path;etc}} copies exploit to current directory |
| Examine searchsploit exploit |
searchsploit -x {{exploit ID 50512 or path or whatever}} |
| Running searchsploit exploit |
python3 $(locate exploit_file.name) args… or cat $(locate exploit.py) |
Report
| Report tip |
Details |
| Log commands |
… | tee … to keep track of your command results, or script -fB pentest.log to record all I/O |
| Take screenshots |
Shoot a capture at every step of your lab/CTF/assessment; make a keyboard shortcut to shoot+save it instantly |