Pentest

[Host]

1. Nmap掃描TCP
2. Nmap掃描UDP
3. 
   

[Website]

1. 用瀏覽器開看看
2. Whatweb
3. 檢查原始檔
4. Dirb/Gobuster/feroxbuster，最後要補或不補 "/"
   
5. robots.txt/sitemap.xml
6. nmap -sVC
7. wappalyzer

[ReverseShell]

1. https://www.revshells.com/
2. Payloads_All_The_Things
3. Powershell on liner
4. Reverse shell generator
5. 
   

[Encode/Decode]

1. https://gchq.github.io/CyberChef/
2. https://jscompress.com/

[Linux Enum]

1. lynis
2. enmu4linux
3. leysh

[Wordpress]

1. Core
2. Theme
3. Plug-in

[Web Form]

1.  ffuf
2. OSWAP ZAP

[XXS Script]

1. https://github.com/The-Art-of-Hacking/h4cker/blob/master/web_application_testing/xss_vectors.md
2. https://cheatsheetseries.owasp.org/cheatsheets/XSS_Filter_Evasion_Cheat_Sheet.html

[AD Enumeration]

1. NETBIOS name: nbtstat -A IP
2. Mimikatz
3. psexec \\<IP>: cmd.exe
4. pth-exec(?)
5. winrm
6. nmap -n -sS -p 137,138,139,445 --script smb-os-discovery <IP>

[Remote Desktop]

1. xfreerdp /u:user /p:IP /v:ip /cert-ignore

[SAMBA]

1.  nmap -sS -n -p 445 --script smb-protocols <IP>
2. Check Samba: net view \\IP

[Python Web Server]

1.  python3 -m http.server 8080

[Linux escapulation]

1. Pwnkit
2. dirtycow
3. Overlayfs

[Binary]

1. binwalk -e -t filename
2. firmadyne
3. attifyos

[Account/Password]

1. Default: admin/admin, admin/password, admin/(), admin/Pa$$w0rd
2. john --wordlist=filename1 filename2

[Search File]

1. find / -iname secret.txt 2>/dev/null

[Practices]

1. http://h4cker.org/
2. 
   

[Others]

1. 預設帳密
2. HackTricks
3. HackTricks
4. rlwrap
5. 1. DIE, Detect it easy: https://github.com/horsicq/Detect-It-Easy