Tag

Cheat Sheet

Cheat Sheets, Resources

Linux TTY Shell Cheat Sheet

Introduction

During a penetration test, when obtaining access to a remote Linux host via a reverse/bind shell, it can be very painful to issue certain commands over it and it is often a much better option to obtain an interactive shell. These are the main reason why this is a good idea:

  • More shell stability, as things like CTRL+C will no longer close down the connection.
  • Ability to use up, down, left, and right arrows to navigate through and modify commands.
  • Ability to use applications or commands that use a login prompt such as Sudo, MySQL, SSH, etc.
  • Ability to use tab-auto completion in commands.
  • Ability to view commands, output, and file contents in the same terminal size as the host machine.

This article will list the various commands that can be used to obtain a TTY shell and also how to turn it into a fully interactive shell.

Read more
May 13, 2021 | by Stefano Lanaro | Leave a comment
Cheat Sheets, Resources

Nmap Cheat Sheet

Introduction

Nmap is a free and open-source network scanner that is often used during penetration tests to discover hosts and services on a computer network by sending packets and analyzing the responses.

The tool provides a number of features top help identifying services and their versions, testing for known vulnerabilities, bruteforcing credentials, detecting operating system information and much more.

Read more
March 13, 2021 | by Stefano Lanaro | Leave a comment
Cheat Sheets, Resources

Penetration Testing Interview Questions Cheat Sheet

Introduction

When interviewing for a penetration testing job, you will most probably be required to answer a number of technical questions so that the interviewer can get a good understanding of your current level of knowledge and skill.

This guide will try to cover the most common questions that you are likely to come across during a pentesting interview. If you are already a penetration tester or have been studying pentesting for a while, most of these concepts and techniques should already be very familiar to you.

Read more
March 5, 2021 | by Stefano Lanaro | 4 Comments
Cheat Sheets, Resources

Tmux Cheat Sheet

Introduction

Tmux is an open-source terminal multiplexer for Unix-like operating systems. It allows multiple terminal sessions to be accessed simultaneously in a single window.

It is useful for running more than one command-line program at the same time. It can also be used to detach processes, allowing remote sessions to remain active without being visible.

Read more
January 26, 2021 | by Stefano Lanaro | Leave a comment
Cheat Sheets, Resources

Netcat Cheat Sheet

Introduction

Netcat is a networking tool used to send and receive data over a TCP/UDP network connection. It is often referred to as a networking Swiss army knife as it can be used to carry out various task.

In penetration testing, Netcat is often used to establish a reverse/bind shell with a target machine, transfer files over a network or interact with certain services such as FTP or SMTP.

Read more
January 23, 2021 | by Stefano Lanaro | Leave a comment
Checklists, Resources

File Upload Restriction Bypass Checklist

Introduction

When enumerating web applications, we often find ourselves in front of a file upload file that allows us to potentially upload malicious files onto the application, such as a PHP or ASP shell, although these will often have certain restrictions that will only allow certain file types, extensions, file names or contents.

Through this checklist, I hope to cover most of the possible bypass methods that can be used to get past this restriction.

Read more
January 20, 2021 | by Stefano Lanaro | 2 Comments