Cheatsheet/Notes

These are condensed notes from the INE course and other blogs and articles.

Subnet Guide

Protocol

Port

Service

TCP

21

FTP

TCP

22

SSH

TCP

25

SMTP

TCP

53

DNS

TCP

80, 443

HTTP/HTTPS webserver

TCP

137-139

Windows NetBIOS

TCP

445

Windows - SMB

Linux - Samba service

TCP

1433, 1434

MSSQL Database

TCP

3306

MySQL Database

TCP

8080, 8443

HTTP(s) web server, HTTP proxy

Routing

This part is pretty important😉 

ip route add 172.10.1.0/24 via 10.10.10.10(VPN Gateway)

If you don't know what the VPN gateway is then try it with every host that is up in the network.

If you want external sources for routing/pivoting, you can look at this one I found somewhere in the depths of Reddit (Don't ask me why Shaq is on it).

Interactive Shells

bash -i
python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')

Recommended Shells

Server

Web Shell

Windows

ASP

Apache TomCat

JSP

Apache

PHP

Reverse Shells

Pentest Monkey Cheatsheet

Hacktricks

If you're stuck at vulnerability assessment or don't know how to tackle something you can check here for some kind of push.

PreviouseJPTNextEnumeration

Last updated