network scan a box with default scripts and version detection nmap -sC -sV <ip address> system find all binaries with setuid find / -perm /4000 2>/dev/null reverse / exploitation execute a shell command inside gdb !<command> get a shell without ASLR setarch $(uname -m) -R /bin/bash get coredump info ulimit -c unlimited ./<executable> <params causing a crash> gdb <executable> -c <core-file> web use cookies from a text file with curl curl --cookie-jar cookie.txt <url>:<port> curl --cookie cookie.txt -X POST --data "param=value&other_param=other_value" <url>:<port> use a wordlist with gobuster to discover http resources cat wordlist.txt | gobuster dir -u <url> -t 50 -x htm,php,txt,html -w -