Skip to content

Hacking Life

CPTS labs

Initializing search

amandaguglieri/hackinglife

Hacking Life

amandaguglieri/hackinglife

Cheat sheets
Cheat sheets
- 7z
- active directory powershell module
- ADB
- adidnsdump
- amass
- apktool
- aquatone
- arjun
- arspoof- dniff
- awscli
- azure CLI
- azure powershell
- bash
- bashfuscator
- beef
- bloodhound
- braa
- burpsuite
- cewl
- cff explorer
- chisel
- cmd
- crackmapexec
- crowbar
- cupp
- curl
- cyber acronyms
- crt.sh
- crunch
- darkarmour
- default creds
- depix
- dig
- dirb
- dnscan
- dnsenum
- dnspy
- dnsrecon
- docker
- DomainPasswordSpray
- DOSfuscation
- dotpeek
- dread
- droopescan
- drozer
- dsquery
- echo mirage
- emacs
- empire
- enum
- enum4linux
- evil-winrm
- exiftool
- eyewitness
- fatRat
- feroxbuster
- fierce
- figlet
- finalrecon
- fping
- frida
- ffuf
- gcloudCLI
- git
- github dorks
- gobuster
- gopherus
- google dorks
- grep
- hashcat
- httprint
- HTTRack
- hydra
- hugo
- i3
- impacket
- inmunity debugger
- impacket GetUserSPNs
- impacket ntlmrelayx
- impacket psexec
- impacket secretsdump
- impacket smbexec
- interactsh
- inveigh
- ipmitool
- jaws Just Another Windows Enumeration Script
- john the ripper
- joomlascan
- jwt-tool
- kerbrute
- keytabExtract
- kirbi2john
- kiterunner
- knockpy
- laudanum
- lazagne
- ldap
- linenum
- linikatz
- linPEAS
- M365 CLI
- mailsniper
- markdown
- mariadb
- masscan
- medusa
- metasploit
- mimikatz
- mitm_relay
- MMC Microsoft Management Console
- mobsf
- mongo
- moodlescan
- msfvenom
- msSQL
- mySQL
- mythic
- nessus
- netcat
- netcraft
- netdiscover
- nikto
- nishang
- nmap
- noip
- nslookup
- o365spray
- objection
- odat
- onesixtyone
- openSSL
- openVAS
- openVASreporting
- ophcrack
- owasp-zap
- p0f
- pentesmonkey
- PeSecurity
- phpggc
- ping
- postfix
- powercat
- powershell
- powerup.ps1
- powerupsql
- powerview.ps1
- process hacker tool 2
- proxychains
- proxychains
- pspy
- pyftpdlib
- pyinstaller
- pypykatz
- rdesktop
- regex
- regshot
- responder.py
- rpcclient
- RSAT Remote Server Administrations Tools
- rubeus
- samba suite
- samrdump
- scrcpy
- searchsploit
- seatbelt
- sharpview
- smbclient
- smbmap
- smbserver
- snaffler
- snmpwalk
- shodan
- sirepRAT
- sql injection (manual)
- sqlite
- sqlmap
- sqlplus
- sqsh
- sslyze
- ssh-audit
- ssh tunneling
- sshpass
- ssh2john
- sys internals suite
- subfinder
- subbrute
- sublist3r
- swaks
- tcpdump
- the harvester
- tmux
- unshadow
- unredacter
- uploadserver
- username Anarchy
- veil
- vim
- vnstat
- w3af
- wafw00f
- waybackurl
- webdav
- weevely
- wget
- winrar
- wfuzz
- whatweb
- white winter wolf webshell
- windapsearch
- Window Detective
- winfo
- winPEAS
- winspy
- wmctrl
- wpscan
- xfreerdp
- xsltproc
- xsser
- xxeinjector
- ysoserial
Courses and certificates
Courses and certificates
- Az-900 Azure Fundamentals
  Az-900 Azure Fundamentals
  - Notes for the Az-900 exam
  - Exams- Practice the Az-900
- Az-104 Microsoft Azure Administrator
- Az-500 Microsoft Azure Security Engineer
  Az-500 Microsoft Azure Security Engineer
- Burpsuite
  Burpsuite
- CPTS
  CPTS
- eJPT
- eWPT
- Oracle Cloud Infrastructure
Walkthroughs
Walkthroughs
Beginners' guide
Beginners' guide
- Access Control List
- Authentication
  Authentication
  - Kerberos Authentication
- Setting up a server
- All about SHELLS
  All about SHELLS
- apt packet manager
- checksum
- Clon a site
- crawlers
- cve
- cvss
- Data encoding
- dictionaries
- File tranfer techniques
  File tranfer techniques
- How to resolve run of the mill problems
- How to remove bloatware
- HTTP Authentication schemes
- HTTP headers
- Input filtering
- Kubernetes madness
- Machines and lab resources
- My mkdocs and material customized setup
- NetBIOS
- Network traffic capture
- NT Authority System
- Obsidian
- operating systems
- proxies
- ssh for github
- VirtualBox
- VPN notes
Pentesting network services
Pentesting network services
- Index of services
- 0-255 icmp
- 21 ftp
- 22 ssh
- 23 telnet
- 25 smtp
- 43 whois
- 53 dns
- 69 tftp
- 110 pop3
- 111 rpcbind
- 135 wmi
- 137 smb
- 137 smb
- 137 smb
- 110 pop3
- 161 snmp
- 161 snmp
- 389 ldap
- 137 smb
- 512 r services
- 512 r services
- 512 r services
- 25 smtp
- 25 smtp
- 623 ipmi
- 389 ldap
- 873 rsync
- 110 pop3
- 110 pop3
- 1090 java rmi
- 1433 mssql
- 1521 oracle transparent network substrate
- 1720 voip
- 623 ipmi
- 2049 nfs
- 3128 squid
- 3306 mariadb
- 3389 RDP
- 5355 LLMNR
- 5432 postgresql
- 1720 voip
- 1720 voip
- 5985 winrm
- 5985 winrm
- 6379 redis
- 6653 openflow
- 8080 jboss
- 8089 splunk universal Forwarder
- 14147 filezilla
- 14147 filezilla
- 25672 erlang port
- 27017 mongodb
- 27017 mongodb
- 55007 dovecot
- 55007 dovecot
Pentesting APIs
Pentesting APIs
Pentesting web
Pentesting web
- OWASP Framework
  OWASP Framework
  - 1.Information Gathering
    1.Information Gathering
    
    1.1. Search engine for Information leakage
    
    1.2. Fingerpring Web server
    
    1.3. Review Webserver Metafiles for Information Leakage
    
    1.4. Enumerate Applications on Webserver
    
    1.5. Review Webpage content for Information Leakage
    
    1.6. Identify Application Entry Points
    
    1.7. Map Execution Paths through applications
    
    1.8. Fingerprint Web Application Framework
    
    1.9. Fingerprint Web Applications
    
    1.10. Map Application architecture
  - 2.Configuration and Deployment Management Testing
    2.Configuration and Deployment Management Testing
    
    2.1. Test Network Infrastructure Configuration
    
    2.2. Test Application Platform Configuration
    
    2.3. Test File Extensions Handling for Sensitive Information
    
    2.4. Review Old Backup and Unreferenced Files for Sensitive Information
    
    2.5. Enumerate Infrastructure and Application Admin Interfaces
    
    2.6. Test HTTP Methods
    
    2.7. Test HTTP Strict Transport Security
    
    2.8. Test RIA Cross Domain Policy
    
    2.9. Test File Permission
    
    2.10. Test for Subdomain Takeover
    
    2.11. Test Cloud Storage
    
    2.12. Testing for Content Security Policy
    
    2.13. Test Path Confusion
  - 3.Identity Management Testing
    3.Identity Management Testing
    
    3.1. Test Role Definitions
    
    3.2. Test User Registration Process
    
    3.3. Test Account Provisioning Process
    
    3.4. Testing for Account Enumeration and Guessable User Account
    
    3.5. Testing for Weak or Unenforced Username Policy
  - 4.Authentication Testing
    4.Authentication Testing
    
    4.1. Testing for Credentials Transported over an Encrypted Channel
    
    4.2. Testing for Default Credentials
    
    4.3. Testing for Weak Lock Out Mechanism
    
    4.4. Testing for Bypassing Authentication Schema
    
    4.5. Testing for Vulnerable Remember Password
    
    4.6. Testing for Browser Cache Weaknesses
    
    4.7. Testing for Weak Password Policy
    
    4.8. Testing for Weak Security Question Answer
    
    4.9. Testing for Weak Password Change or Reset Functionalities
    
    4.10. Testing for Weaker Authentication in Alternative Channel
    
    4.11. Testing Multi-Factor Authentication (MFA)
  - 5.Authorization Testing
    5.Authorization Testing
    
    5.1. Testing Directory Traversal File Include
    
    5.2. Testing for Bypassing Authorization Schema
    
    5.3. Testing for Privilege Escalation
    
    5.4. Testing for Insecure Direct Object References
    
    5.5. Testing for OAuth Weaknesses
  - 6.Session Management Testing
    6.Session Management Testing
    
    6.1. Testing for Session Management Schema
    
    6.2. Testing for Cookies Attributes
    
    6.3. Testing for Session Fixation
    
    6.4. Testing for Exposed Session Variables
    
    6.5. Testing for Cross Site Request Forgery
    
    6.6. Testing for Logout Functionality
    
    6.7. Testing Session Timeout
    
    6.8. Testing for Session Puzzling
    
    6.9. Testing for Session Hijacking
    
    6.10. Testing JSON Web Tokens
  - 7.Input Validation Testing
    7.Input Validation Testing
    
    7.1. Testing for Reflected Cross Site Scripting
    
    7.2. Testing for Stored Cross Site Scripting
    
    7.3. Testing for HTTP Verb Tampering
    
    7.4. Testing for HTTP Parameter Pollution
    
    7.5. Testing for SQL Injection
    
    7.6. Testing for LDAP Injection
    
    7.7. Testing for XML Injection
    
    7.8. Testing for SSI Injection
    
    7.9. Testing for XPath Injection
    
    7.10. Testing for IMAP SMTP Injection
    
    7.11. Testing for Code Injection
    
    7.12. Testing for Command Injection
    
    7.13. Testing for Format String Injection
    
    7.14. Testing for Incubated Vulnerability
    
    7.15. Testing for HTTP Splitting Smuggling
    
    7.16. Testing for HTTP Incoming Requests
    
    7.17. Testing for Host Header Injection
    
    7.18. Testing for Server-side Template Injection
    
    7.19. Testing for Server-Side Request Forgery
    
    7.20. Testing for Mass Assignment
  - 8.Testing for Error Handling
    8.Testing for Error Handling
    
    8.1. Testing for Improper Error Handling
    
    8.2. Testing for Stack Traces
  - 9.Testing for Weak Cryptography
    9.Testing for Weak Cryptography
    
    9.1. Testing for Weak Transport Layer Security
    
    9.2. Testing for Padding Oracle
    
    9.3. Testing for Sensitive Information Sent via Unencrypted Channels
    
    9.4. Testing for Weak Encryption
  - 10.Business Logic Testing
    10.Business Logic Testing
    
    10.1. Test Business Logic Data Validation
    
    10.2. Test Ability to Forge Requests
    
    10.3. Test Integrity Checks
    
    10.4. Test for Process Timing
    
    10.5. Test Number of Times a Function Can Be Used Limits
    
    10.6. Testing for the Circumvention of Work Flows
    
    10.7. Test Defenses Against Application Misuse
    
    10.8. Test Upload of Unexpected File Types
    
    10.9. Test Upload of Malicious Files
    
    10.10. Test Payment functionality
  - 11.Client-side Testing
    11.Client-side Testing
    
    11.1. Testing for DOM-Based Cross Site Scripting
    
    11.2. Testing for JavaScript Execution
    
    11.3. Testing for HTML Injection
    
    11.4. Testing for Client-side URL Redirect
    
    11.5. Testing for CSS Injection
    
    11.6. Testing for Client-side Resource Manipulation
    
    11.7. Testing Cross Origin Resource Sharing
    
    11.8. Testing for Cross Site Flashing
    
    11.9. Testing for Clickjacking
    
    11.10. Testing WebSockets
    
    11.11. Testing Web Messaging
    
    11.12. Testing Browser Storage
    
    11.13. Testing for Cross Site Script Inclusion
    
    11.14. Testing for Reverse Tabnabbing
  - 12.API Testing
    12.API Testing
    
    12.1. Testing GraphQL
- Penetration testing process
- Information Gathering
- Enumeration phase
- Vulnerability assessment
- Web Exploitation
  Web Exploitation
  - HTTP Authentication schemes
  - Broken access control
  - Brute forcing
  - Buffer overflow attack
  - Creating malware and custom payloads
  - Captcha Replay Attack
  - Command injection
  - CRLF attack- Carriage Return and Linefeed attack
  - CSRF attack- Cross-Site Request Forgery
  - Directory traversal and File Inclusion attacks
    Directory traversal and File Inclusion attacks
    
    File inclusion
    
    LFI attack- Local File Inclusion attack
    
    RFI attack- Remote File Inclusion attack
    
    Log poisoning
  - Bypassing file upload restrictions
  - HTTP verb tampering
  - Insecure deserialization
  - JWT attacks
  - Password attacks
  - PHP type juggling vulnerabilities
  - RCE attack- Remote Code Execution attack
  - RFD attack- Reflected File Download attack
  - SSTI attack- Server Side Template Injection attack
  - Session puzzling attack
  - SSRF attack- Server Side Request Forgery attack
  - SQL injection attack
  - NoSQL injection
  - XFS attack- Cross-frame Scripting attack
  - XEE attack- XML External Entity attack
  - XSS attack- Cross-site Scripting attack
- Pentesting applications and frameworks
  Pentesting applications and frameworks
  - browsers
  - common gateway interfaces
  - django
  - drupal
  - gitlab
  - jenkins
  - joomla
  - keycloak
  - Log4j
  - Magnolia
  - MyBB
  - oData
  - osTicket
  - ptrg network monitoring
  - splunk
  - tomcat
  - wordpress
  - powerapps
Pentesting mobile
Pentesting mobile
- Setting up the mobile pentesting environment
- Rooting Samsung Galaxy A515F
Pentesting Thick applications
Pentesting Thick applications
Pentesting Cloud
Pentesting Cloud
- Cloud essentials
  Cloud essentials
- Pentesting Azure
- Pentesting AWS
- Pentesting docker
- Pentesting kubernetes
Pentesting RFID
Pentesting RFID
- RFID
- Cards
  Cards
  - Mifare classic
  - Mifare desfire
- Install proxmark3 in Kali
- Proxmark3 cheat sheet
Python
Python
- Python installation
- Packet management
  Packet management
  - pdm
  - pip
  - pyenv
  - Virtual environments
- Pentesting with python
  Pentesting with python
  - Tools and scripts
  - Gaining persistence shells (TCP + HTTP)
    Gaining persistence shells (TCP + HTTP)
    
    Coding a TCP reverse shell
    
    Coding a http reverse shell
    
    Coding a data exfiltration script for a TCP reverse shell
    
    Coding a data exfiltration script for a http server
    
    Tunning the connection attempts
    
    Including cd command into TCP reverse shell
  - Advanced scriptable shells
    Advanced scriptable shells
    
    Using a Dynamic DNS instead of your bared attacker public ip
    
    Making your binary persistent
    
    Making a screenshot
    
    Coding a reverse shell that searches files
    
    Coding a reverse shell that scans ports
  - Techniques for bypassing filters
    Techniques for bypassing filters
    
    Hickjack the Internet Explorer process to bypass an host based firewall
    
    Bypassing Next Generation Firewalls
    
    Bypassing IPS with XOR encryption
  - Malware and crytography
    Malware and crytography
    
    Building a TCP reverse shell with AES encryption
    
    Building a TCP reverse shell with RSA encryption
    
    Building a TCP reverse shell with hybrid encryption
  - Password Hickjacking
    Password Hickjacking
    
    Simple keylogger in python
    
    Hijacking Keepass Password Manager
    
    Dumping saved passwords from Google Chrome
    
    Man in the browser attack
    
    DNS Poisoning
  - Privilege escalation
    Privilege escalation
    
    Weak service file permission
Pentesting Linux
Pentesting Linux
- General notes
- Linux enumeration
- Privilege Escalation
  Privilege Escalation
  - Index
  - Linux enumeration
  - Crack sensitive files
  - Cron jobs
  - Dirty cow
  - Dirty Pipe
  - Escaping restricted shells
  - Pentesting docker
  - Pentesting kubernetes
  - Hijacking tmux sessions
  - Kernel vulnerabilities
  - Lxd privilege escalation
  - Logrotate
  - Netfilter
  - Path abuse
  - Polkit
  - Process capabilities getcap
  - Python Library Hickjacking
  - Shared libraries
  - Shared object hijacking
  - SSH keys
  - Sudo rights abuse
  - Suid binaries
  - Vulnerable services
    Vulnerable services
    
    Screen
  - Wildcard abuse
  - Tools
    Tools
    
    Enumerate with Linux Privilege Checker
    
    Linux Exploit Suggester
    
    linPEAS
Pentesting Infrastructure
Pentesting Infrastructure
- Honeypots
- Active directory
  Active directory
  - Index
  - From Linux
    From Linux
    
    Linux in Active Directory
    
    Reconnaissance
    
    Attacks
    Attacks
    
    Attacking Active Directory from Linux
    
    Invoke the hash
    
    NoPac - SamAccountName Spoofing
    
    Pass the hash
    
    Pass the ticket
    
    Lateral Movement
    
    Privilege Escalation
  - From Windows
    From Windows
    
    Reconnaissance
    
    Connecting
    
    Attacks
    
    Lateral movement
    
    Privilege escalation
  - Hardening and auditing Active Directory
- Resources
- Lateral movements
- Pivoting
Pentesting Windows
Pentesting Windows
- How login happens
- Footprinting windows
- Privilege Escalation
  Privilege Escalation
- Persistence
  Persistence
  - Create a Registry
Cryptography
Forensic
Reverse engineering
Ruby
Wireless security
Downloads

CPTS labs

Getting started
Network Enumeration with nmap
Footprinting
Information Gathering
Vulnerability assessment
File Transfers
Shell & Payloads
Using the Metasploit Framework
Password attacks
Attacking Common Services
Pivoting, Tunneling, and Port Forwarding
Active Directory Enumeration & Attacks
Using Web proxies
Attacking Web Applications with Ffuf
Login Brute Forcing
SQL Injection Fundamentals
SQLMap Essentials
Cross-Site Scripting (XSS)
File Inclusion
File Upload Attacks
Command injections
Web attacks
Attacking Common Applications
Linux Privilege Escalation
Windows Privilege Escalation
Documentation & Reporting
Attacking Enterprise Networks

Question

Results:

Last update: 2025-03-15
Created: May 31, 2024 18:03:27

Made with Material for MkDocs