🕺
CheatSheets
  • Introduction
  • Getting Started With Hacking
  • VMs on Mac
  • Windows
    • Enumeration
    • Local Privilege Escalation
    • UAC Bypasses
    • Persistance
    • Networking
  • Active Directory
    • Offensive Powershell
    • Enumeration
      • BloodHound
    • Lateral Movement
    • Escalation
      • ACL Abuse
      • Kerberoasting
      • Un-Constrained Delegation
      • JEA
    • Persistance
    • Mimikatz
    • Alternate Cred Dumps
    • MSSQL
    • Defences and Bypasses
    • Setting Up a Lab
  • Red Teaming
    • Phishing Payloads
    • Cobalt Strike
    • Metasploit
    • Sliver
  • Linux
    • Networking
    • Enumeration
    • Local Privilege Escalation
    • Persistance
    • MySQL
  • Mainframes
    • HP Nonstop
    • IBM z/OS
  • Cloud
    • AWS
    • GCP
    • Azure
  • Web App
    • Tomcat
    • SQLMap
    • PHP
  • Mobile
    • Android
    • iOS
  • Exploit-Dev
    • Linux
      • Basic Stack Overflows
      • Bypassing NX (DEP)
      • Bypassing ASLR
    • Shellcode
    • Windows
  • WiFi
    • Alfa AWUS036ACH Setup
    • Aircrack-ng
Powered by GitBook
On this page
  • Routing
  • Arp Spoofing
  • Port Scanning
  • Nmap
  • Hping / Hping3
  • DNS

Was this helpful?

  1. Linux

Networking

Routing

# Check Routes
sudo route

# Add route with route
sudo route add -net 192.168.222.0 netmask 255.255.255.0 gw 10.175.34.1 tap0

# Remove route with route
sudo route del -net 192.168.222.0 netmask 255.255.255.0 gw 10.175.34.1 tap0

# Add route with ip
sudo ip route add 192.168.222.0/24 via 10.175.34.1

# Remove route with ip
sudo ip route del 192.168.222.0/24 via 10.175.34.1

Arp Spoofing

sudo apt-get install dsniff
sudo arpspoof

echo 1 > /proc/sys/net/ipv4/ip_forward
arpspoof -i <INTERFACE> -t <TARGETSERVER> -r <TARGETCLIENT>

Port Scanning

Nmap

# Full port scan
nmap -sS -p- -A <host> -T5 -oN outputfilename

# Ping sweep
nmap -sn <host>

# Host discovery, no ping
nmap -n -sn -PS22,135,443,445 <host>

# DNS discovery
sudo nmap -sS -sU -p53 -n <host>

Hping / Hping3

DNS

nslookup
> server <IP>
> set q=NS (Or any other type, MX, A etc)
> <DNSName, eg google.com)

# Dig 
dig @<serverIP> <DNSname> -t AXFR +nocookie

# Host
host -t axfr <DNSName> <SERVERIP>
PreviousSliverNextEnumeration

Last updated 4 years ago

Was this helpful?