Organic HTTP File Transfer

Living off the land is essential when it comes to penetrating networks. The box that you landed on may be bare bones with only the default corporate software installed. Infiltrating and exfiltrating data is critical to mission success. This cheatsheet is not all inclusive, but should give you a good starting point for organic file transfer mechanisms.

[Read More]

GoPhish Template Cheatsheet

Variable Description
{{.FirstName}} Target’s first name
{{.LastName}} Target’s last name
{{.Position}} Target’s position
{{.Email}} Target’s e-mail
{{.From}} Source e-mail address
{{.TrackingURL}} URL to tracking handler (per engagement)
{{.Tracker}} Alias for inserting img tag to read tracking URL
{{.URL}} URL to the phishing destination

[Read More]

OpenSSL Cheatsheet

Generating Certificates

Generate RSA Private Key + CSR

openssl req -out newkey.csr -new -newkey rsa:[bits] -nodes -keyout priv.key

Generate Self Signed Certificate + Priv Key

openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:[bits] -keyout priv.key -out cert.crt

Generate CSR for existing Cert

openssl x509 -x509toreq -in cert.crt -out newreq.csr -signkey priv.key

[Read More]

SSH Cheatsheet

Base Usage

ssh [user]@[host]

Use Specific Key

ssh -i ~/.ssh/id_rsa [user]@[host]

Use Alternative Port

ssh -i ~/.ssh/id_rsa -p [port] [user]@[host]

Dynamic SOCKS Proxy

This can be used with proxychains to forward client traffic through the remote server.

ssh -D8080 [user]@[host]

[Read More]

Dns Recon Cheatsheet

DNS BruteForcing

DNS Wordlists

Description URL
Top 1000 https://github.com/bitquark/dnspop/tree/master/results
Top 10000 https://github.com/bitquark/dnspop/tree/master/results
Top 100000 https://github.com/bitquark/dnspop/tree/master/results
Top 1000000 https://github.com/bitquark/dnspop/tree/master/results
Various Others https://github.com/danielmiessler/SecLists/tree/master/Discovery/DNS

DNSRecon

$ dnsrecon -d <domain> -D <dir/wordlist> -t brt

Output Formats

  • –xml
  • –json
  • –csv
  • –db # SQLite file

[Read More]