- John The Ripper
- Hydra
- Nmap
- Gobuster
- Sqlmap
- Reverse Shell
- IP Tables
- Forensic
- Reverse
- Assembly
- C Cheatsheet
john --wordlist=[WORDLIST] [FILE]
john --list=formats
john --formats=[HASH] [FILE]
https://www.onlinehashcrack.com/tools-pdf-hash-extractor.php
/usr/share/john/pdf2john.pl [FILE] > [HASH FILE]
zip2john [FILE]
hydra -V -l [USERNAME] -P [WORDLIST] [IP VICTIM] [PROTOCOL]
hydra -V -l [USERNAME] -P [WORDLIST] [IP VICTIM] http-[REQUEST METHOD]-form "[PATH]:[REQUEST BODY]:[INCORRECT ALERT]"
Example :
hydra -V -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.10 http-get-form "/DVWA/vulnerabilities/brute:username=admin&password=^PASS^:Username and/or password incorrect."
nmap -v -A [IP]
nmap -sV -vv --script vuln [IP]
gobuster dir -u [URL] -w [WORDLIST]
sqlmap -r [FILE LOCATION] --dbs
sqlmap -r [FILE LOCATION] --dump
Example :
sqlmap -r [FILE LOCATION] --dbs
python -c 'import pty; pty.spawn("/bin/bash")'
export SHELL=bash
export TERM=xterm-256color
iptables -L --line-numbers
iptables -F
iptables -D [CHAIN] [NUMBER]
Example :
iptables -D INPUT 3
sudo /sbin/iptables-save
iptables -A [CHAIN] -p [PROTOCOL] --dport [PORT] -j [ACCEPT/DROP]
Example :
iptables -A INPUT -p tcp --dport 22 -j DROP
| Name | Extensions | Command |
|---|---|---|
| Zsteg | PNG, BMP | zsteg [FILE] |
| Steghide | JPG/JPEG, AV, AU | steghide info [FILE] ; steghide extract -sF [FILE] |
| Stegsolve | JPG, PNG, BMP | ./stegsolve.jar |
| Binwalk | JPG, PNG, BMP | binwalk -e [FILE] |
| Jsteg | JPG | jsteg reveal [IMAGE JPG] [FILE OUTPUT] |
| Foremost | * | foremost |
- strings
- ltrace
- r2 -d
- gdb
- Ghidra (Linux)
- IDA (Windows)
| Name | Notes | Type | 64-bit long | 32-bit int | 16-bit short | 8-bit char |
|---|---|---|---|---|---|---|
| rax | Values are returned from functions in this register. | scratch | rax | eax | ax | ah and al |
| rcx | Typical register. Some instructions also use it as a counter. | scratch | rcx | ecx | cx | ch and cl |
| rdx | Scratch register. | scratch | rdx | edx | dx | dh and dl |
| rbx | Preserved register: don't use it without saving it! | preserved | rbx | ebx | bx | bh and bl |
| rsp | The stack pointer. Point to the top of the stack | preserved | rsp | esp | sp | spl |
| rsi | Scratch register used to pass function argument #2 in 64-bit Linux. In 64-bit Windows, a preserved register. | scratch | rsi | esi | si | sil |
| rdi | Scratch register and function argument #1 in 64-bit Linux. In 64-bit Windows, a preserved register. | scratch | rdi | edi | di | dil |
| C/C++ datatype | Bits | Bytes | Register | Access memory | Allocate memory |
|---|---|---|---|---|---|
| char | 8 | 1 | al | BYTE [ptr] | db |
| short | 16 | 2 | ax | WORD [ptr] | dw |
| int | 32 | 4 | eax | DWORD [ptr] | dd |
| long | 63 | 8 | rax | QWORD [ptr] | dq |
| Mnemonic | Purpose | Examples |
|---|---|---|
| mov dest,src | Move data between registers, load immediate data into registers, move data between registers and memory. | mov rax 4,; Load constant into rax mov rdx,rax ; Copy rax into rdx mov rdx,[123] ; Copy rdx to memory address 123 |
| push src | Insert a value onto the stack.Useful for passing arguments, saving registers, etc. | push rbp |
| pop dest | Remove topmost from the stack. Equivalent to "mov dest, [rsp]; add 8,rsp" | pop rbp |
| cmp a,b | Compare two values. Sets flags that are used by the conditional jumps (below). | cmp rax,10 |
| jmp label | Goto the instruction label. Skips anything else in the way | jmp post_mem mov [0],rax ; Write to NULL! post_mem: ; OK here... |
| add dest,src | dest=dest+src | add rax,rdx ; Add rbx to rax |
| jl label | Goto label if previous comparison came out as less-than. OPther Conditionals avaible are: jle (<=), je (==), jge (>=), jg (>), jne(!=), jb (<), jbe (<=), ja (>), jae (>=). | jl loop_start; Jump if rax<10 |
gcc -g [file] -o [output]| Placeholder | Describe |
|---|---|
| %d | Integer |
| %c | Char |
| %s | String |
| %O | Octal |
| %p | An adress (pointer) |
| %x | Hexdecimal |
| %f | Floats |
| %x | Hexdecimal |
| Library Function | Describe |
|---|---|
| strlen | Finds length of a string |
| strlwr | Converts a string to lowercase |
| strupr | Converts a string to uppercase |
| strcat | Appends one string at the end of another |
| strncat | Appends first n characters of a string at the end of another |
| strcpy | Copies a string into another |
| strncpy | Copies first n characters of one string into another |
| strcmp | Compares two strings |
| strncmp | Compares first n characters of two strings |
| strcmpi | Compares two strings without regard to case ("i" denotesthat this function ignores case) |
| stricmp | Compares two strings without regard to case (identical to strcmpi) |
| strnicmp | Compares first n characters of two strings without regard to case |
| strdup | Duplicates a string |
| strchr | Finds first occurrence ofa given character in a string |
| strrchr | Finds last occurrence ofa given character in a string |
| strstr | Finds first occurrence of a given string in another string |
| strset | Sets all characters ofstring to a given character |
| strnset | Sets first n characters ofa string to a given character |
| strrev | Reverses string |
| Bug | Description |
|---|---|
| Buffer_Overflow | Writing past the bounds of a buffer. For example, writing to a buffer without an null byte (\x00) appended at the end, therefore the program doesn't know when to stop writing user input to memory. |
| Dangling_Pointers | When a pointer is pointing to an area of memeory that has already been freed. Also known as, Use-After-Free. |
| Off-By-One_Error | Found in loops that append data to a buffer. Not checking the last iteration of the loop can overwrite the least signifcant byte on the function's base pointer. |
| Race_Condition | When threads are in use. If two or more threads can access shared data and try to change it at the same time. |
| Format_String_Attack | If a function like printf() is used to print input from a user and a format string is not specified. |
| Integer_Overflow | Integers have a maximum value in memory. A signed int can only go as high as 2,147,483,647 for example. Math that goes beyond that limit can overflow the integer, resuting in unexpected behavior. |
| Weak_Encryption | Using weak Pseudo-random seeds, for example using time() to provide a cryptographical seed for encryption or rand() function.. |
| Subject | Description |
|---|---|
| Arrays | Arrays and buffers are the same thing. They point to adjacent data streams located in memory and end with a NULL byte. (\x00). |
| Pointers | Pointers have types, just like variables. Pointers are used to store a location of data in memory. |
| Strings | Strings are pointers to character arrays. Strings point to the beginning of an array/buffer in memory to be read by a function like scanf(). |
| Typecasting | C/C++ is a Strongly Typed Language. You need to use Typecasting to change the type of a variable or pointer. Despite how the type was originally defined. |
| Vectors | Vectors are similar to arrays expect that they are used to store Object References instead of values with primative data types. |
| File Descriptors | A number that is used to refernece an open file. |
| Streams | The interface we use for reading and writing data to files, sockets, stdout, etc. |
| Structs (C) | Structs in C are variables that contain multiple other variables. |
| Classes | Class is short for Classify. A class is a blueprint for creating objects during runtime. Objects are dynamic and only spawn during runtime. Classes and Object Oriented Programming (OOP) were added in C++. |
| Structs(C++) | Structs in C++ are the same as Classes except they are by default set to Public. |
| Subject | Description | Byte Size |
|---|---|---|
| Signed_Int | Stores a whole number. Numbers in C are defaultly signed. Meaning, they can be either positive or negative numbers. 32-bit signed integers max out at 2,147,483,647. | 4 |
| Unsigned_Int | Stores a whole number. Numbers that are unsigned can only be positive. This means there is no Twos Compliment and the least significant bit is not reserved. 32-bit unsigned integers max out at 4,294,967,295. | 4 |
| Long | Store a whole number. A long is double the memory size of an int, 8-bytes in 32-bit machines. Used when an Int isn't big enough to store a value. | 8 |
| Short | Store a whole number. A short is half the size of an Int. 2-Bytes in 32-bit machines or simply 16-Bits in size. | 2 |
| Float | Stores numbers with decimal points. 4-Bytes in size on 32-Bit machines. Used for values with 6 to 7 decimals. | 4 |
| Double | Stores numbers with decimal points. 8-Bytes in size on 32-Bit machines. Used for values with up to 15 decimals. | 8 |
| Char | 2 Bytes in size. Chars are used to contain letters such as ASCII values. Strings are considered char arrays. | 2 |
| Boolean | Either a True or False. 1-Bit in size. | 1-bit |
| Subject | Description |
|---|---|
| Big Endian | Bytes in there normal order. "Most significant byte first" 0x12345678 = \x12\x34\x56\x78 |
| Little Endian | Bytes in there reverse order. "Least significant byte first" 0x12345678 = \x78\x56\x34\x12 |