Infos

thc tips and tricks February 7, 2026

THC’s favourite Tips, Tricks & Hacks (Cheat Sheet) https://thc.org/tips A collection of our favourite tricks. Many of those tricks are not from us. We merely collect them. We show the tricks ‘as is’ without any explanation why they work. You need to know Linux to understand how and why they work. Got tricks? Join us https://thc.org/ops Bash Set up a Hack Shell Hide your commands Hide your command line options Hide a network connection Hide a process as user Hide a process as root Hide scripts Hide from cat Execute in parallel with separate logfiles SSH Almost invisible SSH Multiple shells via 1 SSH/TCP connection SSH tunnel SSH socks5 tunnel SSH to NATed host SSH pivot via ProxyJump SSHD as user Network Discover hosts Tcpdump Tunnel and forwarding Raw TCP reverse ports HTTPS reverse forwards Bouncing traffic with iptables Ghost IP / IP Spoofing Various Use any tool via Socks Proxy Find your public IP address Check reachability from around the world Check/Scan Open Ports Crack Passwords hashes Brute Force Passwords / Keys Data Upload/Download/Exfil File Encoding/Decoding File transfer using cut & paste File transfer using tmux File transfer using screen File transfer using gs-netcat and sftp File transfer using HTTP File download without curl File transfer using rsync File transfer to public dump sites File transfer using WebDAV File transfer to Telegram Reverse Shell / Dumb Shell Reverse Shells with gs-netcat (encrypted) with Bash with cURL (encrypted) with cURL (cleartext) with OpenSSL (encrypted) with remote.

5 Pillars of Cybersec October 8, 2024

Hey There! This document spawned an entire website. Check it out at: DFIRmadness.com. We have labs, articles and resources like this! See you over there. The Five Pillars of an Information/Cyber Security Professional TLD;DR: “Mastering the basics will make you exceptional.” Master the basics and then specialize to be an invaluable asset to your team. To start, or level up, a career in Information Security (aka Cyber) Security you need to be proficient in five key areas of technical skills.

pwntools cheatsheet December 29, 2023

Pwntools Cheatsheet Program Interaction Environment and Contexts Logging and Output Encoding, Packing and Utility Assembly and Shellcraft ELFs, Strings and Symbols Return Oriented Programming SROP and Sigreturn Frames Format String Exploits 1. Program Interaction # process objects can be created from a local binary, or created # from a remote socket p = process('./target') p = remote('127.0.0.1', 1337) # environment variables and command line arguments can also be passed # to the target binary at runtime p = process(['.

OSCP CheatSheet October 16, 2023

OSCP Cheat Sheet Commands, Payloads and Resources for the OffSec Certified Professional Certification (OSCP). Table of Contents Basics Information Gathering Vulnerability Analysis Web Application Analysis Password Attacks Reverse Engineering Exploitation Tools Post Exploitation Exploit Databases CVEs Payloads Wordlists Social Media Resources Commands Basics curl Chisel File Transfer FTP Kerberos Ligolo-ng Linux Microsoft Windows PHP Webserver Ping Python Webserver RDP showmount smbclient socat SSH Time and Date Tmux Upgrading Shells VirtualBox virtualenv Information Gathering memcached NetBIOS Nmap Port Scanning snmpwalk Web Application Analysis Burp Suite cadaver Cross-Site Scripting (XSS) ffuf Gobuster GitTools Local File Inclusion (LFI) PDF PHP Inclusion PHP Upload Filter Bypasses PHP Filter Chain Generator PHP Generic Gadget Chains (PHPGGC) Server-Side Request Forgery (SSRF) Server-Side Template Injection (SSTI) Upload Vulnerabilities wfuzz WPScan XML External Entity (XXE) Database Analysis MongoDB MSSQL MySQL NoSQL Injection PostgreSQL Redis sqlcmd SQL Injection SQL Truncation Attack sqlite3 sqsh Password Attacks CrackMapExec fcrack hashcat Hydra John Kerbrute LaZagne mimikatz pypykatz Exploitation Tools ImageTragick MSL / Polyglot Attack Metasploit Post Exploitation ADCSTemplate BloodHound BloodHound Python bloodyAD Certify Certipy enum4linux-ng Evil-WinRM Impacket JAWS Kerberos ldapsearch Linux Microsoft Windows PassTheCert PKINITtools Port Scanning powercat Powermad PowerShell pwncat rpcclient Rubeus RunasCs smbpasswd winexe CVE CVE-2014-6271: Shellshock RCE PoC CVE-2016-1531: exim LPE CVE-2019-14287: Sudo Bypass CVE-2020-1472: ZeroLogon PE CVE-2021–3156: Sudo / sudoedit LPE CVE-2021-44228: Log4Shell RCE (0-day) CVE-2022-0847: Dirty Pipe LPE CVE-2022-22963: Spring4Shell RCE (0-day) CVE-2022-30190: MS-MSDT Follina RCE CVE-2022-31214: Firejail LPE CVE-2023-21746: Windows NTLM EoP LocalPotato LPE CVE-2023-22809: Sudo Bypass CVE-2023-23397: Microsoft Outlook (Click-to-Run) PE (0-day) (PowerShell Implementation) CVE-2023-32629, CVE-2023-2640: GameOverlay Ubuntu Kernel Exploit LPE (0-day) CVE-2023-4911: Looney Tunables LPE GodPotato LPE Juicy Potato LPE JuicyPotatoNG LPE MySQL 4.

Pentest Resources September 21, 2023

📚 Pentest-Resources A curated list of websites and github repos with pentest cheatsheets, tools, techniques, CTF write-ups, programming languages, and more. The goal of this project is to centralize pertinent and most used pentest/redteam cheatsheets, techniques, tools, and write-ups for like-minded offensive security enthusiasts and professionals. Name Author(s) / Maintainer(s) Description Link Type HackTricks Carlos Polop A website featuring curated hacking tricks, techniques, and methodologies, spanning from network penetration testing to web penetration testing.

CVE 2023 3959 September 8, 2023

CVE-2023-3959, CVE-2023-4249 Multiple critical vulnerabilities in Zavio IP cameras (34 RCEs total, including 7 pre-auth BoFs) ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.