Apr 14, 2020

Hacking Cheatsheet

Some notes while doing some CTF.

Collecting information about an IP

Port scan with nmap

sudo nmap -sC -sV -oA outputfile $IP

Web inventory

Searching for webdirectories

gobuster dir -u http://oouch.htb:5000/ \
  -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt \
  | tee gobuster-directories.txt

Searching for domain names

gobuster vhost -u http://oouch.htb:5000/ \
  -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
  | tee gobuster-vhosts.txt
wfuzz  --hh 0 --hc 302 \
  -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-5000.txt \
  -H 'Host: FUZZ.oouch.htb' -u http://oouch.htb:5000/

See Also

hacking

69 Words

2020-04-14 10:51 +0000