Kaiser784's Blog
  • whoami
  • Ingress
  • 90 Day High Frequency
    • Log-1
    • Log-2
    • Log-3
    • Conclusion
  • Making a Boot2root machine with docker
  • Adversarial ML
    • Practical Defenses against Adversarial ML
  • Certifications
    • eJPT
      • Cheatsheet/Notes
        • Enumeration
        • Web Attacks
        • System Attacks
        • Network Attacks
    • Dante ProLabs (HackTheBox)
  • Writeups
    • Google InternetCTF writeup
    • Lakera Gandalf LLM Security
    • OSPG Writeups
    • Matrix - AI Security Challenge by Repello writeup
    • WithSecure AI Challenge - My LLM Doctor writeup
    • WIZ The BIG IAM Challenge writeup
  • Misc
    • Redirection
Powered by GitBook
On this page
  • Subnet Guide
  • Routing
  • Interactive Shells
  • Recommended Shells
  • Reverse Shells
  • Hacktricks
  1. Certifications
  2. eJPT

Cheatsheet/Notes

These are condensed notes from the INE course and other blogs and articles.

PreviouseJPTNextEnumeration

Last updated 3 years ago

Subnet Guide

Protocol

Port

Service

TCP

21

FTP

TCP

22

SSH

TCP

25

SMTP

TCP

53

DNS

TCP

80, 443

HTTP/HTTPS webserver

TCP

137-139

Windows NetBIOS

TCP

445

Windows - SMB

Linux - Samba service

TCP

1433, 1434

MSSQL Database

TCP

3306

MySQL Database

TCP

8080, 8443

HTTP(s) web server, HTTP proxy

Routing

ip route add 172.10.1.0/24 via 10.10.10.10(VPN Gateway)

If you don't know what the VPN gateway is then try it with every host that is up in the network.

If you want external sources for routing/pivoting, you can look at this one I found somewhere in the depths of Reddit (Don't ask me why Shaq is on it).

Interactive Shells

bash -i
python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')

Recommended Shells

Server

Web Shell

Windows

ASP

Apache TomCat

JSP

Apache

PHP

Reverse Shells

Pentest Monkey Cheatsheet

Hacktricks

If you're stuck at vulnerability assessment or don't know how to tackle something you can check here for some kind of push.

This part is pretty important

😉
LogoExplore Hidden Networks With Double PivotingPentest Blog
LogoHackTricksHackTricks
TheCyberMentor's subnet guide