Monthly Archive: September 2019

cheatsheet lfi & rce 0


Basic LFI In the following examples, we include the /etc/passwd file, check the Directory & Path Traversal chapter for more interesting files. Null byte ⚠️ In versions of PHP below 5.3.4 we can terminate with null byte. Double encoding

angel lfi to rce 0

WebShells & Exploitation – LFI to RCE

Commands can be sent to the web-shell using various methods, with HTTP POST request being the most common. However, hackers are not exactly people who play by the rules. The following are a few of the possible tricks...

shell____ 0

Web Shells & Exploitation Fundamentals

A web-shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web-shell itself cannot attack or exploit a remote vulnerability, so it is...


Linux Basic Enumeration

This blog is largely forked from the g0tmi1k’s blog Thanks, G0tm1lk for your amazing contribution to the industry. Operating System What’s the distribution type? What version? cat /etc/issue cat /etc/*-release cat /etc/lsb-release # Debian based cat /etc/redhat-release #...

Ninja 0

Linux Privilege Escalation – Part 2

In this blog, we will discuss detailed commands to escalate the privileges and find the user access to the files and folders. Files containing passwords grep –color=auto -rnw ‘/’ -ie “PASSWORD” –color=always 2> /dev/null find . -type f...

text 0

Linux Privilege Escalation – Part 1

In this blog, we will discuss about different Linux privilege escalation techniques & Methodologies. Tools LinuxSmartEnumeration – Linux enumeration tools for pentesting and CTFswget “” -O curl “” -o ./ -l1 # shows interesting information that...


Searchsploit Cheat Sheet

Searchsploit an exploit search tool by Offensive Security, Unix Ninja & G0tmi1k. It allows you to take a copy of Exploit Database with you. SearchSploit gives you the power to perform detailed off-line searches through your locally checked-out...

pivot 0

Pivoting & Port forwarding

This blog will focus on port forwarding concepts. Here are some methods we will follow in this blog : – windows Netsh SSH proxychains Web Socks Metasploit sshuttle chisel Rpivot Plink Ngrok Windows Netsh Port Forwarding netsh interface...

terminal 0

Reverse Shell Cheat Sheet

This is a detailed cheat sheet of How to take the reverse shell via various methods. Here is the list of methods:- Bash TCP BASH UDP Python SOCAT Php Telnet Perl Ruby Golang Netcat Ncat Openssl awk Powershell...