📙
📙
📙
📙
CheatSheet Pentesting
Search
K
Comment on page

Check System Info

Verify permitions in Linux and Windows

Windows

Privileges

whoami /all
whoami /priv
whoami /groups

System info

systeminfo
type <file> | findstr "text_to_search"
netstat -a # See active connections (ports)
wmic qfe # Show us a list of installed and updated software

Permitions

icacls

Find files with powershell

Get-ChildItem -Path C:\ -Filter f.txt -Recurse -ErrorAction SilentlyContinue -Force

Registers

To list installed programs
cmd /c REG QUERY HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Execute command as any user

$p = ConvertTo-SecureString 'CONTRASEÑA' -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential ('USUARIO',$p)
Start-Process -Credential $c -NoNewWindow -ArgumentList "-Command & { whoami }" -FilePath "powershell"

Internal hosts

Para descubrir dispositivos que esten en la misma interfaz nuestra, podemos usar PowerShell, creamos un archivo .ps1 con el siguiente contenido y ejecutamos:
$ips = 1..254 | ForEach-Object { "192.168.40.$_" } # Generamos IPS
foreach ($ip in $ips) {
$job = Start-Job -ScriptBlock { param($ip) ping -n 1 $ip | Out-Null } -ArgumentList $ip
Start-Sleep -Seconds 1
if ($job.State -eq "Running") {
Stop-Job -Job $job
} else {
Write-Output "IP Activa: $ip"
}
Remove-Job -Job $job
}

Linux

Privileges

sudo -l

System info

uname -a
hostname
lsof -i:4433

Internal hosts

#!/bin/bash
for last_octet in $(seq 1 254); do
IP="172.18.100.$last_octet"
timeout 1 ping -c 1 "$IP" >/dev/null && echo "IP Activa: $IP" &
done; wait

Internal ports

#!/bin/bash
IP="172.18.100.21"
for port in $(seq 1 65535); do
(timeout 1 bash -c "</dev/tcp/$IP/$port") >/dev/null 2>&1 && echo "Puerto Abierto: $IP:$port" &
done; wait
Next - In system
File Transfer
Last modified 1mo ago