Skip to content

julian-michelmann/HTB-Cheat-Sheet

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Cheat Sheet HTB

nmap

Description: Tool to identify open ports and it's services on a remote host.
Usage:

nmap [target]

  • -p: Specify ports
  • -sV: Version detection
  • -sC: Uses additional scripts to scan the ports
  • -T: Timing template e.g. T5
  • -v: Verbose output

Url: https://nmap.org/

Example:

nmap -sV localhost -T5

CyberChef

Description: Website for encrypting, decrypting and formatting text.
Note: There is also an offline version so you don't have to share any secrets. Good local alternative to jwt.io.
Usage: https://gchq.github.io/CyberChef/

Wappalyzer Plugin

Description: A plugin to analyse a website and get information like used framework, webserver, versions etc. Can help find known vulnerabilities in a website's tech stack.
Url: https://www.wappalyzer.com/

Reverse Shell Generator

Description: This tool creates scripts and commands for various attack vectors to establish reverse shell connections. Url: https://www.revshells.com/

John The Ripper

Description: Tool used to break hashes and crack various types of password encryption.

Snyk CLI

Description: Security tool for finding and fixing vulnerabilities in open source libraries
Note: Requires a license for full functionality.
Usage:

snyk [options]

  • test: Test for vulnerabilities
  • code test: Check for malicious code

Hack Tricks

Description: Website offering various hacking techniques and knowledge.
Url: https://book.hacktricks.xyz/

PEASS-ng

Description: Privilege escalation tool. Helps identify privilege escalation vulnerabilities.
Usage: The script must be uploaded/ downloaded on the victims computer and is then executed. Url: https://github.com/carlospolop/PEASS-ng

Burp Suite

Description: A tool that can be used for many things, I mostly use it to intercept traffic.
Usage:

  1. Start Burp Suite
  2. Open the "Proxy" tab
  3. Click "Open Browser"
  4. Switch on "intercept"
  5. Open a URL in the browser
  6. In burp suite, right click on url -> click send to repeater
  7. Go to the "Repeater" tab
  8. Modify and send the request

URL: https://portswigger.net/burp

Gobuster

Description: Enumerates possible paths and files on a web server.
Usage: gobuster [options]
Example:

gobuster dir -u http://192.168.0.1:8080 -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt

Metasploit

Description: Penetration testing framework, provides a wide range of penetration testing tools, including brute forcing. Usage: msfconsole (to launch the Metasploit console)

KalisList

Description: Word lists for password brute-forcing etc. Utilized with password cracking tools like John The Ripper or gobuster.
Url: https://github.com/3ndG4me/KaliLists

About

Personal cheat sheet for hack the box

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Contributors