Tools and Commands learned from PTS → elearnsecurity:-


  1. wireshark:-is a protocol analyzer network sniffer, which allows to see the data transmitted over the network. (you will see if the data sent in clear-text or encrypted)
  2. Burp suit:- used to send http\https requests and analyze the requests and responses.
  3. subdomain enumeration tools:

Commands (linux OS):-

  1. To view router table:- ip route
  2. To add a route manually:- sudo ip route add network-ip via gateway-ip
  3. To view ARP Cache:- ip neighbour
  4. To view network statistics and protocols status:- netstat
  5. To do reverse DNS resolution (from DNS name to ip):- ping
  6. To write or read something from web site and send http requests and analyze the requests and responses:- netcat\nc
  7. To write or read something from web site and send https requests and analyze the requests and responses:- openssl $_client -connect.
  8. subdomain enumeration (collect DNS data from various sources: sublist3r, amass
  9. To check if a machine is alive or not we use:-ping
  10. To perform ping sweep:- fping -a -g therange.
  • a → to view only alive hosts → for ping sweep (ip range)
  • P0 → to avoid pinging the host -h the target hosts -s the signature files
GET:- to request web pages and pass arguments.
POST: to submit data in web forms.
HEAD: to show only the header of the responses.
PUT: to upload files to web servers.
DELETE: to remove a file from web servers.
OPTIONS: to query the web server for enabled http verbs.
TCP connection between client and server.
UDP connection between client and server.
TCP connection between client and server and executing shell commands.
  • h → for viewing sqlmap manual.
  • -u → to assign url target.
  • -p → to specify parameters and if we have only one parameter we can ignore it.
  • - -dbms= to specify database name.
  • - -technique= to specify sql injection technique.
  • -b/- -banner → to view banner information.
  • - -tables
  • - -columns
  • - -dump → to view tables entries.
  • - -wizard → to enumerate database for beginners.
  • without any switches/-h → for viewing hydra manual.
  • -U → for viewing details about a module.
  • -L →To lunch a usernames list inside a file.
  • -P →To lunch a passwords list inside a file.
  • module name: target → to specify a module.
  • -L →display all services available in a target.
  • -N →force a tool to not ask for a password.

sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

  • show -h → to view the manual for show command.
  • search → to search about for a given term or module.
  • show exploits → to display exploits.
  • use the path of exploits → to use an exploit.
  • back → to cancel exploitations.
  • info → to display related information.
  • show options → to check exploitation options.
  • set options → to configure options.
  • show payload →to show executable payloads
  • set payload path →to choose payload
  • exploit → lunching an exploit.
  • bind_tcp runs a server process on the target machine that waits for connections from the attacker machine →set payload java/meterpreter/bind_tcp
  • reverse_tcp performs a TCP connection back to the attacker machine →set payload linux/x86/meterpreter/reverse_tcp
  • bypassuac bypass the restriction use exploit/windows/local/bypassuac
  • background → to switch from a Meterpreter session to the console.
  • sessions -l → list opened sessions.
  • sessions -i number of session → to switch toan opened session.
  • sysinfo →retrieve information about the exploited machine.
  • ifconfig →prints the network configuration.
  • route →prints the routing information.
  • getuid — To know which user is running the process.
  • getsystem → privilege escalation.
  • shell → run standard command shell.
  • help →to display all Meterpreter commands.
  1. XSS attack:-
The code in attacker server to save the cookies receive it from victim browser.
Code inserted in web site to infect it.

Commands (Windows OS):-

  1. Tool to display information about the target(file share):-nbtstat
  • /? → to view help manual.
  • A → display information about the target.
  • <00> →means workstation.
  • <02>means there is files sharing.
  • -S → enumerate file shares
  • -U → enumerate users
  • -P →check the password policy




Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

WhitePigeon Airdrop

#219: Limited to 36H — 3M Otaku Coins Giveaway! Take Equal Shares

Free Web Search Chatbot 🤖

OWASP Top 10: Injection — What are they? And how to prevent them!

HackTheBox - Pandora (Walkthrough)

No SIEM, No Splunk, No Problem!


US-CERT Warns HTTPS Inspection May Degrade TLS Security

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


More from Medium

Vulnhub : Pwned 1 Walkthrough


[Recon-ng V5]Footprinting and Reconnaissance

SuiteCRM installation in Ubuntu Server 20.04.4 LTS VPS [2022 Guide]