Grep (PNG offset)

grep -oba PNG <binary file>

Binwalk (Extract all)

binwalk --dd='.*' <filename>

Wordpress brute #1

hydra -V -l <wordlist> -p 123 <ip_host> http-post-form '/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log+In:F=Invalid Username'

Gobuster dir+session

gobuster dir -u http://<ip_host> -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -x php -c PHPSESSID=<session_value>

Quick web server

python -m SimpleHTTPServer

Shell ruler func

ruler() { for s in '....^....|' '1234567890'; do w=${#s}; str=$( for (( i=1; $i<=$(( ($COLUMNS + $w) / $w )) ; i=$i+1 )); do echo -n $s; done ); str=$( echo $str | cut -c -$COLUMNS) ; echo $str; done; }

W3m <3

apt install w3m w3m-img w3m-el

See desktop via ssh

xloadimage <(ssh USER@HOSTNAME DISPLAY=:0.0 import -window root png:-)

Files >500M <1G

find / -type f -size +500M -size -1G

Open conn per IP

netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n

Check dns intercept

dig +short which.opendns.com txt @208.67.220.220

Grep ext <3

grep -r -i --include=\*.{php,cpp,txt} "search string" .

Last 30 changed files

find /search/path -type f -printf '%TY-%Tm-%Td %TT %p\n'|sort|tail -n 30

Clean email list

sed 's/[ ]*$//' < emails.txt | tr 'A-Z' 'a-z' | sort | uniq > emails-scrubbed.txt

ASCII <3

man ascii

WiFi Airodump

airmon-ng check kill && airodump-ng --band abg --gpsd --manufacturer --uptime --wps --write scan-`date +%s` wlan0

Wireshark filter #2

smb || nbns || dcerpc || nbss || dns

Wireshark filter #1

frame contains "search for anything"

Wireshark filter #3

http.request or ssl.handshake.type == 1

Nmap (Full scan/info)

nmap -sC -sV -T4 -oA initial <ip or host>

Apple Disk Copy

7z x apple-disk-image.dmg

Xor-files

xor-files -r broken-disk3.img raid-disk1.img raid-disk2.img

Mdadm create

mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/disk2 missing /dev/disk1

Mdadm loop

losetup loop1 raid-disk1.img