Cheatsheet/Notes - Paul Kadali's Blog

Subnet Guide

Routing

This part is pretty important😉

ip route add 172.10.1.0/24 via 10.10.10.10(VPN Gateway)

If you don’t know what the VPN gateway is then try it with every host that is up in the network. If you want external sources for routing/pivoting, you can look at this one I found somewhere in the depths of Reddit (Don’t ask me why Shaq is on it).

Explore Hidden Networks With Double Pivoting

Interactive Shells

bash -i
python -c 'import pty; pty.spawn("/bin/sh")'
echo os.system('/bin/bash')
/bin/sh -i
perl -e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
lua: os.execute('/bin/sh')

Recommended Shells

Server	Web Shell
Windows	ASP
Apache TomCat	JSP
Apache	PHP

Reverse Shells

Pentest Monkey Cheatsheet

Hacktricks

If you’re stuck at vulnerability assessment or don’t know how to tackle something you can check here for some kind of push.

Hacktricks

eJPT Enumeration

​Subnet Guide

​Routing

Explore Hidden Networks With Double Pivoting

​Interactive Shells

​Recommended Shells

​Reverse Shells

​Hacktricks

Hacktricks

Subnet Guide

Routing

Interactive Shells

Recommended Shells

Reverse Shells

Hacktricks