My Hacking Notes

Ports and Services

Port Scanning

21 TCP / FTP

22 TCP / SSH

25 TCP / SMTP

53 TCP / DNS

69 UDP / TFTP

79 TCP / Finger

80 TCP / HTTP

88 TCP / Kerberos

110 TCP / POP3

111 TCP / rpcbind / NFS

113 TCP / ident

119 TCP / NNTP

135 TCP / msrpc

139 TCP / Netbios

143 TCP / IMAP

161 UDP / SNMP

389 TCP / LDAP

443 TCP / HTTPS

445 TCP / SMB

464 TCP / kpasswd5

500 UDP / ISAKMP

636 TCP / LDAPS

837 TCP / rsync

1025 TCP / msrpc

1433 TCP / Microsoft SQL

1521 TCP / Oracle TNS Listener

2049 TCP / mountd (NFS)

3000 TCP / Express.js Node

3268 TCP / LDAP

3269 TCP / LDAPS

3306 TCP / MySql

3389 TCP / RDP

3690 TCP / SVN

5432 TCP / Postgresql

5985 TCP / Microsoft HTTPAPI

5985 TCP / WinRM

6379 TCP / redis

6667 TCP / irc

6697 TCP / irc

27017 TCP / mongodb

11211 TCP / memcache

Windows PrivEsc

Manual PrivEsc

PrivEsc Tools

cmd Commands

Powershell Commands

File Transfers

Startup Apps

Privilege Abuse

Always Install Elevated

Autorun Applications

Insecure File Permissions

Insecure Services

Scheduled Tasks

Bypass UAC

Finding Logged in Users

Cached Credentials

Security Identifier (SID)

Clock Skew

Dump Proccess

Dump Hashes

Active Directory

Credential Usage

Overpass the Hash

Silver Ticket

Golden Ticket

Read GMSA Password

Setup Linux as a Router

Convert vbs file to one line

Linux PrivEsc

PrivEsc Strategy

Manual Enumeration

File Transfers

Shell Upgrade and Escapes

Auto Enumeration Tools

Sudo Environment Variables

NFS

SUID and GUID executables

Persistence Methods

Groups

Malicious Python Module

Miscellaneous

Git Repo Analysis

AWS

Python Command Injection

Reading Different File Types

Steganography

Port Knocking

VoIP

HTTP Cookie Flags

Java Deserialization

Gitlab

Zip File Analysis

Kubernetes

Unprotect Excel Document

Web Application Attacks

Strategy

Login Page

XSS

Json Web Token (JWT)

SQL Injection

NoSQL Injection

LFI

RFI

PHP Wrappers

phpinfo.php

Upload Restriction Bypass

Web Servers & OS Combos

XXE Injection

Server Side Template Injection (SSTI)

Execution After Redirect (EAR)

Node.js

Git

Tomcat

Wordpress

Jenkins

Sharepoint

Gatsby

Joomla

Webdav

Cross-Site Request Forgery (CSRF)

Port Forwarding

SSH Tunnelling

Chisel

socat

rinetd

Reverse Shells

Web Shells

Linux Reverse Shells

Windows

Password Attacks

Password Wordlist Creation

Cracking Hashes

Active Directory

Web application

Guessing passwords

File types to hashes

Antivirus Evasion

Virus Detection Methods

Tools

Buffer Overflows

Linux BOF

Assembly Language

OSCP/Windows BOF

Walkthroughs (No Metasploit)

• Hack The Box
• Armageddon
• Beep
• BountyHunter
• Devel
• Jerry
• Lame
• Legacy
• Optimum
• Pit
• Popcorn
• Schooled
• Tabby
• Tenten

• Proving Grounds
• Cassios
• Cobweb
• Forward
• Muddy
• Spaghetti

• Vulnhub
• DerpNStink: 1
• Djinn
• InfoSec Prep: OSCP
• Misdirection
• Sar
• Symfonos 1
• Symfonos 2
• Symfonos 3
• Tommy Boy: 1

My Scripts

autoNmap

• Automatically scan for all open tcp & udp ports and then run nmap scripts against them.

SMTP VRFY User Enumeration

• Bruteforce a user list against SMTP using the VRFY command in order to enumerate users.