Vulnversity

NMAP: discover hosts and services on a computer network nmap -sV - scan -sV Attempts to determine the version of the services running -p or -p- Port scan for port or scan all ports -Pn Disable host discovery and just scan for open ports -A Enables OS and version detection, executes in-build scripts for further enumeration -sC Scan with the default nmap scripts -v Verbose mode -sU UDP port scan -sS TCP SYN port scan

GoBuster: tool used to brute-force URIs (directories and files), DNS subdomains and virtual host names gobuster dir -u http://10.10.10.10:3333 -w wordlist.txt -e Print the full URLs in your console -u The target URL -w Path to your wordlist -U and -P Username and Password for Basic Auth -p Proxy to use for requests -c Specify a cookie for simulating your auth

Burpsuite fuzz to see which upload are not blocked -capture request send to intruder -payloads > sniper to see which extenstion is not blocked -create payload with acceptd extension -create a netcat listener -upload and go to the file location, executing the payload -create a shell

Privilege Escalation -SUID - set owner userid upon execution -SUID - gives temporary permissions to a user to run the program/file -search for SUID files find / -user root -perm -4000 -exec ls -ldb {} \