Hooper Labs

Kali Linux Tools

Web Shells

	ls /usr/share/webshells/ 

searchsploit (View Exploit)

	searchsploit -x 34451

searchsploit (Download Exploit)

	searchsploit -m 31337 

seachsploit (Search without Color)

	searchsploit --colour -t php 5.X | grep -vi \.php | head

DNS Zone Transfer

	dig axfr <domain> @<dns-server>

DNS Zone Transfer

	nmap --script=dns-zone-transfer -p 53 ns2.domain.com

DNS Zone Transfer

	host -l domain namesvr 

<<<<<<< HEAD

RDesktop (mount shared folder)

	rdesktop -u offsec -p password &lt;ip-address&gt; -r disk:home=/root

RDesktop (xfreerdp w/ clipboard)

	xfreerdp /clipboard /v:mycomputer.mydomain.local /port:3389 /u:myuser /d:mydomain.local /p:mypass /size:1600*1000


Desktop (mount shared folder)

	rdesktop -u offsec -p password <ip-address> -r disk:home=/root

>>>>>>> 9bc9018d7207d0d9de3f79094cb83bc24c524580

Debian (Kali) Network Manager


Run JS from Command Line

	node -e "console.log('hello')"

Run JS File from Command Line

	node script.js

Mount a WEBDAV Share (requires davfs2)

	mount -t davfs -o noexec http://example.com/webdav/ /mnt/webdav

Store username + password for WEBDAV Share

	echo -e "/mtn/webdav myUser P@ssw0rd" | tee -a /etc/davfs2/secrets

Mount a VMDK File (libguestfs-tools)

	guestmount -a /path/to/test.vmdk -i --ro /mnt/diskmnt


PUT a file with NTLM Auth

	curl --ntlm -u domain\\myUser:P@ssw0rd\? -T shell.php http://example.com:8080/shell.php


Configure Listeners

	uselistener http


	How often does a beacon phone home?


	What the base command looks like


	Server-side headers presented by the server


	Web proxy-related settings

Configure Stager

	usestager multi/launcher

Uses Invoke-Obfuscation

	assorted string manipulation to obfuscate signature-based analysis of payloads.

Interact with Agent

	interact AGENTID

Execute Shell Command

	shell ipconfig


Decrypt a file with key and IV (no padding/no salt)

	openssl enc -d -nosalt -nopad -aes-256-cbc -K "A4D350E68EED39C72CEA5585464789E160B5C5782FDD28A7D2D227F40D7B76E4" -iv '1BD487C6AC68570040CCB900EA9FED05' -in wonkatania.enc -out wonkatania.txt -k "Pure Imagination"

Connect to a HTTPS client (like nc)

	openssl s_client -connect hooperlabs.xyz:443 -cipher EXP-RC4-MD5

Encode Base64 or other things

	openssl enc -d base64 -in file.b64 -out file.txt

Decrypt AES or other things

	openssl enc aes -k deadlist -in file.txt -out file.enc


	openssl dgst -sha1 file.txt

Encrypt an image

	openssl enc -aes-128-ecb -e -in logo.rgba -out logo-ecb.rgba -pass pass:deadlist

Use a salt, key, and IV derived from a password (-k)

	openssl enc -aes-128-cbc -k pass -p -in file1 -out file1.enc


List Rules

	ufw status numbered

Delete Rule

	ufw delete 1

Add Rule

	uwf add allow 80:80/tcp


Install Perl Module

	perl -MCPAN -e 'install NetPacket::IP'

Open and create a file

	open($FILE, ">name_of_file"); 

Close the file.


Print characters to file

	print($FILE $file-content.$more_file_content); #

Declare a variable

	my $variable = "poop"; 

Loads in little endian byte format

	payload += struct.pack("<I", 0x019F6940) #

Image Manipulation

Remove compression from an image

	convert -depth 32 logo.png logo.rgba

Repackage RGBA into PNG

	convert -size $(identify logo.png | cut -f 3 -d ' ' ) -depth 32 logo-ecb.rgba logo-ecb.png

Text Manipulation

Add bytes to end of a 1111-byte file

	dd if=/dev/zero of=file2 bs=1 count=100 seek=1111