{"id":4062,"date":"2024-04-06T09:26:54","date_gmt":"2024-04-06T13:26:54","guid":{"rendered":"https:\/\/dft.wiki\/?p=4062"},"modified":"2025-12-30T19:09:09","modified_gmt":"2025-12-31T00:09:09","slug":"hacking-tools-cheat-sheet-5","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=4062","title":{"rendered":"Hacking Tools Cheat Sheet #5"},"content":{"rendered":"<h5>Reference List<\/h5>\n<ol>\n<li style=\"list-style-type: none;\">\n<ol>\n<li><a href=\"#EyeWitness\">EyeWitness<\/a><\/li>\n<li><a href=\"#rbndr\">rbndr<\/a><\/li>\n<li><a href=\"#pwncat\">pwncat<\/a><\/li>\n<li><a href=\"#pwncatcs\">pwncat-cs<\/a><\/li>\n<li><a href=\"#autorecon\">AutoRecon<\/a><\/li>\n<li><a href=\"#sleuthkit\">SleuthKit<\/a><\/li>\n<li><a href=\"#fatcat\">FatCat<\/a><\/li>\n<li><a href=\"#sshamble\">SSHAmble<\/a><\/li>\n<li><a href=\"#curl\">cURL<\/a><\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<hr id=\"EyeWitness\" \/>\n<p><strong>EyeWitness<\/strong> &#8211; Automates taking screenshots of websites and provide server headers [<a href=\"https:\/\/github.com\/FortyNorthSecurity\/EyeWitness\">Link<\/a>].<\/p>\n<pre>sudo apt install eyewitness\r\neyewitness -f list.txt<\/pre>\n<hr id=\"rbndr\" \/>\n<p><strong>rbndr<\/strong> &#8211; I a single file code written in C that allow a pentester to test software against TOCTOU (time of check, time of use) vulnerability with this DNS rebinding application [<a href=\"https:\/\/github.com\/taviso\/rbndr\">Link<\/a>].<\/p>\n<p><strong>Installation for self-hosting:<\/strong><\/p>\n<pre>git clone https:\/\/github.com\/taviso\/rbndr.git\r\ncd rbndr\r\ngcc rebinder.c -o rebinder<\/pre>\n<p><strong>Note:<\/strong> your real domain needs to be pointed to the server that will run this application. Change the proprieties of <code>static const struct root kExpectedDomain<\/code> (line #42) to match your domain before compilation. Do not be disappointed if your build fails because this decade old app need a few code changes to work (out of the scope of this post).<\/p>\n<p><strong>Using a free online server (<code>.rbndr.us<\/code>) to get the job done:<\/strong><\/p>\n<ul>\n<li>The domain syntax is: <code>&lt;ipv4 in base-16&gt;.&lt;ipv4 in base-16&gt;.rbndr.us<\/code><\/li>\n<li>In reality it would look like: <code>7f000001.c0a80001.rbndr.us<\/code>\n<ul>\n<li><code>7f000001<\/code> &gt; from hex to decimal &gt; <strong>127 0 0 1<\/strong>.<\/li>\n<li><code>c0a80001<\/code> &gt; from hex to decimal &gt; <strong>192 168 0 1<\/strong>.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>Here is a syntax helper for easy of use [<a href=\"https:\/\/lock.cmpxchg8b.com\/rebinder.html\">Link<\/a>].<\/p>\n<hr id=\"pwncat\" \/>\n<p><strong>PwnCat<\/strong> &#8211; improved Netcat with firewall and endpoint monitoring evasion features for bind and reverse shell. It self-injects a shell, port forwarding, and prevents shell from accidental interruption when Ctrl+C is pressed [<a href=\"https:\/\/github.com\/cytopia\/pwncat\">Link<\/a>].<\/p>\n<ul>\n<li>Install<\/li>\n<\/ul>\n<pre>sudo apt install pwncat -y<\/pre>\n<p><strong>OR<\/strong><\/p>\n<pre>pip install pwncat<\/pre>\n<ul>\n<li>Listener<\/li>\n<\/ul>\n<pre>pwncat -l 1337<\/pre>\n<hr id=\"pwncatcs\" \/>\n<p><strong>PwnCat-cs<\/strong> &#8211; this post-exploitation tool wraps around basic bind and reverse shells making the whole experience. It spawns a <strong>pty<\/strong> with a few different methods (with executables previously enumerated) then, it setup the terminal in raw mode that behaves like a real SSH session [<a href=\"https:\/\/github.com\/calebstewart\/pwncat\">Link<\/a>].<\/p>\n<ul>\n<li>Installation in a Python VENV<\/li>\n<\/ul>\n<pre>sudo mkdir -p \/opt\/pwncat &amp;&amp; chmod 777 \/opt\/pwncat\r\npython -m venv \/opt\/pwncat\r\n\/opt\/pwncat\/bin\/pip install pwncat-cs\r\nsudo ln -s \/opt\/pwncat\/bin\/pwncat-cs \/usr\/local\/bin<\/pre>\n<ul>\n<li>Listener<\/li>\n<\/ul>\n<pre>pwncat-cs -l :1337<\/pre>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4215\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-30.png\" alt=\"\" width=\"919\" height=\"764\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-30.png 919w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-30-300x249.png 300w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-30-768x638.png 768w\" sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4216\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-40.png\" alt=\"\" width=\"919\" height=\"764\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-40.png 919w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-40-300x249.png 300w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-28-40-768x638.png 768w\" sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-4217\" src=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-31-27.png\" alt=\"\" width=\"919\" height=\"764\" srcset=\"https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-31-27.png 919w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-31-27-300x249.png 300w, https:\/\/dft.wiki\/wp-content\/uploads\/sites\/15\/2024\/04\/Screenshot-from-2024-05-01-15-31-27-768x638.png 768w\" sizes=\"auto, (max-width: 919px) 100vw, 919px\" \/><\/p>\n<p><strong>CTRL+D<\/strong> is is the key combination that switches between Local and Remote.<\/p>\n<p>Checkout the official documentation for more information at [<a href=\"https:\/\/pwncat.readthedocs.io\/en\/latest\/usage.html\">Link<\/a>].<\/p>\n<hr id=\"autorecon\" \/>\n<p><strong>AutoRecon<\/strong> &#8211; a multi-threaded network reconnaissance tool which performs automated enumeration of services by chaining successive enumerations with other well known tools existent in the system [<a href=\"https:\/\/github.com\/Tib3rius\/AutoRecon\">Link<\/a>].<\/p>\n<pre>sudo apt install autorecon -y<\/pre>\n<hr id=\"sleuthkit\" \/>\n<p><strong>SleuthKit<\/strong> &#8211; It is a collection of UNIX-based command-line file and volume system forensic analysis tools [<a href=\"https:\/\/github.com\/Gregwar\/fatcat\/\">Link<\/a>].<\/p>\n<pre>sudo apt install sleuthkit -y\r\nsudo fsstat \/dev\/nvme0n1p1\r\nsudo mmls \/dev\/nvme0n1\r\nsudo fls -r -m \/ \/dev\/nvme0n1p1\r\nsudo icat \/dev\/nvme0n1p1 <strong>&lt;inode_number_here&gt;<\/strong> &gt; recovered.txt\r\nsudo istat \/dev\/nvme0n1p1 <strong>&lt;inode_number_here&gt;<\/strong>\r\nsudo blkls \/dev\/nvme0n1p1 | strings | grep -i password<\/pre>\n<hr id=\"fsstat\" \/>\n<p><strong>FatCat<\/strong> &#8211; Manipulates FAT filesystem disks and images to extract, repair, and recover forensic evidence [<a href=\"https:\/\/gitlab.com\/kalilinux\/packages\/sleuthkit\">Link<\/a>].<\/p>\n<pre>sudo apt install fatcat -y<\/pre>\n<pre>fatcat disk.img -i\r\nfatcat disk.img -l \/root\r\nfatcat disk.img -r \/flag.txt\r\nfatcat disk.img -r \/picture.jpg &gt; picture.jpg\r\nfatcat disk.img -x -d output\/\r\nfatcat disk.img -l \/ -d<\/pre>\n<hr id=\"sshamble\" \/>\n<p><strong>SSHAmble<\/strong> &#8211; It is an open-source reconnaissance tool that identifies SSH protocol vulnerabilities [<a href=\"https:\/\/github.com\/runZeroInc\/sshamble\">Link<\/a>].<\/p>\n<p>Installation<\/p>\n<pre>export CGO_ENABLED=0 go install github.com\/runZeroInc\/sshamble@latest<\/pre>\n<p>Usage<\/p>\n<pre>.\/sshamble badkeys-update\r\n.\/sshamble scan -o results.jsonl 10.10.10.0\/24 --users root,admin --password-file password.list\r\n.\/sshamble analyze -o \/PATH\/output-results results.jsonl<\/pre>\n<hr id=\"curl\" \/>\n<p><strong>cURL<\/strong> &#8211; Yes, <code>curl<\/code> is one of the most fundamental hacking tools for web exploitation automation, and it is present virtually anywhere.<\/p>\n<ul>\n<li>User-Agent Spoofing<\/li>\n<\/ul>\n<pre>curl -A \"<strong>Chrome\/Mozila\/etc<\/strong>\" http:\/\/10.10.10.10\/<\/pre>\n<ul>\n<li>Custom Headers<\/li>\n<\/ul>\n<pre>curl -H \"Authorization: Bearer <strong>&lt;TOKEN&gt;<\/strong>\" \r\ncurl -H \"Host: <strong>&lt;DOMAIN&gt;<\/strong>\" http:\/\/10.10.10.10\/<\/pre>\n<ul>\n<li>Saving then using a cookie or session token.<\/li>\n<\/ul>\n<pre>curl <strong>-c cookies.txt<\/strong> -d \"username=<strong>admin<\/strong>&amp;password=<strong>admin<\/strong>\" http:\/\/10.10.10.10\/\r\ncurl <strong>-b cookies.txt<\/strong> http:\/\/10.10.10.10\/<\/pre>\n<ul>\n<li>Data Handling for POST<\/li>\n<\/ul>\n<pre>curl -s <strong>-X POST<\/strong> -d \"<strong>key1=value1&amp;key2=value2<\/strong>\" http:\/\/10.10.10.10\/<\/pre>\n<ul>\n<li>Enforce resolution and port translation.<\/li>\n<\/ul>\n<pre>curl --connect-to <strong>example.com:80:10.10.10.10:8080<\/strong> http:\/\/example.com<\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Reference List EyeWitness rbndr pwncat pwncat-cs AutoRecon SleuthKit FatCat SSHAmble cURL EyeWitness &#8211; Automates taking [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-4062","post","type-post","status-publish","format-standard","hentry","category-general"],"_links":{"self":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/4062","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4062"}],"version-history":[{"count":12,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/4062\/revisions"}],"predecessor-version":[{"id":5207,"href":"https:\/\/dft.wiki\/index.php?rest_route=\/wp\/v2\/posts\/4062\/revisions\/5207"}],"wp:attachment":[{"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4062"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4062"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dft.wiki\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4062"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}