# Basic Tools & Techniques

### Best Resources

1. [Hacktrics ](https://book.hacktricks.xyz/)
2. [Pentesting Book](https://pentestbook.six2dez.com/)
3. [Rana Khalil OSCP](https://rana-khalil.gitbook.io/hack-the-box-oscp-preparation/my-oscp-journey-a-review)
4. <https://notes.programmersecurity.com/>

### Getting Manual Help

* man       -              opens manual             eg: man telnet
* tlds        -              short commands        eg: tlds redis-cls
* \--help
* -h
* apropas   -    short description

### Encoding Decoding

1. &#x20;[Cyber chef](https://gchq.github.io/CyberChef/)
2. [dcode.fr](https://www.dcode.fr/)

### Simple encryption

1. [cryptii](https://cryptii.com/)

### Other Tools List

1. FTP   ftp
2. redis-cli
3. smbclient

### Check reputation of a file

<https://labs.inquest.net/> (to search for reputation of a file)

## SSH error

```
ssh user@10.10.45.205 -oHostKeyAlgorithms=+ssh-rsa
```

<table data-header-hidden><thead><tr><th width="168"></th><th width="133"></th><th></th></tr></thead><tbody><tr><td><strong>Machine</strong></td><td><strong>Platform</strong></td><td><strong>Topic</strong></td></tr><tr><td>Fawn(v.easy)</td><td>HTB</td><td>FTP anonymous user</td></tr><tr><td>Blue(easy)</td><td>THM</td><td>Eternal Blue, MSF exploit suggester</td></tr><tr><td>Flaws.cloud</td><td>Flaws.cloud</td><td>Cloud pentesting, s3 , IAM,EC2</td></tr><tr><td>Dancing(v.easy)</td><td>HTB</td><td><p>Smb unauthenticated</p><p>smbclient</p></td></tr><tr><td>Redeemer(v.easy)</td><td>HTB</td><td>unauthenticated Redis</td></tr><tr><td>Lame</td><td>HTB</td><td>SMB, usermap metasploit, exploit/multi/samba/usermap_script</td></tr><tr><td>Devel</td><td>HTB</td><td>Anonymous FTP, upload reverse shell aspx,Priviledge escaltatiion by MS10-015 </td></tr><tr><td>Optimum</td><td>HTB</td><td>HFS, msf, exploit suggester</td></tr><tr><td>Source</td><td>THM</td><td>Webmin / msf</td></tr><tr><td>Eavesdropper(easy)</td><td>THM</td><td>Linux priv escalation with sudo hijacking</td></tr><tr><td>Takeover(easy)</td><td>THM</td><td>Subdomain enumeration</td></tr><tr><td>Simple CTF (easy)</td><td>THM </td><td>simple CMS CVE-2019-9053, priv escalation through vim</td></tr><tr><td>Ambassador</td><td>HTB</td><td>Ghafran manual exploitation. priv escalation with <a href="https://github.com/GatoGamer1155/Hashicorp-Consul-RCE-via-API">https://github.com/GatoGamer1155/Hashicorp-Consul-RCE-via-API</a></td></tr><tr><td>Vulnversity(easy)</td><td>THM</td><td>php reverse shell by checking allowed extension through burp, priv escalation SUID systemctl</td></tr><tr><td>Basic Pentesting (easy)</td><td>THM</td><td>SSH brute forcing, priv escalation from private key in the .ssh folder. Break its encryption with john</td></tr><tr><td>Kenobi(easy)</td><td>THM</td><td>smb shares enumeration, proftpd 1.3.5 exploit for copying files. Priv escalation with SUID binary path exploit</td></tr><tr><td>Steel Mountain(easy)</td><td>THM</td><td>HFS exploitation msf and manual exploitation. Priv escalation with unquoted path</td></tr><tr><td>Tiki (v easy)</td><td>Vulnhub</td><td>Tiki CMS, dir busting, sudo -i priv esc</td></tr><tr><td>Beep(easy)</td><td>HTB</td><td>elastix LFI, RCE, shell shock, nmap priv esc</td></tr><tr><td>Forest(Med)</td><td>HTB</td><td>Active directory, dcsync, kerberosting, impacket</td></tr><tr><td>Active(easy)</td><td>HTB</td><td>Active directory, kerberosting,smbmap detail,groups.xml cracking</td></tr></tbody></table>

{% embed url="<https://docs.google.com/spreadsheets/d/18weuz_Eeynr6sXFQ87Cd5F0slOj9Z6rt/htmlview>" %}
Lainkusanagi OSCP Like
{% endembed %}

### Recommended Courses to get started in **practical pentesting and hacking**

[Practical  Hacking and Pentesting Course for Beginners](https://www.udemy.com/course/practical-hacking-pentesting-guide/?referralCode=CE0BCED85E7608ACC031)

[Complete Windows password hacking course](https://www.udemy.com/course/crack-windows-passwords/?referralCode=82D81C6B54BA4DB70A15)

[Cracking office files passwords(excel,PowerPoint,word)](https://www.udemy.com/course/office-password-cracking/?referralCode=3AC1F35BD17DC4739BC0)

[CEHV13 Practical certification preparation course with hands on labs](https://www.udemy.com/course/training-for-ceh-practical/?referralCode=289CF01CF51246BCAD6C)

[IoT Hands-on Hacking and Pentesting course for beginners](https://www.udemy.com/course/iot-security-beginners/?referralCode=997AF261C2E6F99BC914)

[Practical Malware Analysis for Beginners](https://www.udemy.com/course/practical-malware-analysis-for-beginners/?referralCode=CF1C47BF5371D1B9F20A)

[Practical OSINT Course for Beginners](https://www.udemy.com/course/practical-osint/?referralCode=0848C4EC66BBAC2534D6)

[Practical AI redteaming and hacking course](https://www.udemy.com/course/ai-red-teaming/?referralCode=E1EC6DD5FBC422498668)

### **Best Hacking Books**

* [Hacking: The Art of Exploitation, 2nd Edition](https://amzn.to/3FwAi3z)
* [OSINT Techniques: Resources for Uncovering Online Information](https://amzn.to/4bxUMF8)
* [Hacking APIs: Breaking Web Application Programming Interfaces](https://amzn.to/4bv93T4)
* [The Web Application Hacker's Handbook: Finding and Exploiting Security Flaws](https://amzn.to/41UvtIO)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://notes.cavementech.com/pentesting-quick-reference/basic-tools-and-techniques.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.