Update cheatsheets

tldr/crackle

@@ -0,0 +1,21 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# crackle
+
+> Crack and decrypt Bluetooth Low Energy (BLE) encryption.
+> More information: <https://github.com/mikeryan/crackle>.
+
+- Check whether the recorded BLE communications contain the packets necessary for recovering temporary keys (TKs):
+
+`crackle -i {{path/to/input.pcap}}`
+
+- Use brute force to recover the TK of the recorded pairing events and use it to decrypt all subsequent communications:
+
+`crackle -i {{path/to/input.pcap}} -o {{path/to/decrypted.pcap}}`
+
+- Use the specified long-term key (LTK) to decrypt the recorded communication:
+
+`crackle -i {{path/to/input.pcap}} -o {{path/to/decrypted.pcap}} -l {{81b06facd90fe7a6e9bbd9cee59736a7}}`

tldr/git-config

@@ -9,13 +9,13 @@ source: https://github.com/tldr-pages/tldr.git
 > These configurations can be local (for the current repository) or global (for the current user).
 > More information: <https://git-scm.com/docs/git-config>.
 
-- List only local configuration entries (stored in `.git/config` in the current repository):
+- Globally set your name or email (this information is required to commit to a repository and will be included in all commits):
 
-`git config --list --local`
+`git config --global {{user.name|user.email}} "{{Your Name|email@example.com}}"`
 
-- List only global configuration entries (stored in `~/.gitconfig` by default or in `$XDG_CONFIG_HOME/git/config` if such a file exists):
+- List local or global configuration entries:
 
-`git config --list --global`
+`git config --list --{{local|global}}`
 
 - List only system configuration entries (stored in `/etc/gitconfig`), and show their file location:
 
@@ -33,10 +33,10 @@ source: https://github.com/tldr-pages/tldr.git
 
 `git config --global --unset alias.unstage`
 
-- Edit the Git configuration for the current repository in the default editor:
+- Edit the local Git configuration (`.git/config`) in the default editor:
 
 `git config --edit`
 
-- Edit the global Git configuration in the default editor:
+- Edit the global Git configuration (`~/.gitconfig` by default or `$XDG_CONFIG_HOME/git/config` if such a file exists) in the default editor:
 
 `git config --global --edit`

tldr/linux/kill

@@ -15,7 +15,7 @@ source: https://github.com/tldr-pages/tldr.git
 
 - List signal values and their corresponding names (to be used without the `SIG` prefix):
 
-`kill {{-L|--table}}`
+`kill -L`
 
 - Terminate a background job:
 

tldr/nxc

@@ -0,0 +1,26 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# nxc
+
+> Network service enumeration and exploitation tool.
+> Some subcommands such as `nxc smb` have their own usage documentation.
+> More information: <https://www.netexec.wiki/>.
+
+- [L]ist available modules for the specified protocol:
+
+`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -L`
+
+- List the options available for the specified module:
+
+`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -M {{module_name}} --options`
+
+- Specify an option for a module:
+
+`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -M {{module_name}} -o {{OPTION_NAME}}={{option_value}}`
+
+- View the options available for the specified protocol:
+
+`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} --help`

tldr/nxc-ftp

@@ -0,0 +1,29 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# nxc ftp
+
+> Pentest and exploit FTP servers.
+> More information: <https://www.netexec.wiki/ftp-protocol>.
+
+- Search for valid credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords:
+
+`nxc ftp {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}`
+
+- Continue searching for valid credentials even after valid credentials have been found:
+
+`nxc ftp {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}} --continue-on-success`
+
+- Perform directory listings on each FTP server the supplied credentials are valid on:
+
+`nxc ftp {{192.168.178.0/24}} -u {{username}} -p {{password}} --ls`
+
+- Download the specified file from the target server:
+
+`nxc ftp {{192.168.178.2}} -u {{username}} -p {{password}} --get {{path/to/file}}`
+
+- Upload the specified file to the target server at the specified location:
+
+`nxc ftp {{192.168.178.2}} -u {{username}} -p {{password}} --put {{path/to/local_file}} {{path/to/remote_location}}`

tldr/nxc-ldap

@@ -0,0 +1,29 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# nxc ldap
+
+> Pentest and exploit Windows Active Directory Domains via LDAP.
+> More information: <https://www.netexec.wiki/ldap-protocol>.
+
+- Search for valid domain credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords:
+
+`nxc ldap {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}`
+
+- Enumerate active domain users:
+
+`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --active-users`
+
+- Collect data about the targeted domain and automatically import these data into BloodHound:
+
+`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --bloodhound --collection {{All}}`
+
+- Attempt to collect AS_REP messages for the specified user in order to perform an ASREPRoasting attack:
+
+`nxc ldap {{192.168.178.2}} -u {{username}} -p '' --asreproast {{path/to/output.txt}}`
+
+- Attempt to extract the passwords of group managed service accounts on the domain:
+
+`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --gmsa`

tldr/nxc-smb

@@ -0,0 +1,33 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# nxc smb
+
+> Pentest and exploit SMB servers.
+> More information: <https://www.netexec.wiki/smb-protocol>.
+
+- Search for valid domain credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords:
+
+`nxc smb {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}`
+
+- Search for valid credentials for local accounts instead of domain accounts:
+
+`nxc smb {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}} --local-auth`
+
+- Enumerate SMB shares and the specified users' access rights to them on the target hosts:
+
+`nxc smb {{192.168.178.0/24}} -u {{username}} -p {{password}} --shares`
+
+- Enumerate network interfaces on the target hosts, performing authentication via pass-the-hash:
+
+`nxc smb {{192.168.178.30-45}} -u {{username}} -H {{NTLM_hash}} --interfaces`
+
+- Scan the target hosts for common vulnerabilities:
+
+`nxc smb {{path/to/target_list.txt}} -u '' -p '' -M zerologon -M petitpotam`
+
+- Attempt to execute a command on the target hosts:
+
+`nxc smb {{192.168.178.2}} -u {{username}} -p {{password}} -x {{command}}`

tldr/wakeonlan

@@ -0,0 +1,25 @@
+---
+syntax: markdown
+tags: [tldr, common]
+source: https://github.com/tldr-pages/tldr.git
+---
+# wakeonlan
+
+> Send packets to wake-on-LAN (WOL) enabled PCs.
+> More information: <https://github.com/jpoliv/wakeonlan>.
+
+- Send packets to all devices on the local network (255.255.255.255) by specifying a MAC address:
+
+`wakeonlan {{01:02:03:04:05:06}}`
+
+- Send packet to a specific device via IP address:
+
+`wakeonlan {{01:02:03:04:05:06}} -i {{192.168.178.2}}`
+
+- Print the commands, but don't execute them (dry-run):
+
+`wakeonlan -n {{01:02:03:04:05:06}}`
+
+- Run in quiet mode:
+
+`wakeonlan -q {{01:02:03:04:05:06}}`