diff --git a/tldr/crackle b/tldr/crackle new file mode 100644 index 00000000..bc509feb --- /dev/null +++ b/tldr/crackle @@ -0,0 +1,21 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# crackle + +> Crack and decrypt Bluetooth Low Energy (BLE) encryption. +> More information: . + +- Check whether the recorded BLE communications contain the packets necessary for recovering temporary keys (TKs): + +`crackle -i {{path/to/input.pcap}}` + +- Use brute force to recover the TK of the recorded pairing events and use it to decrypt all subsequent communications: + +`crackle -i {{path/to/input.pcap}} -o {{path/to/decrypted.pcap}}` + +- Use the specified long-term key (LTK) to decrypt the recorded communication: + +`crackle -i {{path/to/input.pcap}} -o {{path/to/decrypted.pcap}} -l {{81b06facd90fe7a6e9bbd9cee59736a7}}` diff --git a/tldr/git-config b/tldr/git-config index 3cf9d42a..590a2d04 100644 --- a/tldr/git-config +++ b/tldr/git-config @@ -9,13 +9,13 @@ source: https://github.com/tldr-pages/tldr.git > These configurations can be local (for the current repository) or global (for the current user). > More information: . -- List only local configuration entries (stored in `.git/config` in the current repository): +- Globally set your name or email (this information is required to commit to a repository and will be included in all commits): -`git config --list --local` +`git config --global {{user.name|user.email}} "{{Your Name|email@example.com}}"` -- List only global configuration entries (stored in `~/.gitconfig` by default or in `$XDG_CONFIG_HOME/git/config` if such a file exists): +- List local or global configuration entries: -`git config --list --global` +`git config --list --{{local|global}}` - List only system configuration entries (stored in `/etc/gitconfig`), and show their file location: @@ -33,10 +33,10 @@ source: https://github.com/tldr-pages/tldr.git `git config --global --unset alias.unstage` -- Edit the Git configuration for the current repository in the default editor: +- Edit the local Git configuration (`.git/config`) in the default editor: `git config --edit` -- Edit the global Git configuration in the default editor: +- Edit the global Git configuration (`~/.gitconfig` by default or `$XDG_CONFIG_HOME/git/config` if such a file exists) in the default editor: `git config --global --edit` diff --git a/tldr/linux/kill b/tldr/linux/kill index 01b91650..ed9b27b2 100644 --- a/tldr/linux/kill +++ b/tldr/linux/kill @@ -15,7 +15,7 @@ source: https://github.com/tldr-pages/tldr.git - List signal values and their corresponding names (to be used without the `SIG` prefix): -`kill {{-L|--table}}` +`kill -L` - Terminate a background job: diff --git a/tldr/nxc b/tldr/nxc new file mode 100644 index 00000000..0c1dafd7 --- /dev/null +++ b/tldr/nxc @@ -0,0 +1,26 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# nxc + +> Network service enumeration and exploitation tool. +> Some subcommands such as `nxc smb` have their own usage documentation. +> More information: . + +- [L]ist available modules for the specified protocol: + +`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -L` + +- List the options available for the specified module: + +`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -M {{module_name}} --options` + +- Specify an option for a module: + +`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} -M {{module_name}} -o {{OPTION_NAME}}={{option_value}}` + +- View the options available for the specified protocol: + +`nxc {{smb|ssh|ldap|ftp|wmi|winrm|rdp|vnc|mssql}} --help` diff --git a/tldr/nxc-ftp b/tldr/nxc-ftp new file mode 100644 index 00000000..be5a75ef --- /dev/null +++ b/tldr/nxc-ftp @@ -0,0 +1,29 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# nxc ftp + +> Pentest and exploit FTP servers. +> More information: . + +- Search for valid credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords: + +`nxc ftp {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}` + +- Continue searching for valid credentials even after valid credentials have been found: + +`nxc ftp {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}} --continue-on-success` + +- Perform directory listings on each FTP server the supplied credentials are valid on: + +`nxc ftp {{192.168.178.0/24}} -u {{username}} -p {{password}} --ls` + +- Download the specified file from the target server: + +`nxc ftp {{192.168.178.2}} -u {{username}} -p {{password}} --get {{path/to/file}}` + +- Upload the specified file to the target server at the specified location: + +`nxc ftp {{192.168.178.2}} -u {{username}} -p {{password}} --put {{path/to/local_file}} {{path/to/remote_location}}` diff --git a/tldr/nxc-ldap b/tldr/nxc-ldap new file mode 100644 index 00000000..960b201c --- /dev/null +++ b/tldr/nxc-ldap @@ -0,0 +1,29 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# nxc ldap + +> Pentest and exploit Windows Active Directory Domains via LDAP. +> More information: . + +- Search for valid domain credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords: + +`nxc ldap {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}` + +- Enumerate active domain users: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --active-users` + +- Collect data about the targeted domain and automatically import these data into BloodHound: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --bloodhound --collection {{All}}` + +- Attempt to collect AS_REP messages for the specified user in order to perform an ASREPRoasting attack: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p '' --asreproast {{path/to/output.txt}}` + +- Attempt to extract the passwords of group managed service accounts on the domain: + +`nxc ldap {{192.168.178.2}} -u {{username}} -p {{password}} --gmsa` diff --git a/tldr/nxc-smb b/tldr/nxc-smb new file mode 100644 index 00000000..f2bb9d43 --- /dev/null +++ b/tldr/nxc-smb @@ -0,0 +1,33 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# nxc smb + +> Pentest and exploit SMB servers. +> More information: . + +- Search for valid domain credentials by trying out every combination in the specified lists of [u]sernames and [p]asswords: + +`nxc smb {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}}` + +- Search for valid credentials for local accounts instead of domain accounts: + +`nxc smb {{192.168.178.2}} -u {{path/to/usernames.txt}} -p {{path/to/passwords.txt}} --local-auth` + +- Enumerate SMB shares and the specified users' access rights to them on the target hosts: + +`nxc smb {{192.168.178.0/24}} -u {{username}} -p {{password}} --shares` + +- Enumerate network interfaces on the target hosts, performing authentication via pass-the-hash: + +`nxc smb {{192.168.178.30-45}} -u {{username}} -H {{NTLM_hash}} --interfaces` + +- Scan the target hosts for common vulnerabilities: + +`nxc smb {{path/to/target_list.txt}} -u '' -p '' -M zerologon -M petitpotam` + +- Attempt to execute a command on the target hosts: + +`nxc smb {{192.168.178.2}} -u {{username}} -p {{password}} -x {{command}}` diff --git a/tldr/wakeonlan b/tldr/wakeonlan new file mode 100644 index 00000000..e17b6afe --- /dev/null +++ b/tldr/wakeonlan @@ -0,0 +1,25 @@ +--- +syntax: markdown +tags: [tldr, common] +source: https://github.com/tldr-pages/tldr.git +--- +# wakeonlan + +> Send packets to wake-on-LAN (WOL) enabled PCs. +> More information: . + +- Send packets to all devices on the local network (255.255.255.255) by specifying a MAC address: + +`wakeonlan {{01:02:03:04:05:06}}` + +- Send packet to a specific device via IP address: + +`wakeonlan {{01:02:03:04:05:06}} -i {{192.168.178.2}}` + +- Print the commands, but don't execute them (dry-run): + +`wakeonlan -n {{01:02:03:04:05:06}}` + +- Run in quiet mode: + +`wakeonlan -q {{01:02:03:04:05:06}}`