Red Team Scratch Page | Sid's Blog
~ / Notes $ cat 'Red Team Scratch Page.md'

Red Team Scratch Page

    2 Min     Notes
Picture of broken glass
@katelyn_g, (Unsplash, 2022)
Table of Contents

This page serves as an unordered collection of commands, short scripts, and techniques I often employ while red teaming (AKA the copy-and-paste page). Note: this page is continually updated.

Setup

Set $targetip and $targethost first.

# Add /etc/hosts entry
echo "$targetip $targethostname" | sudo tee -a /etc/hosts

# Make work structure in current directory
mkdir $targethost && cd $targethost
mkdir scans files scripts

# Set up notes page with preliminary info, including date, hostname, and IP address
echo -e "# $targethost\n*Date: $(date '+%Y-%m-%d')*\n\nHostname: $targethost\nIP addr: $targetip" > notes.md

Host Enumeration With NMAP

Scan a CTF target for the first time (AKA, an environment which doesn’t require stealth):

nmap -A -T4 -v -oA scans $host

Webserver Directory Fuzzing With Gobuster

Dir-fuzz a webserver (tailored towards web exploitation HTB machines):

gobuster dir -u $host -w $wordlist -t 20 -x $filetype1,$filetype2,$filetype3`

Reverse Shell Stabilization (Linux Victim) With Python and Perl

Upgrade a basic shell to a fully interactive shell:

# If Python is installed on the victim host, execute this there
python -c 'import pty; pty.spawn("/bin/bash")' # Or whatever shell you desire

# If Perl is installed on the victim host, execute this there
perl -e "exec '/bin/bash';" # Or whatever shell you desire

Login With Custom SSH Identity

Make sure to have the key on hand.

# Store the SSH identity
echo $key > $id.pub
# Apply required permissions
chmod 600 $id.pub
# Login
ssh -i $id.pub $host
Share 'Red Team Scratch Page'

Thank you so much for reading this entry. Note that I am open to questions, comments, and criticism — I learn alongside you. Do you see something that's not quite right or that I could otherwise improve upon? Please, do not hesitate to suggest an edit.

Email Twitter LinkedIn GitHub