Services
Attacking FTP
Command | Description |
| Connecting to the FTP server using the |
| Connecting to the FTP server using |
| Brute-forcing the FTP service. |
Attacking SMB
Command | Description |
| Null-session testing against the SMB service. |
| Network share enumeration using |
| Recursive network share enumeration using |
| Download a specific file from the shared folder. |
| Upload a specific file to the shared folder. |
| Null-session with the |
| Automated enumeratition of the SMB service using |
| Password spraying against different users from a list. |
| Connect to the SMB service using the |
| Execute a command over the SMB service using |
| Enumerating Logged-on users. |
| Extract hashes from the SAM database. |
| Use the Pass-The-Hash technique to authenticate on the target host. |
| Dump the SAM database using |
| Execute a PowerShell based reverse shell using |
Attacking SQL Databases
Command | Description |
| Connecting to the MySQL server. |
| Connecting to the MSSQL server. |
| Connecting to the MSSQL server from Linux. |
| Connecting to the MSSQL server from Linux while Windows Authentication mechanism is used by the MSSQL server. |
| Show all available databases in MySQL. |
| Select a specific database in MySQL. |
| Show all available tables in the selected database in MySQL. |
| Select all available entries from the "users" table in MySQL. |
| Show all available databases in MSSQL. |
| Select a specific database in MSSQL. |
| Show all available tables in the selected database in MSSQL. |
| Select all available entries from the "users" table in MSSQL. |
| To allow advanced options to be changed. |
| To enable the xp_cmdshell. |
| To be used after each sp_configure command to apply the changes. |
| Execute a system command from MSSQL server. |
| Create a file using MySQL. |
| Check if the the secure file privileges are empty to read locally stored files on the system. |
| Read local files in MSSQL. |
| Read local files in MySQL. |
| Hash stealing using the |
| Hash stealing using the |
| Identify linked servers in MSSQL. |
| Identify the user and its privileges used for the remote connection in MSSQL. |
Attacking RDP
Command | Description |
| Password spraying against the RDP service. |
| Brute-forcing the RDP service. |
| Connect to the RDP service using |
| Impersonate a user without its password. |
| Execute the RDP session hijack. |
| Enable "Restricted Admin Mode" on the target Windows host. |
| Use the Pass-The-Hash technique to login on the target host without a password. |
Attacking DNS
Command | Description |
| Perform an AXFR zone transfer attempt against a specific name server. |
| Brute-forcing subdomains. |
| DNS lookup for the specified subdomain. |
Attacking Email Services
Command | Description |
| DNS lookup for mail servers for the specified domain. |
| DNS lookup for mail servers for the specified domain. |
| DNS lookup of the IPv4 address for the specified subdomain. |
| Connect to the SMTP server. |
| SMTP user enumeration using the RCPT command against the specified host. |
| Verify the usage of Office365 for the specified domain. |
| Enumerate existing users using Office365 on the specified domain. |
| Password spraying against a list of users that use Office365 for the specified domain. |
| Brute-forcing the POP3 service. |
| Testing the SMTP service for the open-relay vulnerability. |
Last updated