# My Pentesting Cheatsheet ## My Pentesting Cheatsheet - [Home](https://docs.rtlcopymemory.com/home.md) - [Commands Only Summary](https://docs.rtlcopymemory.com/commands-only-summary.md): 🪟 = Windows, 🐧 = Linux - [Kali installation packages](https://docs.rtlcopymemory.com/commands-only-summary/kali-installation-packages.md) - [Some other cool websites](https://docs.rtlcopymemory.com/commands-only-summary/some-other-cool-websites.md) - [Preparation](https://docs.rtlcopymemory.com/preparation.md) - [Documents](https://docs.rtlcopymemory.com/preparation/documents.md) - [Contract - Checklist](https://docs.rtlcopymemory.com/preparation/contract-checklist.md) - [Rules of Engagement - Checklist](https://docs.rtlcopymemory.com/preparation/rules-of-engagement-checklist.md) - [Contractors Agreement - Checklist for Physical Assessments](https://docs.rtlcopymemory.com/preparation/contractors-agreement-checklist-for-physical-assessments.md): If the penetration test also includes physical testing, then an additional contractor's agreement is required. - [Information Gathering](https://docs.rtlcopymemory.com/information-gathering.md) - [Vulnerability Assessment](https://docs.rtlcopymemory.com/vulnerability-assessment.md) - [Pentesting Machine](https://docs.rtlcopymemory.com/pentesting-machine.md) - [Enumeration](https://docs.rtlcopymemory.com/enumeration.md): Enumeration phase tools. Fuzzing, Discovery, ... - [NMAP Scan types explained](https://docs.rtlcopymemory.com/enumeration/nmap-scan-types-explained.md) - [Firewall and IDS/IPS Evasion](https://docs.rtlcopymemory.com/enumeration/firewall-and-ids-ips-evasion.md) - [Footprinting](https://docs.rtlcopymemory.com/footprinting.md) - [Google Dorks](https://docs.rtlcopymemory.com/footprinting/google-dorks.md) - [Samba (smb)](https://docs.rtlcopymemory.com/footprinting/samba-smb.md) - [NFS](https://docs.rtlcopymemory.com/footprinting/nfs.md) - [DNS](https://docs.rtlcopymemory.com/footprinting/dns.md) - [SMTP](https://docs.rtlcopymemory.com/footprinting/smtp.md): Typical ports: TCP/25 TCP/465 - [IMAP/POP3](https://docs.rtlcopymemory.com/footprinting/imap-pop3.md): IMAP on ports: TCP/143 or TCP/993 | POP3 on ports: TCP/110 and TCP/995 - [SNMP](https://docs.rtlcopymemory.com/footprinting/snmp.md): Port: UDP/161 and Traps at UDP/162 - [MySQL](https://docs.rtlcopymemory.com/footprinting/mysql.md): Port: TCP/3306 - [MSSQL](https://docs.rtlcopymemory.com/footprinting/mssql.md): Port: TCP/1433 - [Oracle TNS](https://docs.rtlcopymemory.com/footprinting/oracle-tns.md): Port: TCP/1521 - [IPMI](https://docs.rtlcopymemory.com/footprinting/ipmi.md): Port UDP/623 - [SSH](https://docs.rtlcopymemory.com/footprinting/ssh.md): Port 22/TCP - [RDP](https://docs.rtlcopymemory.com/footprinting/rdp.md): Port: TCP/3389 - [WinRM](https://docs.rtlcopymemory.com/footprinting/winrm.md): Ports: TCP/5985, TCP/5986 - [Web Information Gathering](https://docs.rtlcopymemory.com/web-information-gathering.md) - [Whois](https://docs.rtlcopymemory.com/web-information-gathering/whois.md) - [DNS & Subdomains](https://docs.rtlcopymemory.com/web-information-gathering/dns-and-subdomains.md) - [Fingerprinting](https://docs.rtlcopymemory.com/web-information-gathering/fingerprinting.md) - [Crawlers](https://docs.rtlcopymemory.com/web-information-gathering/crawlers.md) - [Search Engine Discovery](https://docs.rtlcopymemory.com/web-information-gathering/search-engine-discovery.md) - [Automating Recon](https://docs.rtlcopymemory.com/web-information-gathering/automating-recon.md) - [Vulnerability Assessment](https://docs.rtlcopymemory.com/vulnerability-assessment-1.md) - [File Transfers](https://docs.rtlcopymemory.com/file-transfers.md) - [Windows Target](https://docs.rtlcopymemory.com/file-transfers/windows-target.md) - [Linux Target](https://docs.rtlcopymemory.com/file-transfers/linux-target.md) - [Transferring Files with Code](https://docs.rtlcopymemory.com/file-transfers/transferring-files-with-code.md) - [Miscellaneous File Transfer Methods](https://docs.rtlcopymemory.com/file-transfers/miscellaneous-file-transfer-methods.md) - [Protected Files Transfer](https://docs.rtlcopymemory.com/file-transfers/protected-files-transfer.md) - [Catching Files over HTTP/S (Nginx)](https://docs.rtlcopymemory.com/file-transfers/catching-files-over-http-s-nginx.md) - [Living Off The Land](https://docs.rtlcopymemory.com/file-transfers/living-off-the-land.md) - [Evading Detection](https://docs.rtlcopymemory.com/file-transfers/evading-detection.md) - [Shells & Payloads](https://docs.rtlcopymemory.com/shells-and-payloads.md) - [Reverse Shells + Bind + Web](https://docs.rtlcopymemory.com/shells-and-payloads/reverse-shells-+-bind-+-web.md) - [Password Attacks](https://docs.rtlcopymemory.com/password-attacks.md) - [John the ripper](https://docs.rtlcopymemory.com/password-attacks/john-the-ripper.md) - [Introduction to Hashcat](https://docs.rtlcopymemory.com/password-attacks/introduction-to-hashcat.md) - [Remote password attacks](https://docs.rtlcopymemory.com/password-attacks/remote-password-attacks.md) - [Password mutations](https://docs.rtlcopymemory.com/password-attacks/password-mutations.md) - [Password Reuse / Default Passwords](https://docs.rtlcopymemory.com/password-attacks/password-reuse-default-passwords.md) - [Windows Local Password Attacks](https://docs.rtlcopymemory.com/password-attacks/windows-local-password-attacks.md) - [Linux Local Password Attacks](https://docs.rtlcopymemory.com/password-attacks/linux-local-password-attacks.md) - [Windows Lateral Movement](https://docs.rtlcopymemory.com/password-attacks/windows-lateral-movement.md) - [Cracking Files](https://docs.rtlcopymemory.com/password-attacks/cracking-files.md) - [Attacking Common Services](https://docs.rtlcopymemory.com/attacking-common-services.md) - [FTP](https://docs.rtlcopymemory.com/attacking-common-services/ftp.md) - [SMB](https://docs.rtlcopymemory.com/attacking-common-services/smb.md) - [SQL](https://docs.rtlcopymemory.com/attacking-common-services/sql.md) - [RDP](https://docs.rtlcopymemory.com/attacking-common-services/rdp.md) - [DNS](https://docs.rtlcopymemory.com/attacking-common-services/dns.md) - [Email Services](https://docs.rtlcopymemory.com/attacking-common-services/email-services.md) - [Pivoting, Tunneling, and Port Forwarding](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding.md) - [Choosing The Dig Site & Starting Our Tunnels](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/choosing-the-dig-site-and-starting-our-tunnels.md) - [Playing Pong with Socat](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/playing-pong-with-socat.md) - [Pivoting Around Obstacles](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/pivoting-around-obstacles.md) - [Branching Out Our Tunnels](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/branching-out-our-tunnels.md) - [Double Pivots](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/double-pivots.md) - [Final considerations](https://docs.rtlcopymemory.com/pivoting-tunneling-and-port-forwarding/final-considerations.md) - [Active Directory Enumeration & Attacks](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks.md) - [Initial Enumeration](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/initial-enumeration.md) - [Sniffing out a Foothold](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/sniffing-out-a-foothold.md) - [Sighting In, Hunting For A User](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/sighting-in-hunting-for-a-user.md) - [Spray Responsibly](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/spray-responsibly.md) - [Deeper Down the Rabbit Hole](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/deeper-down-the-rabbit-hole.md) - [Kerberoasting - Cooking with Fire](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/kerberoasting-cooking-with-fire.md) - [Access Control List (ACL)](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/access-control-list-acl.md) - [Advanced Privilege Escalation in Active Directory: Stacking The Deck](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/advanced-privilege-escalation-in-active-directory-stacking-the-deck.md) - [Domain trusts](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/domain-trusts.md) - [Domain Trusts - Cross Forest](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/domain-trusts-cross-forest.md) - [Defensive Considerations](https://docs.rtlcopymemory.com/active-directory-enumeration-and-attacks/defensive-considerations.md) - [Using Web Proxies](https://docs.rtlcopymemory.com/using-web-proxies.md) - [Login Brute Forcing](https://docs.rtlcopymemory.com/login-brute-forcing.md) - [SQL Injection Fundamentals](https://docs.rtlcopymemory.com/sql-injection-fundamentals.md) - [Mitigating SQL Injection](https://docs.rtlcopymemory.com/sql-injection-fundamentals/mitigating-sql-injection.md) - [SQLMap Essentials](https://docs.rtlcopymemory.com/sqlmap-essentials.md) - [Building Attacks](https://docs.rtlcopymemory.com/sqlmap-essentials/building-attacks.md) - [Database Enumeration](https://docs.rtlcopymemory.com/sqlmap-essentials/database-enumeration.md) - [Advanced SQLMap Usage](https://docs.rtlcopymemory.com/sqlmap-essentials/advanced-sqlmap-usage.md) - [Cross-Site Scripting (XSS)](https://docs.rtlcopymemory.com/cross-site-scripting-xss.md) - [Prevention](https://docs.rtlcopymemory.com/cross-site-scripting-xss/prevention.md) - [File Inclusion](https://docs.rtlcopymemory.com/file-inclusion.md) - [File Upload Attacks](https://docs.rtlcopymemory.com/file-upload-attacks.md) - [Basic Exploitation](https://docs.rtlcopymemory.com/file-upload-attacks/basic-exploitation.md) - [Bypassing Filters](https://docs.rtlcopymemory.com/file-upload-attacks/bypassing-filters.md) - [Other Upload Attacks](https://docs.rtlcopymemory.com/file-upload-attacks/other-upload-attacks.md) - [Prevention](https://docs.rtlcopymemory.com/file-upload-attacks/prevention.md) - [Command Injections](https://docs.rtlcopymemory.com/command-injections.md) - [Exploitation](https://docs.rtlcopymemory.com/command-injections/exploitation.md) - [Filter Evasion](https://docs.rtlcopymemory.com/command-injections/filter-evasion.md) - [Web Attacks](https://docs.rtlcopymemory.com/web-attacks.md) - [HTTP Verb Tampering](https://docs.rtlcopymemory.com/web-attacks/http-verb-tampering.md) - [Insecure Direct Object References (IDOR)](https://docs.rtlcopymemory.com/web-attacks/insecure-direct-object-references-idor.md) - [XML External Entity (XXE) Injection](https://docs.rtlcopymemory.com/web-attacks/xml-external-entity-xxe-injection.md) - [GraphQL](https://docs.rtlcopymemory.com/web-attacks/graphql.md) - [Attacking Common Applications](https://docs.rtlcopymemory.com/attacking-common-applications.md) - [Application Discovery & Enumeration](https://docs.rtlcopymemory.com/attacking-common-applications/application-discovery-and-enumeration.md) - [Content Management Systems (CMS)](https://docs.rtlcopymemory.com/attacking-common-applications/content-management-systems-cms.md) - [Servlet Containers/Software Development](https://docs.rtlcopymemory.com/attacking-common-applications/servlet-containers-software-development.md) - [Infrastructure/Network Monitoring Tools](https://docs.rtlcopymemory.com/attacking-common-applications/infrastructure-network-monitoring-tools.md) - [Customer Service Mgmt & Configuration Management](https://docs.rtlcopymemory.com/attacking-common-applications/customer-service-mgmt-and-configuration-management.md) - [Common Gateway Interfaces](https://docs.rtlcopymemory.com/attacking-common-applications/common-gateway-interfaces.md) - [Thick Client Applications](https://docs.rtlcopymemory.com/attacking-common-applications/thick-client-applications.md) - [Miscellaneous Applications](https://docs.rtlcopymemory.com/attacking-common-applications/miscellaneous-applications.md) - [Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation.md) - [Linux Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation.md) - [Information Gathering](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/information-gathering.md) - [Environment-based Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/environment-based-privilege-escalation.md) - [Service-based Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/service-based-privilege-escalation.md) - [Linux Internals-based Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/linux-internals-based-privilege-escalation.md) - [Recent 0-Days](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/recent-0-days.md) - [Linux Hardening](https://docs.rtlcopymemory.com/privilege-escalation/linux-privilege-escalation/linux-hardening.md) - [Windows Privilege Escalation](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation.md) - [Getting the Lay of the Land](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/getting-the-lay-of-the-land.md) - [Windows User Privileges](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/windows-user-privileges.md) - [Windows Group Privileges](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/windows-group-privileges.md) - [Attacking the OS](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/attacking-the-os.md) - [Credential Theft](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/credential-theft.md) - [Restricted Environments](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/restricted-environments.md) - [Additional Techniques](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/additional-techniques.md) - [Dealing with End of Life Systems](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/dealing-with-end-of-life-systems.md) - [Windows Hardening](https://docs.rtlcopymemory.com/privilege-escalation/windows-privilege-escalation/windows-hardening.md) - [Windows (old page)](https://docs.rtlcopymemory.com/privilege-escalation/windows-old-page.md) - [Documentation & Reporting](https://docs.rtlcopymemory.com/documentation-and-reporting.md) - [Preparation](https://docs.rtlcopymemory.com/documentation-and-reporting/preparation.md) - [Reporting](https://docs.rtlcopymemory.com/documentation-and-reporting/reporting.md) - [Attacking Enterprise Networks](https://docs.rtlcopymemory.com/attacking-enterprise-networks.md) - [Pre-Engagement](https://docs.rtlcopymemory.com/attacking-enterprise-networks/pre-engagement.md) - [External Testing](https://docs.rtlcopymemory.com/attacking-enterprise-networks/external-testing.md) - [Internal Testing](https://docs.rtlcopymemory.com/attacking-enterprise-networks/internal-testing.md) - [Lateral Movement & Privilege Escalation](https://docs.rtlcopymemory.com/attacking-enterprise-networks/lateral-movement-and-privilege-escalation.md) - [Wrapping Up](https://docs.rtlcopymemory.com/attacking-enterprise-networks/wrapping-up.md) - [Deobfuscation](https://docs.rtlcopymemory.com/deobfuscation.md): Deobfuscation tools - [Metasploit](https://docs.rtlcopymemory.com/metasploit.md): yup, this who page is just for it :3 - [msfvenom](https://docs.rtlcopymemory.com/metasploit/msfvenom.md) - [Custom compiled files](https://docs.rtlcopymemory.com/custom-compiled-files.md) - [XSS](https://docs.rtlcopymemory.com/xss.md) - [Azure AD (Entra ID)](https://docs.rtlcopymemory.com/azure-ad-entra-id.md) --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://docs.rtlcopymemory.com/home.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.