CheatSheets

To find vulnerability:

https://nvd.nist.gov/vuln
http://exploit-db.com/
https://www.rapid7.com/db/

For finding a vulnerability, you have different tools, like Nessus, OpenVAS, which scan your environment for finding vulnerabilities.

When you find a vulnerability, you can use a vulnerability database, such Exploit-DB or NVD for exploiting it. Also, on GitHub or GitlLab, you can find some CVE PoC.

The tool SearchSploit is command-line tool for searching a vulnerability which is based on Exploit-DB.

Find SSH version

We can identify the SSH version for identifying if a vulnerability can be exploited:

$ ssh -v <ip>

Or, we telnet:

$ telnet <ip> <port> 
Trying <ip>...
Connected to <ip>.
Escape character is '^]'.
SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u3

Brute-force

SSH

hydra -l <username> -I -t 4 -P /usr/share/wordlists/SecLists/Passwords/probable-v2-top12000.txt <ip> ssh

IMAP

We can use hydra for brute-forcing the IMAP password. The example below brute-force the user account lazie:

hydra -l lazie -P /usr/share/wordlists/rockyou.txt <ip> imap

Steganography

Extract data

We can extract data from a image:

steghide extract -sf <image filename> -p <password>

Binwalk

Exract data from file:

binwalk -D='.*' image.png

Keys	Action
`?`	Open this help
`n`	Next page
`p`	Previous page
`s`	Search