Table Of ContentA
P
O
C
K
E
T
G
U
I
D
E
F
O
R
F
R
I
E
B R EA K I N G & ND
L
Y
R
E
M
E N T E R I N G O
T
E
A
D
M
I
N
S
Version 1.2
Designed and produced
as a passion project,
free to the community.
By Andy Doering
twitter.com/andy_doering
behance.net/AndyNDoering
The information in this book is
distributed “as is.” While tedious
efforts were utilized to ensure
accuracy, no responsibility
or liability will be assumed by
the author for errors or omissions,
or for the damages resulting from
the use of the information
provided within.
If you’re unsure...seek an adult.
I N D E X
[ + ] G A T H E R I N G I N F O
G O O G L E H A C K I N G 06
[ + ] N E T W O R K I N G
R O U T I N G P R O T O C O L S 10
B R O A D C A S T V S C O L L I S I O N 11
E T H E R N E T & 8 0 2 . 1 1 12
P A C K E T H E A D E R S 14
C I S C O C O M M A N D S 16
I P V 4 & I P V 6 18
[ + ] T U N N E L I N G
S S H & S C P 22
N E T C A T & S O C A T 24
[ + ] W I N D O W S
H O S T I N F O R M A T I O N 26
E X A M I N I N G A P R O C E S S 28
K E R N E L & S M B V E R S I O N S 29
I M P O R T A N T R E G / F I L E S 30
W M I C 32
P O W E R S H E L L 33
[ + ] N I X
T R I A G E C O M M A N D S 36
I P T A B L E S 42
03
[ + ] M E T A S P L O I T / M E T E R P R E T E R
C O M M A N D S 44
M S F V E N O M 47
V E I L 48
N M A P & T C P D U M P 50
W I R E S H A R K 54
F I N D & G R E P 56
A W K & S E D 58
V I M 60
[ + ] T A B L E S & R E F E R E N C E S
P O R T S & S E R V I C E S 62
A S C I I / H E X / S Y M B O L S 65
R E G E X 65
[ + ] P A C K I N G U P
T A R / Z I P / B Z I P 2 / G Z I P 68
G I T * 70
[ + ] S T A N D A R D S A N D N O T E S
N I S T S T A N D A R D S 74
T U N N E L I N G W O R K S H E E T S 77
D O T G R I D S / N O T E S 83
04
G o o g l e
h a c k i n g
s
s
e
l
e
r
i
w
- f
s o
s k
e c n
h a f o
c h d i
r - p t
a e . a p
e l s m h
s / g r r p m
e o e o n . a
, s o t f o e e
s a G l n i t T
e b / i i t a g
i a w F a D n
r t e . d m n i
o a i g n r a k
g d v n a o i c
e - / i f l a
t g y k n n u H
a n r c o i J
c i a a i / n
k r H t d s o
f c b . a e c
o a i e c h o t7
: h l l o c d no
te - / g l a / uh
se e m o c ra ok
is l o o r et c6
l g c G o f ta c/
s o . / f o rd ae
te o e m e e/ t
sn G n o n e e/ vl ss
ui / i/ c i s vb ni ’a
bg m l0 . g a ie om rp
on o n7 n n b hw c. e/
re c o5 o E a c/ y hm
. s8 s t rg ev so
eh b k0 n h/ a / ar ta ic
rc d o0 h co d t o an F.
or - o6 o ri se t. d. n
ma t b9 j a. lkn ee o si
e i i5 y en ar. nv nn ab
as o r0 e sa roe ri as et
l a/ o d twl eh iu ns
rd p fd j To ntg tc l. io
on x an r oh eei nr ua hh
Fa e s2 m Is Cnw Ia Ja Pg
05
Google Hacking:
Dates back to 2002, when Johnny Long began
to collect interesting Google search queries
that uncovered vulnerable systems and/or
sensitive information disclosures labeling
them GoogleDorks. This has the benefit of
doing host and domain enumeration without
sending any packets to another system.
===========================================================
(+) Force inclusion of something common
(-) Exclude a search term
(“) Use quotes around a search phrase
(.) A single-character wildcard
(*) Any word
(|) boolean ‘OR‘
(“String” | String) Parenthesis group queries
===========================================================
site: [url]
Limits the search to a specific site only; site:website.com
--------------------------------------
@[Search term]
Searches a keyword on social media
--------------------------------------
“Search term”
Searches an exact match
--------------------------------------
“Search * term”
Searches the * for any wildcard
--------------------------------------
06
cache:[url]
Searches for cached versions of a site or page
--------------------------------------
numrange[#]..[#]
--------------------------------------
daterange:startdate-enddate
Must be expressed in *Julian time (and only in integers)
* The number of days that have passed since January 1,
4713 B.C. unlike Gregorian days (those on the calendar)
--------------------------------------
link: [url]
Shows links to the URL and helps determine site relation-
ships and more importantly trust relationships; this gets
treated like normal search text (not a modifier) when com-
bined with other search terms though.
--------------------------------------
related: [url]
Searches related to your search term
--------------------------------------
intitle: string to search
Show only those pages that have the term in their html title
--------------------------------------
allintitle:[string]
Similar to intitle, but looks for all the specified terms in
the title
--------------------------------------
inurl: [string]
Searches for the specified term in the url; for example
inurl:”login.php”. (Can also do :port)
--------------------------------------
allinurl:[url]
Same as inurl, but searches for all terms in the url
--------------------------------------
intext:“String to search”
Searches the content of the page and similar to a plain
Google search; for example intext:”index of /”.
--------------------------------------
allintext: “String to search”
Similar to intext, but searches for all terms to be present
in the text
07
