Advice

For example : 1: Linux target to PE I use just 2 scripts that enumerates for me : linpeas and pspy64 (for cron) 2. Windows : winpeas , powerup.ps1 , one liner to search *.txt, *.pdf, *.kdbx , and reading powershell history ...

95% cases just this works on both to PE 😄

Also for revshells done properly and really fast : https://www.revshells.com/

To encode https://meyerweb.com/eric/tools/dencoder/ and also https://gchq.github.io/CyberChef/

Pivot : Ligolo + pwncat

For foothold : feroxbuster , dirsearch , wappalyzer addon , burpsuite + foxyproxy addon on firefox (or chrome built in browser) ,Relay + python3 http server , and impacket stealing hashes from dc sometimes . Exploit-db + Exploit-db papers + exploit-db GDBH (sometimes)

Cracking : *2john (prepare file) , john , hydra (just sometimes) , seclists (dictionarys but only raft-medium-files/raft-medium-directorys)

Transfer : powershell wget + iwr , cmd with certutil , and if anything fails , easy impacket-smbserver

That's all my cheatsheet LOL 😄 Works anytime, no hard stuff .. keep it simple !

Big advice : always read the exploits using .. maybe ports are different, lhost+lport needs to be added , or after fuzzing you need to change the "path" exploit targets the service .. usually in 40% cases it's different then the exploit . And always check lines in code after errors .. it's self explanatory why (maybe dependencies needed) which I usually install them with pip3 simpler, faster , easier