EvilZone
Hacking and Security => Hacking and Security => Topic started by: cyberdrifter on February 01, 2015, 10:36:57 PM
-
I'd like to start a thread that shares potentially useful tricks and tips within the security realm that others could benefit from. Whether they're simple terminal tricks, simple or complex googlefu, obscure commands, short programs, novel ways of doing something, or a simple exploits.
The idea is to share something short and sweet that doesn't require a lot of explanation (nothing more than a couple of paragraphs at most.) and to be clear, we're looking for quick, clear, concise commands. Not links to pages or general ideas. Show us what you've found useful.
For instance:
A Simple Terminal Ping-Sweep
for i in {1..254}; do ping -c 1 -W 1 192.168.0.$i | grep 'from'; done This short terminal command can be used when you don't have access/want to avoid the bulk of more well established programs. Simply creates a forloop that iterates through a given IP range and pipes the output to grep. (Modify the IP as needed)
*WARNING* I suggest you test all suggestions in a VM before using them on your actual system... Never know what some Asshole might throw up here, on purpose or out of ignorance (to include myself). Trust be verify.
=============List of Shared Commands========================
Return a list of Dynamically linked SUID/GUID programs (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99517/#msg99517)
Alternate method (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99565/#msg99565)
Simple Python HTTP Server (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99521/#msg99521)
Delete files by extension (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99526/#msg99526)
Alternate method (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99533/#msg99533)
Google searches by filetype (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99526/#msg99526)
Determine your public IP address (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99593/#msg99593)
Add files to pastebin using the terminal (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99595/#msg99595)
Mount a partition in RAM for temp/volatile storage (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99602/#msg99602)
Rerun a command with Sudo privileges (without retyping the command) (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg99870/#msg99870)
Show list of open network connections that updates each second (https://evilzone.org/hacking-and-security/short-and-sweet-tips-and-tricks/msg101174/#msg101174)
-
import commands;
for each in str(commands.getstatusoutput("find / -perm +6000 -type f -print 2>/dev/null")[1]).split('\n'):
print each + '\n' + str(commands.getstatusoutput("ldd " + each)[1]) + '\n'
Returns a list of SUID/GUID programs that are dynamically linked, as well as the libs they link to
-
A stupid simple Python HTTP Server
python -m http.server
This is actually a very useful/dangerous little script I use often. All it does is use pythons simple built in HTTP server and opens up a window on port 8000 (by default). If you're already on the box and need a quick window out. From here you use your distant machine to browse to the target machines i.e.:192.168.0.2:8000 and it works like a charm.
-
On bash, zsh and sh; You can delete files within a directory by file extension type.
$ ls
init.py conf.py libdevin.c
$ rm !(*.c|*.py)
-
On bash, zsh and sh; You can delete files within a directory by file extension type.
$ ls
init.py conf.py libdevin.c
$ rm !(*.c|*.py)
Using a similar principle you can do google searches by file extention, for example.
In order to find the book Blackhat Python with google:
blackhat python filetype:pdf
This will do a search in google with your key terms up front i.e. the title of the book, and the filetype: operator allowing us to return ONLY PDF's that meet our criteria.
Which links us to blackhat python:
http://greysec.ir/ebook/Black.Hat.Python.Python.Programming.for.Hackers_%5Bwww.graymind.ir%5D.pdf (http://greysec.ir/ebook/Black.Hat.Python.Python.Programming.for.Hackers_%5Bwww.graymind.ir%5D.pdf)
As our first result.
-
On bash, zsh and sh; You can delete files within a directory by file extension type.
$ ls
init.py conf.py libdevin.c
$ rm !(*.c|*.py)
I'd probably suggest using this method:
rm {*.c,*.py}
You know... less to type and all :P
-
import commands;
for each in str(commands.getstatusoutput("find / -perm +6000 -type f -print 2>/dev/null")[1]).split('\n'):
print each + '\n' + str(commands.getstatusoutput("ldd " + each)[1]) + '\n'
Returns a list of SUID/GUID programs that are dynamically linked, as well as the libs they link to
or you could just use -exec like so:
find / -perm +6000 -type f -exec ldd {} \; -print 2>/dev/null
similarly find all world writable files and directories(nasty priv esc potentials):
find / -perm -2 ! -type l -ls
for when you don't care about noise, but want easy fast scanning backed by nmaps versioning:
https://github.com/superkojiman/onetwopunch
-
Determine what your address appears to be from the outside.
curl ifconfig.me
-
Terminal pastebin with netcat, examples:
echo 'test' | nc termbin.com 9999
cat file.txt | nc termibin.com 9999
..and you receive link for your pasted text.
-
Terminal pastebin with netcat, examples:
echo 'test' | nc termbin.com 9999
cat file.txt | nc termibin.com 9999
..and you receive link for your pasted text.
Nice one, I saw that site a while back but forgot about it... Thanks
-
Mount Termporary Partition in RAM:mount -t tmpfs tmpfs /mnt -o size=1024m
In the case that you need to store something shady on your computer for a short time. Storing it in volatile ram makes it easier to securely dispose of.
-
Found a page that a few of you might like:
http://www.tuxradar.com/content/linux-tips-every-geek-should-know (http://www.tuxradar.com/content/linux-tips-every-geek-should-know)
I'm sure we all have pages link this we could share, but the intent is to filter out the best ones and offer them up, with a brief explanation.
-
or you could just use -exec like so:
find / -perm +6000 -type f -exec ldd {} \; -print 2>/dev/null
you could yes but the logs created are different that's all, i took that from a larger script though, thats the main reason its in pythong :p
-
Typo, or you just don't like python? lol
http://www.pythong.org/ (http://www.pythong.org/)
nah calling it pythong just makes me laugh
-
For fucks sake I did something like this a few months ago.. it never took off.
-
For fucks sake I did something like this a few months ago.. it never took off.
Gotta link? I'd like to see your offerings.
-
Nobody replied to the thread... I had something on there to do with Java for a kick starter I think. It's not important.
-
Here's a tip, familiarize yourself with the sh mod in python. Sure you've for the os mod that can already do a lot of the things the sh mod can but I've found it extremly useful so far.
Sticky, anyone?
@Matriplex - more people fiddle with python and bash than with java. It's only natural.
-
Here's a tip, familiarize yourself with the sh mod in python. Sure you've for the os mod that can already do a lot of the things the sh mod can but I've found it extremly useful so far.
The idea was to post specific commands, do you have a brief example to justify why you think the sh mod is useful?
-
Sometimes I want to fetch x number of files from a larger file base.
The following command copies 1000 files randomly from the current folder to the dest folder
ls . | shuf -n 1000 | xargs -i -t cp {} dest
-
Bang Bang:
This is an incredibly simple command, that I'm always surprised to see people don't know, so:
$ make sandwich
error: you cannot perform this operation unless you are root.
$ sudo !!
Ofcourse I'll make you a sandwich!
For instance when you run a command that requires admin privs (but forgot to type sudo), instead of typing the whole command again, just use two exclamations to represent your previous command.
-
Create list of network connections that updates every second, it will tell you:
- what program is using the connection
- what user initiated the connection
- the PID of the program running the connection
- the destination address either by domain name or IP
- the port number that it is connecting through
- what connection protocol is used: udp/tcp/etc
- It will also tell you if a connection is listening or established
watch -n 1 lsof -i -P
Breakdown
Watch - Executes a program periodically.
-n 1 - this switch tells Watch to run at an interval of once every 1 second
lsof -This program is used to list open files (everything's a file in linux... even connections)
-i -This tells lsof to only list network/internet related files
-P -This tells lsof to tells lsof to list port numbers instead of converting them to the human readable form (ie it will show 80 instead of HTTP), this helps speed up the command.
-
soo ill change things up and toss out a Win tip/trick :)
Always have some form of " Preinstallation Environment"(PE) both on disk(cd/dvd) and USB. I also like to tack on my favorite "must have" softwares onto the image/USB such as a virus scanner, malware remover etc. For XP and before BartPE is my hands down favorite, but since they stoped releasing you either have to pay(or get cracked) for a winternals version or get the WinPE as your two best choices. To iterate just a "few" uses:File recovery, password changing, system monitoring.
-
soo ill change things up and toss out a Win tip/trick :)
Always have some form of " Preinstallation Environment"(PE) both on disk(cd/dvd) and USB. I also like to tack on my favorite "must have" softwares onto the image/USB such as a virus scanner, malware remover etc. For XP and before BartPE is my hands down favorite, but since they stoped releasing you either have to pay(or get cracked) for a winternals version or get the WinPE as your two best choices. To iterate just a "few" uses:File recovery, password changing, system monitoring.
To reiterate what was said in the original post in this thread:
we're looking for actual commands.
That are: short, concise, and can be quickly explained.
Do you have an example of a command that you'd use with this method?
-
Simple ROT13 Encoding function
rot13()
{
echo "$@" | tr '[a-m][n-z][A-M][N-Z][0-4][5-9]' '[n-z][a-m][N-Z][A-M][5-9][0-4]'
}
The above function can be added to your .bashrc for ease of use (or as a stand alone script).
Once in your sourced bashrc simply type:
rot13 "whatever you want to encode" (without quotes) and your string will be encoded.
You can use this to encode whole files replacing echo with cat in the above code in which case you'd use
rot13 "Nameoffile.txt"
To decode simply input the encoded message back into rot13 and it reverses the process.
One way that someone could use this is a simple method to additionally harden passwords. If for instance you use pass phrases with real words, this will help garble those words up which will help prevent dictionary attacks. While allowing you to have a simple way to encode/decode them.
WARNING: This is NOT encryption, it is a simple encoding method, and it is not a secure method to transfer sensitive information. This is just a simple shift cipher that can help you with in very specific situations.