Short and Sweet - Tips and Tricks

[cyberdrifter]

I'd like to start a thread that shares potentially useful tricks and tips within the security realm that others could benefit from. Whether they're simple terminal tricks, simple or complex googlefu, obscure commands, short programs, novel ways of doing something, or a simple exploits.

The idea is to share something short and sweet that doesn't require a lot of explanation (nothing more than a couple of paragraphs at most.) and to be clear, we're looking for quick, clear, concise commands. Not links to pages or general ideas. Show us what you've found useful.

For instance:

A Simple Terminal Ping-Sweep

Code: [Select]

for i in {1..254}; do ping -c 1 -W 1 192.168.0.$i | grep 'from'; done This short terminal command can be used when you don't have access/want to avoid the bulk of more well established programs. Simply creates a forloop that iterates through a given IP range and pipes the output to grep. (Modify the IP as needed)




*WARNING* I suggest you test all suggestions in a VM before using them on your actual system... Never know what some Asshole might throw up here, on purpose or out of ignorance (to include myself). Trust be verify.


=============List of Shared Commands========================

Return a list of Dynamically linked SUID/GUID programs   
       Alternate method
Simple Python HTTP Server
Delete files by extension
       Alternate method
Google searches by filetype
Determine your public IP address
Add files to pastebin using the terminal
Mount a partition in RAM for temp/volatile storage
Rerun a command with Sudo privileges (without retyping the command)
Show list of open network connections that updates each second

[HTH]

Code: (python) [Select]

import commands;
for each in str(commands.getstatusoutput("find / -perm +6000 -type f -print 2>/dev/null")[1]).split('\n'):
    print each + '\n' + str(commands.getstatusoutput("ldd " + each)[1]) + '\n'
Returns a list of SUID/GUID programs that are dynamically linked, as well as the libs they link to

[cyberdrifter]

A stupid simple Python HTTP Server

python -m http.server

This is actually a very useful/dangerous little script I use often. All it does is use pythons simple built in HTTP server and opens up a window on port 8000 (by default). If you're already on the box and need a quick window out. From here you use your distant machine to browse to the target machines i.e.:192.168.0.2:8000 and it works like a charm.

[Syntax990]

On bash, zsh and sh; You can delete files within a directory by file extension type.

Code: [Select]

$ ls
init.py conf.py libdevin.c

$ rm !(*.c|*.py)

[cyberdrifter]

On bash, zsh and sh; You can delete files within a directory by file extension type.

Code: [Select]

$ ls
init.py conf.py libdevin.c

$ rm !(*.c|*.py)

Using a similar principle you can do google searches by file extention, for example.

In order to find the book Blackhat Python with google:

Code: [Select]

blackhat python filetype:pdf
This will do a search in google with your key terms up front i.e. the title of the book, and the filetype: operator allowing us to return ONLY PDF's that meet our criteria.



Which links us to blackhat python:
http://greysec.ir/ebook/Black.Hat.Python.Python.Programming.for.Hackers_%5Bwww.graymind.ir%5D.pdf
As our first result.

[cyberdrifter]

On bash, zsh and sh; You can delete files within a directory by file extension type.

Code: [Select]

$ ls
init.py conf.py libdevin.c

$ rm !(*.c|*.py)

I'd probably suggest using this method:

rm {*.c,*.py}

You know... less to type and all

[madf0x]

Code: (python) [Select]

import commands;
for each in str(commands.getstatusoutput("find / -perm +6000 -type f -print 2>/dev/null")[1]).split('\n'):
    print each + '\n' + str(commands.getstatusoutput("ldd " + each)[1]) + '\n'
Returns a list of SUID/GUID programs that are dynamically linked, as well as the libs they link to

or you could just use -exec like so:

Code: [Select]

find / -perm +6000 -type f -exec ldd {} \; -print 2>/dev/null

similarly find all world writable files and directories(nasty priv esc potentials):

Code: [Select]

find / -perm -2 ! -type l -ls

for when you don't care about noise, but want easy fast scanning backed by nmaps versioning:

https://github.com/superkojiman/onetwopunch

[cyberdrifter]

Determine what your address appears to be from the outside.

Code: [Select]

curl ifconfig.me

[gray-fox]

Terminal pastebin with netcat, examples:

Code: [Select]

echo 'test' | nc termbin.com 9999
cat file.txt | nc termibin.com 9999
..and you receive link for your pasted text.

[cyberdrifter]

Terminal pastebin with netcat, examples:

Code: [Select]

echo 'test' | nc termbin.com 9999
cat file.txt | nc termibin.com 9999
..and you receive link for your pasted text.

Nice one, I saw that site a while back but forgot about it... Thanks

[cyberdrifter]

Mount Termporary Partition in RAM:

Code: [Select]

mount -t tmpfs tmpfs /mnt -o size=1024m

In the case that you need to store something shady on your computer for a short time. Storing it in volatile ram makes it easier to securely dispose of.

[cyberdrifter]

Found a page that a few of you might like:
http://www.tuxradar.com/content/linux-tips-every-geek-should-know

I'm sure we all have pages link this we could share, but the intent is to filter out the best ones and offer them up, with a brief explanation.

[HTH]

or you could just use -exec like so:

Code: [Select]

find / -perm +6000 -type f -exec ldd {} \; -print 2>/dev/null


you could yes but the logs created are different that's all, i took that from a larger script though, thats the main reason its in pythong :p

[HTH]

Typo, or you just don't like python? lol

http://www.pythong.org/

nah calling it pythong just makes me laugh

[Matriplex]

For fucks sake I did something like this a few months ago.. it never took off.