From ee28fa21d017f822d845ffb5a1e97fa3e76d3f6e Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:46:18 -0500 Subject: [PATCH 01/15] Removing execute permissions from chmod, not needed for text files --- linux/bulk.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 linux/bulk.md diff --git a/linux/bulk.md b/linux/bulk.md old mode 100755 new mode 100644 From 300c0ea79afea981c62876c397a0d7614c39cf91 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:46:44 -0500 Subject: [PATCH 02/15] Removing execute permissions from chmod, not needed for text files --- windows/autostart.md | 0 windows/binary.md | 0 windows/cover.md | 0 windows/find_files.md | 0 windows/windows_cmd_config.md | 0 5 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 windows/autostart.md mode change 100755 => 100644 windows/binary.md mode change 100755 => 100644 windows/cover.md mode change 100755 => 100644 windows/find_files.md mode change 100755 => 100644 windows/windows_cmd_config.md diff --git a/windows/autostart.md b/windows/autostart.md old mode 100755 new mode 100644 diff --git a/windows/binary.md b/windows/binary.md old mode 100755 new mode 100644 diff --git a/windows/cover.md b/windows/cover.md old mode 100755 new mode 100644 diff --git a/windows/find_files.md b/windows/find_files.md old mode 100755 new mode 100644 diff --git a/windows/windows_cmd_config.md b/windows/windows_cmd_config.md old mode 100755 new mode 100644 From e7d9554a622d172f014e0dc8ecbf15834aff6e01 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:47:15 -0500 Subject: [PATCH 03/15] Removing execute permissions from chmod, not needed for text files --- osx/bulk.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 osx/bulk.md diff --git a/osx/bulk.md b/osx/bulk.md old mode 100755 new mode 100644 From 96d75cb90131676127757bec656b653e8e58dcf5 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 15:47:39 -0500 Subject: [PATCH 04/15] Removing execute permissions from chmod, not needed for text files --- references/rosetta.htm | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 references/rosetta.htm diff --git a/references/rosetta.htm b/references/rosetta.htm old mode 100755 new mode 100644 From 2e2cbb6bda5fe2446da7f7a788b8f0bfbbc4de27 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:04:48 -0500 Subject: [PATCH 05/15] Splitting out commands from bulk.md --- linux/find_files.md | 59 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 linux/find_files.md diff --git a/linux/find_files.md b/linux/find_files.md new file mode 100644 index 0000000..07cebbd --- /dev/null +++ b/linux/find_files.md @@ -0,0 +1,59 @@ + + + +# Linux finding files commands + +Commands that finds files on the file system are usually executed from within a shell (sh/bash) or through a forking function such as system() or exec(). + +## ls +### Attributes showing + * **Command with arguments**: `ls -l [directory or filename]` + * **Description**: Displays attributes of files and directories in the specified location + * **Output**: + *
**Ubuntu:** Show/Hide
total 429820 + drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin + drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot + drwxr-xr-x 2 root root 4096 2011-03-05 11:41 cdrom + drwxr-xr-x 15 root root 4600 2013-11-25 15:43 dev + drwxr-xr-x 158 root root 12288 2013-12-04 15:54 etc + drwxr-xr-x 4 root root 4096 2013-05-02 07:19 home + lrwxrwxrwx 1 root root 21 2012-03-01 08:11 initrd.img -> boot/initrd.img-3.2.6 + drwxr-xr-x 25 root root 16384 2013-08-23 02:50 lib + drwx------ 2 root root 16384 2011-03-05 11:40 lost+found + drwxr-xr-x 4 root root 4096 2013-08-04 22:31 media + drwxr-xr-x 3 root root 4096 2012-03-04 19:14 mnt + -rw-r--r-- 1 root root 1045 2012-08-13 23:52 nis + drwxr-xr-x 12 root root 4096 2013-08-23 03:02 opt + drwxr-xr-x 25 root root 4096 2013-08-23 02:54 pentest + dr-xr-xr-x 148 root root 0 2013-11-25 15:36 proc + drwx------ 77 root root 4096 2013-12-04 15:58 root + -rw-r--r-- 1 root root 440006761 2012-10-01 00:09 root.tgz + drwxr-xr-x 2 root root 12288 2013-08-23 02:51 sbin + drwxr-xr-x 2 root root 4096 2009-12-05 16:55 selinux + drwxr-xr-x 4 root root 4096 2011-05-10 03:42 share + drwxr-xr-x 4 root root 4096 2013-04-17 21:25 srv + drwxr-xr-x 12 root root 0 2013-11-25 15:36 sys + drwxrwxrwt 12 root root 4096 2013-12-04 01:00 tmp + drwxr-xr-x 13 root root 4096 2013-08-23 02:52 usr + drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var + lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6 +
+ +---- + +## command +### Attributes showing + * **Command with arguments**: `command --help` + * **Description**: Displays files recursively + * **Output**: + *
**OS:** Show/Hide
...
+ +---- From f31579d4d4a8dbc632e92b720a57ce4a46cedb4f Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:07:17 -0500 Subject: [PATCH 06/15] trying some md format tweaking --- linux/find_files.md | 55 +++++++++++++++++++++++---------------------- 1 file changed, 28 insertions(+), 27 deletions(-) diff --git a/linux/find_files.md b/linux/find_files.md index 07cebbd..05de3d3 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -18,33 +18,34 @@ Commands that finds files on the file system are usually executed from within a * **Command with arguments**: `ls -l [directory or filename]` * **Description**: Displays attributes of files and directories in the specified location * **Output**: - *
**Ubuntu:** Show/Hide
total 429820 - drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin - drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot - drwxr-xr-x 2 root root 4096 2011-03-05 11:41 cdrom - drwxr-xr-x 15 root root 4600 2013-11-25 15:43 dev - drwxr-xr-x 158 root root 12288 2013-12-04 15:54 etc - drwxr-xr-x 4 root root 4096 2013-05-02 07:19 home - lrwxrwxrwx 1 root root 21 2012-03-01 08:11 initrd.img -> boot/initrd.img-3.2.6 - drwxr-xr-x 25 root root 16384 2013-08-23 02:50 lib - drwx------ 2 root root 16384 2011-03-05 11:40 lost+found - drwxr-xr-x 4 root root 4096 2013-08-04 22:31 media - drwxr-xr-x 3 root root 4096 2012-03-04 19:14 mnt - -rw-r--r-- 1 root root 1045 2012-08-13 23:52 nis - drwxr-xr-x 12 root root 4096 2013-08-23 03:02 opt - drwxr-xr-x 25 root root 4096 2013-08-23 02:54 pentest - dr-xr-xr-x 148 root root 0 2013-11-25 15:36 proc - drwx------ 77 root root 4096 2013-12-04 15:58 root - -rw-r--r-- 1 root root 440006761 2012-10-01 00:09 root.tgz - drwxr-xr-x 2 root root 12288 2013-08-23 02:51 sbin - drwxr-xr-x 2 root root 4096 2009-12-05 16:55 selinux - drwxr-xr-x 4 root root 4096 2011-05-10 03:42 share - drwxr-xr-x 4 root root 4096 2013-04-17 21:25 srv - drwxr-xr-x 12 root root 0 2013-11-25 15:36 sys - drwxrwxrwt 12 root root 4096 2013-12-04 01:00 tmp - drwxr-xr-x 13 root root 4096 2013-08-23 02:52 usr - drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var - lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6 + *
**Ubuntu:** Show/Hide
+ total 429820 + drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin + drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot + drwxr-xr-x 2 root root 4096 2011-03-05 11:41 cdrom + drwxr-xr-x 15 root root 4600 2013-11-25 15:43 dev + drwxr-xr-x 158 root root 12288 2013-12-04 15:54 etc + drwxr-xr-x 4 root root 4096 2013-05-02 07:19 home + lrwxrwxrwx 1 root root 21 2012-03-01 08:11 initrd.img -> boot/initrd.img-3.2.6 + drwxr-xr-x 25 root root 16384 2013-08-23 02:50 lib + drwx------ 2 root root 16384 2011-03-05 11:40 lost+found + drwxr-xr-x 4 root root 4096 2013-08-04 22:31 media + drwxr-xr-x 3 root root 4096 2012-03-04 19:14 mnt + -rw-r--r-- 1 root root 1045 2012-08-13 23:52 nis + drwxr-xr-x 12 root root 4096 2013-08-23 03:02 opt + drwxr-xr-x 25 root root 4096 2013-08-23 02:54 pentest + dr-xr-xr-x 148 root root 0 2013-11-25 15:36 proc + drwx------ 77 root root 4096 2013-12-04 15:58 root + -rw-r--r-- 1 root root 440006761 2012-10-01 00:09 root.tgz + drwxr-xr-x 2 root root 12288 2013-08-23 02:51 sbin + drwxr-xr-x 2 root root 4096 2009-12-05 16:55 selinux + drwxr-xr-x 4 root root 4096 2011-05-10 03:42 share + drwxr-xr-x 4 root root 4096 2013-04-17 21:25 srv + drwxr-xr-x 12 root root 0 2013-11-25 15:36 sys + drwxrwxrwt 12 root root 4096 2013-12-04 01:00 tmp + drwxr-xr-x 13 root root 4096 2013-08-23 02:52 usr + drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var + lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6
---- From 6e123024ae1639848ab578cc6da50c2f47d5e15c Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:07:55 -0500 Subject: [PATCH 07/15] trying some md format tweaking --- linux/find_files.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/linux/find_files.md b/linux/find_files.md index 05de3d3..06df612 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -19,6 +19,7 @@ Commands that finds files on the file system are usually executed from within a * **Description**: Displays attributes of files and directories in the specified location * **Output**: *
**Ubuntu:** Show/Hide
+ total 429820 drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot @@ -46,6 +47,7 @@ Commands that finds files on the file system are usually executed from within a drwxr-xr-x 13 root root 4096 2013-08-23 02:52 usr drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6 +
---- From 0adf368ac78b283713cdfe48c7374b5c46932a44 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:21:09 -0500 Subject: [PATCH 08/15] Formatting should hopefully look good on github without the collapse JS --- linux/find_files.md | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/linux/find_files.md b/linux/find_files.md index 06df612..99ba39d 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -1,12 +1,12 @@ - # Linux finding files commands @@ -19,7 +19,6 @@ Commands that finds files on the file system are usually executed from within a * **Description**: Displays attributes of files and directories in the specified location * **Output**: *
**Ubuntu:** Show/Hide
- total 429820 drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot @@ -47,9 +46,7 @@ Commands that finds files on the file system are usually executed from within a drwxr-xr-x 13 root root 4096 2013-08-23 02:52 usr drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6 - -
- +
---- ## command From af22c5343b0c09adc67afa9fe6231879011aa091 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:22:30 -0500 Subject: [PATCH 09/15] Formatting should hopefully look good on github without the collapse JS --- linux/find_files.md | 1 + 1 file changed, 1 insertion(+) diff --git a/linux/find_files.md b/linux/find_files.md index 99ba39d..e502f63 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -47,6 +47,7 @@ Commands that finds files on the file system are usually executed from within a drwxr-xr-x 16 root root 4096 2011-06-08 09:16 var lrwxrwxrwx 1 root root 18 2012-03-01 08:11 vmlinuz -> boot/vmlinuz-3.2.6 + ---- ## command From 7c12c7d12eef10456a626629eaa7409d9477d49e Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:33:35 -0500 Subject: [PATCH 10/15] Add template for easier pasta --- linux/cmd_template.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 linux/cmd_template.md diff --git a/linux/cmd_template.md b/linux/cmd_template.md new file mode 100644 index 0000000..03b180e --- /dev/null +++ b/linux/cmd_template.md @@ -0,0 +1,13 @@ +---- + +## command +### Argument example + * **Command with arguments**: `command --help` + * **Description**: Displays files recursively~ + * **Output**: + *
**OS:** Show/Hide
+ ... + ... + ... +
+ From 27336f1ab45dbbdfe111681b7abbc2279d19ff6e Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:34:22 -0500 Subject: [PATCH 11/15] Basic find files examples --- linux/find_files.md | 29 ++++++++++++++++++++++++----- 1 file changed, 24 insertions(+), 5 deletions(-) diff --git a/linux/find_files.md b/linux/find_files.md index e502f63..8cbf7d7 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -50,11 +50,30 @@ Commands that finds files on the file system are usually executed from within a ---- -## command -### Attributes showing - * **Command with arguments**: `command --help` - * **Description**: Displays files recursively +## find +### Search by name + * **Command with arguments**: `find / -name "issue*"` + * **Description**: Locates files matching the name (wildcards supported) * **Output**: - *
**OS:** Show/Hide
...
+ *
**Ubuntu:** Show/Hide
+ /etc/issue.net + /etc/issue + /etc/issue.dpkg-dist +
---- + +## locate + * **Command with arguments**: `locate ifconfig` + * **Description**: Look files up in the location database + * **Output**: + *
**Ubuntu:** Show/Hide
+ /pentest/forensics/volatility/volatility/plugins/linux/ifconfig.py + /pentest/forensics/volatility/volatility/plugins/linux/ifconfig.pyc + /sbin/ifconfig + /usr/share/man/de/man8/ifconfig.8.gz + /usr/share/man/fr/man8/ifconfig.8.gz + /usr/share/man/man8/ifconfig.8.gz + /usr/share/man/pt_BR/man8/ifconfig.8.gz +
+ From 2d9f12490317e4ac6d287e4b71d54ed4779c6511 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:34:44 -0500 Subject: [PATCH 12/15] Added linux find files sub section --- navigation.md | 1 + 1 file changed, 1 insertion(+) diff --git a/navigation.md b/navigation.md index bc63316..f023344 100644 --- a/navigation.md +++ b/navigation.md @@ -23,6 +23,7 @@ * [Google Doc Content](linux/bulk.md) * [Files - Blind](linux/blind.md) + * [Files - Finding](linux/find_files.md) * [SH/BASH Commands](linux/bash.md) * [Persistance](linux/persistance.md) * [Privilege Escalation](linux/privesc.md) From 5b09ea28e414d96b37d74cc78cd5a609430bdc86 Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 16:35:00 -0500 Subject: [PATCH 13/15] Giving myself credit --- index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/index.md b/index.md index 6dab791..2510e2f 100644 --- a/index.md +++ b/index.md @@ -32,6 +32,7 @@ Curators: * [@tekwizz123](https://twitter.com/tekwizz123) [gimmick:TwitterFollow](@tekwizz123) * [@jakx_](https://twitter.com/jakx_) [gimmick:TwitterFollow](@jakx_) * [@TheColonial](https://twitter.com/TheColonial) [gimmick:TwitterFollow](@TheColonial) + * [@Wireghoul](https://twitter.com/Wireghoul) [gimmick:TwitterFollow](@Wireghoul) If you would like to become a curator, please contact [mubix@hak5.org](mailto:mubix@hak5.org) From ed25588fd115bd24571926821355effae24650cd Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 17:02:46 -0500 Subject: [PATCH 14/15] Fixing markdown formatting to be consistent throughout wiki --- linux/find_files.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/linux/find_files.md b/linux/find_files.md index 8cbf7d7..c7f152b 100644 --- a/linux/find_files.md +++ b/linux/find_files.md @@ -18,7 +18,7 @@ Commands that finds files on the file system are usually executed from within a * **Command with arguments**: `ls -l [directory or filename]` * **Description**: Displays attributes of files and directories in the specified location * **Output**: - *
**Ubuntu:** Show/Hide
+ *
**Ubuntu:** Show/Hide
root@localhost:~/ ls -l / total 429820 drwxr-xr-x 2 root root 4096 2013-08-23 02:49 bin drwxr-xr-x 3 root root 4096 2013-08-23 03:18 boot @@ -52,10 +52,10 @@ Commands that finds files on the file system are usually executed from within a ## find ### Search by name - * **Command with arguments**: `find / -name "issue*"` + * **Command with arguments**: `find /etc -name "issue*"` * **Description**: Locates files matching the name (wildcards supported) * **Output**: - *
**Ubuntu:** Show/Hide
+ *
**Ubuntu:** Show/Hide
root@localhost:~/ find /etc -name "issue*" /etc/issue.net /etc/issue /etc/issue.dpkg-dist @@ -67,7 +67,7 @@ Commands that finds files on the file system are usually executed from within a * **Command with arguments**: `locate ifconfig` * **Description**: Look files up in the location database * **Output**: - *
**Ubuntu:** Show/Hide
+ *
**Ubuntu:** Show/Hide
root@localhost:~/ locate ifconfig /pentest/forensics/volatility/volatility/plugins/linux/ifconfig.py /pentest/forensics/volatility/volatility/plugins/linux/ifconfig.pyc /sbin/ifconfig From 072e64e497f5a6dc25b67bf549b16cb7f2ac9abc Mon Sep 17 00:00:00 2001 From: Eldar Marcussen Date: Wed, 4 Dec 2013 17:03:29 -0500 Subject: [PATCH 15/15] Fixing markdown formatting to be consistent throughout wiki --- linux/cmd_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/linux/cmd_template.md b/linux/cmd_template.md index 03b180e..bc945cd 100644 --- a/linux/cmd_template.md +++ b/linux/cmd_template.md @@ -5,7 +5,7 @@ * **Command with arguments**: `command --help` * **Description**: Displays files recursively~ * **Output**: - *
**OS:** Show/Hide
+ *
**OS:** Show/Hide
command --help ... ... ...