Wednesday, May 29, 2013

Awk vs cut

The useless use of cat is an oft thrown around smack-on-the-hand for lots of noobies asking questions on forums.

This post is not about the useless use of cat, its about me being in a mood to nitpick about something i read on that page. If you go towards the "Gripes" section of the page you will see the following:

Frederick also remarks:

I disagree with your awk/cut comment, as I often use awk for everything and cut for nothing because the syntax for awk is so much cleaner for one liners and I don't have to RTFM so much.
I'll counter that awk is overkill, and you don't need to reread the cut manual after you've read it once or twice; that's my experience. Also cut much more clearly conveys to the reader what is going on -- a small awk script certainly should not take a lot of time to decode, but if you do it too quickly, there might be subtle points which are easy to miss. By contrast, cut doesn't have those subtleties, for better or for worse.

even when doing something as simple as printing out the second column of a line, cut and awk process the line in very importantly different ways: (and just cause i'm an ass, i'll use cat uselessly)

$ cat file
word1 word2 word3
blah1 blah2 blah3

$ cat file | cut -d ' ' -f 2
word2
blah2

$ cat file | awk '{print $2}'
word2
blah2

So let's see here why the cut command sucks balls. Lets add a SINGLE SPACE ANYWHERE between the words. In this case, between word1 and word2:

$ cat file
word1 word2 word3
blah1 blah2 blah3

Now, lets run both cut and awk commands again, starting with awk this time:

$ cat file | awk '{print $2}'
word2
blah2

ok, works like someone would expect it to...what about cut?
$ cat file | cut -d ' ' -f 2

blah2

WTF? yeah, screw you cut. awk ftw

awk is smarter than cut when it comes to recognizing where the "words" are. Cut just looks at the input and thinks that is goes like this:

field1field2field3...
word1NOTHINGword2

so unless you ABSOLUTELY KNOW your input is formatted correctly, use awk instead of cut. its safer

Monday, May 6, 2013

Get list of AD Domain Controllers from DNS records

I used to be dumb and find it annoying to get the list of DCs that I would target in a pentest. Apparently its super easy to get them from DNS records.

nslookup -type=srv _ldap._tcp.dc._msdcs.COMPANY.com
replace COMPANY.com with whatever the actual domain is. If you are using the internal DNS servers, you can typically just do a "nslookup -r 1.2.3.4" to get the FQDN of the machine. That usually provides you with the "COMPANY.com" part.

Enjoy!



Other ways i've found that work:

If you have shell access:
netdom query /D:DOMAINNAME DC
net view /domain
nltest /dsgetdc:DOMAINNAME