So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
```
Here we are printing IP-address PORT to the first line of the file.
## Vim
@@ -249,6 +251,7 @@ Here we are printing IP-address PORT to the first line of the file.
### Search
In command-mode:
```
/
```
@@ -275,7 +278,7 @@ G
#### Add character to the beginning of each line
I have needed to do this several time when I write batch-scripts that I want to copy-paste into a windows-machine using echo. Instead of having to add a `echo` on each line I want to do it all at onece.
I have needed to do this several time when I write batch-scripts that I want to copy-paste into a windows-machine using echo. Instead of having to add a `echo on each line I want to do it all at onece.`
Here is how you do it
@@ -337,10 +340,10 @@ Shows all the files and directories and their permission settings.
drwxrwxrwt 2 root root 4,0K ago 3 17:33 myfile
```
Here we have 10 letters in the beginning. The first one `d` shows that it is a directory.
The next three letters are `r`for read, `w` for write and `x` for execute. The first three belong to the owner, the second three to the group, and the last three to all users.
Here we have 10 letters in the beginning. The first one `d shows that it is a directory.
The next three letters are rfor read, w for write and x for execute. The first three belong to the owner, the second three to the group, and the last three to all users.`
I am talking about debian/ubuntu here. On other systems I don't know.
You can define your path in `/etc/environment`. If you don't have it you can create it and add the path like this:
You can define your path in `/etc/environment. If you don't have it you can create it and add the path like this:`
```
source /etc/environment && export PATH
```
If you are using zsh (which you should) you have to add it here
If you are using zsh \(which you should\) you have to add it here
```
sudo vim /etc/zsh/zshenv
@@ -386,7 +389,6 @@ And add this line somewhere:
source /etc/environment
```
### Adding a path
This is a non-persistent way to add binaries to your path. Might be useful if you have entered a system that has limited binaries in the path.
@@ -435,7 +437,7 @@ sudo apt-get autoremove
If you download a package that is not in the official repository you can put the binary in **/opt**. That is good place to put your binaries.
Now you need to add that path to your path-variable. Remember how we set that in **/etc/environment**. So now open up that file and add `/opt` to it, so i looks like this.
Now you need to add that path to your path-variable. Remember how we set that in **/etc/environment**. So now open up that file and add `/opt to it, so i looks like this.`
I always add custom binaries last. That means that if we have two binaries with the same name the machine will first select the original binary. This way you won't have to fear screwing up, by accidentally creating a new **ls** binary for example.
## 8. Cronjobs
There are two ways to configure cronjobs. The first one is by putting scripts in the following folders.
@@ -473,13 +474,12 @@ List all devices
fdisk -l
```
## 9. The Filesystem
### The Filesystem Hierarchy Standard
This image is copied from here: http://askubuntu.com/questions/138547/how-to-understand-the-ubuntu-file-system-layout/138551#138551
This image is copied from here: [http://askubuntu.com/questions/138547/how-to-understand-the-ubuntu-file-system-layout/138551\#138551](http://askubuntu.com/questions/138547/how-to-understand-the-ubuntu-file-system-layout/138551#138551)
#### Difference between sbin and bin
@@ -558,7 +558,6 @@ umount /media/usb
Knowing how to mount and unmount might be useful if you want to get access to a remote NFS-directory. You will need to mount it to your filesystem to be able to browse it.
## Controlling services
### Systemctl
@@ -573,11 +572,13 @@ systemctl stop ssh
```
You can verify that the service is listening for connection by running network status.
```
netstat -apnt
```
Make ssh start upon boot
```
systemctl enable ssh
systemctl enable apache2
@@ -597,7 +598,6 @@ Init.d is just a wrapper around Systemctl. I prefer it.
This is a tool to control services more easily, what is running upon boot and so on.
## 10. Boot the system
## 11. Kernel
@@ -612,13 +612,12 @@ This is a tool to control services more easily, what is running upon boot and so
## 16. Network basics
### Netstat - Find outgoing and incoming connections
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
```
$ netstat -apaA inet
$ netstat -antlp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 mymachine:domain *:* LISTEN -
tcp 0 0 localhost:ipp *:* LISTEN -
@@ -648,10 +647,11 @@ udp 0 0 *:mdns *:*
udp 0 0 192.168.0.15:55065 ce-in-f189.1e100.:https ESTABLISHED 3120/chrome
```
A few interesting things to observe here is that my machine is using any port over 1024 to connect to the outside. So it is not like just because we communicate with https and connect to port 443 that we use that port on our machine. On our machine it can be any port (over 1024) and usually any port over 10000.
A few interesting things to observe here is that my machine is using any port over 1024 to connect to the outside. So it is not like just because we communicate with https and connect to port 443 that we use that port on our machine. On our machine it can be any port \(over 1024\) and usually any port over 10000.
Find out what services are listening for connection on your machine
Flags
```
-a # All
-n # show numeric addresses
@@ -659,7 +659,6 @@ Flags
-t # tcp
```
```
netstat -anpt
```
@@ -673,6 +672,10 @@ nethogs
Or you can use tcpdump, or iptables.
Every listening process of course has a PID, but unless you are root you can't might not see them all.
### Firewall - Iptables
Iptables is a firewall tool in linux. A firewall is basically a tool that scans incoming and/or outgoing traffic. You can add rules to the iptables to filter for certain traffic.
So as we can see the current policy is to accept all traffic in all directions.
If you for some reason has been tampering with the iptables and maybe fucked up. This is how you return it to the default setting, accepting all connections
```
iptables --policy INPUT ACCEPT
iptables --policy OUTPUT ACCEPT
@@ -737,12 +739,12 @@ iptables -A INPUT -s 192.168.1.30 -j DROP
iptables -A INPUT -s 192.168.1.0/24 -j DROP
```
Now if we want to see our current rules we just do
```
iptables -L
```
And we can now see our new rule.
To add line-numbers for each rule, so that you can then specify which rule you want to reset or change or something you can output the rluels with line-numbers
**Don't use binary exploits if you can avoid it. If you use it it might crash the machine. So binary exploits should be the last resort. Always use a simpler priv-esc if you can. They can also produce a lot of stuff in the sys.log**
# Internal Enumeration - Linux
We can enumarate the system manually. Or using a script. This is a great script to use for internal enumeration.
If you are wondering how to get the script onto the machine, check out that chapter. https://bobloblaw.gitbooks.io/security/content/transfering_files.html
If you are wondering how to get the script onto the machine, check out that chapter. [https://bobloblaw.gitbooks.io/security/content/transfering\_files.html](https://bobloblaw.gitbooks.io/security/content/transfering_files.html)
If you put a dot in your path you won't have to write `./binary` to be able to execute it. You will be able to execute any script or binary that is in the current directory.
If you put a dot in your path you won't have to write `./binary to be able to execute it. You will be able to execute any script or binary that is in the current directory.`
Why do people/sysadmins do this? Because they are lazy and won't want to write `./`.
Why do people/sysadmins do this? Because they are lazy and won't want to write `./.`
SUID is a bit that you can set on a file. If you run a binary the binary is run as the user who is running it. But if the binary has the SUID-bit it will be run as the owner of that binary. This can be abused.
If you have a shell that has limited sudo programs you might still be able to use it. Any program that can write or overwrite can be used. If you have `cp` you can overwrite `/etc/shadow` or `/etc/sudoers`.
**ht**
The text/binary-editor HT running as sudo
If you have a shell that has limited sudo programs you might still be able to use it. Any program that can write or overwrite can be used. If you have `cp you can overwrite /etc/shadow or /etc/sudoers.
`**`ht`**`
The text/binary-editor HT running as sudo`
**nano**
**vi/vim**
With vi it is even easier. Just open vi
```
sudo vi
:shell
@@ -187,10 +188,12 @@ sudo vi
:set shell=/bin/bash:shell
:!bash
```
And you have shell.
**less**
From less you can go into vi, and then into a shell
```
sudo less /etc/shadow
v
@@ -199,6 +202,7 @@ v
**more**
You need to run more on a file that is bigger than your screen.
