know-how:tools
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungNächste ÜberarbeitungBeide Seiten der Revision | ||
know-how:tools [2018/06/27 08:10] – [transmageddon] cc | know-how:tools [2024/02/19 13:29] – [consumeDHCP] cc | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Need to have ====== | ====== Need to have ====== | ||
+ | |||
+ | ===== wipe ===== | ||
+ | * In meinem Fall im Einsatz bei einer Live PXE Debian Variante um Rechner zu wipen die nicht mehr gebraucht werden | ||
+ | * **Achtung** Löscht alle Platten die gefunden werden (!) | ||
+ | |||
+ | * **wipe.sh** | ||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | GRACE_TIME=" | ||
+ | TIMES_OVERWRITE=" | ||
+ | |||
+ | while (($GRACE_TIME > 0)) ; do | ||
+ | |||
+ | sleep 1 | ||
+ | |||
+ | ((GRACE_TIME--)) | ||
+ | |||
+ | done | ||
+ | |||
+ | HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk ' | ||
+ | |||
+ | echo " | ||
+ | |||
+ | echo " | ||
+ | |||
+ | dmidecode --type ' | ||
+ | |||
+ | echo " | ||
+ | |||
+ | procCount=0 | ||
+ | |||
+ | for CURRENT_HARDDISK in $HARDDISKS ; do | ||
+ | |||
+ | |||
+ | echo " | ||
+ | |||
+ | echo " | ||
+ | |||
+ | for i in $(seq 1 $TIMES_OVERWRITE ) ; do | ||
+ | |||
+ | dd if=/ | ||
+ | # https:// | ||
+ | |||
+ | pids[${procCount}]=$! | ||
+ | |||
+ | ((procCount++)) | ||
+ | |||
+ | |||
+ | done | ||
+ | |||
+ | |||
+ | |||
+ | echo " | ||
+ | |||
+ | done | ||
+ | |||
+ | # https:// | ||
+ | echo " | ||
+ | |||
+ | for pid in " | ||
+ | do | ||
+ | wait $pid | ||
+ | done | ||
+ | |||
+ | sync | ||
+ | </ | ||
+ | |||
+ | ===== checkDNSEntriesLDAP ===== | ||
+ | * Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen | ||
+ | * Getestet auf: Ubuntu 18.04 | ||
+ | * Pakete erforderlich: | ||
+ | * **Achtung** ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter **/ | ||
+ | |||
+ | |||
+ | * **/ | ||
+ | < | ||
+ | <?php | ||
+ | |||
+ | $server = " | ||
+ | //domain user to connect to LDAP | ||
+ | $user = " | ||
+ | //user password | ||
+ | $passwd = " | ||
+ | |||
+ | //zB: OU=EDV1, | ||
+ | $dn = array(0=>" | ||
+ | |||
+ | |||
+ | $search=" | ||
+ | |||
+ | |||
+ | $errDNS=0; | ||
+ | $countAll=0; | ||
+ | $okDNS=0; | ||
+ | |||
+ | for ($j=0; $j< | ||
+ | { | ||
+ | $ds=ldap_connect($server); | ||
+ | | ||
+ | |||
+ | $sr=ldap_search($ds, | ||
+ | |||
+ | $data = ldap_get_entries($ds, | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | for ($i=0; $i< | ||
+ | { | ||
+ | |||
+ | |||
+ | if(isset($data[$i][" | ||
+ | { | ||
+ | |||
+ | $ip=gethostbyname($data[$i][" | ||
+ | if($ip!=$data[$i][" | ||
+ | { | ||
+ | |||
+ | $reverseLookup=gethostbyaddr($ip); | ||
+ | |||
+ | if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i][" | ||
+ | { | ||
+ | |||
+ | echo "FAIL Hostname: " | ||
+ | | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $okDNS++; | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "FAIL NO-IP Entry: " | ||
+ | $errDNS++; | ||
+ | } | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "FAIL NO DNSHostname: | ||
+ | $errDNS++; | ||
+ | } | ||
+ | |||
+ | |||
+ | } | ||
+ | |||
+ | | ||
+ | } | ||
+ | |||
+ | echo " | ||
+ | echo "All Computer objects found: " | ||
+ | echo "All Computer objects ok: " | ||
+ | echo " | ||
+ | printf(" | ||
+ | echo " | ||
+ | echo " | ||
+ | print_r($dn); | ||
+ | |||
+ | echo " | ||
+ | |||
+ | |||
+ | ?> | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== mac-switchport ===== | ||
+ | * Für HPE1950 Serie / damit es möglich wird herauszufinden auf welchem Port und Switch bestimmte MAC Adressen gefunden werden | ||
+ | |||
+ | * **mac-switchport.sh IP_Switch MAC_Address** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | function bailout | ||
+ | { | ||
+ | echo -en " | ||
+ | exit 2; | ||
+ | } | ||
+ | |||
+ | function run_ips | ||
+ | { | ||
+ | exit_codes=0 | ||
+ | |||
+ | for i in $SWITCHES_IPS ; | ||
+ | do | ||
+ | $0 $i " | ||
+ | | ||
+ | done | ||
+ | |||
+ | exit $exit_codes | ||
+ | } | ||
+ | |||
+ | |||
+ | function usage | ||
+ | { | ||
+ | echo -en " | ||
+ | echo -en " | ||
+ | exit 1; | ||
+ | } | ||
+ | |||
+ | OID_INTERFACE_AND_MAC=" | ||
+ | |||
+ | which cut > /dev/null || bailout " | ||
+ | |||
+ | which snmpwalk > /dev/null || bailout " | ||
+ | |||
+ | which xargs > /dev/null || bailout " | ||
+ | |||
+ | which sed > /dev/null || bailout " | ||
+ | |||
+ | which printf > /dev/null || bailout " | ||
+ | |||
+ | |||
+ | [[ -n " | ||
+ | |||
+ | [[ $# != 2 ]] && usage | ||
+ | |||
+ | |||
+ | ip=" | ||
+ | mac=" | ||
+ | IFS=$' | ||
+ | |||
+ | echo $mac | grep -q -P " | ||
+ | |||
+ | [[ $? != 0 ]] && bailout "Not a correct MAC address format: $mac \n I need two digit hex mac address | ||
+ | |||
+ | while read line ; | ||
+ | do | ||
+ | mac_found=$(echo $line | cut -d" | ||
+ | |||
+ | |||
+ | echo $mac_found | grep -q -i --fixed-strings $mac | ||
+ | |||
+ | if [ $? == " | ||
+ | then | ||
+ | interface_found=$(echo $line | cut -d":" | ||
+ | number_macs=$(snmpwalk -v 1 -Os -c public " | ||
+ | echo " | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | |||
+ | done < <( snmpwalk -v 1 -Os -c public " | ||
+ | |||
+ | echo " | ||
+ | exit 1 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Roadworker-Start OpenVPN ===== | ||
+ | * Ich möchte eine Roadworker OpenVPN Datei mit verschlüsseltem Private Key in der XFCE GUI starten nach dem Login | ||
+ | |||
+ | * XFCE Startup nach dem Einloggen: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | * **roadworker-start.sh** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | |||
+ | temp_file=$(mktemp) | ||
+ | |||
+ | chmod 600 $temp_file | ||
+ | |||
+ | |||
+ | zenity --title " | ||
+ | |||
+ | openvpn --daemon --writepid / | ||
+ | |||
+ | |||
+ | rm $temp_file | ||
+ | |||
+ | |||
+ | pgrep --pidfile / | ||
+ | |||
+ | |||
+ | if [ $? == " | ||
+ | then | ||
+ | |||
+ | | ||
+ | |||
+ | else | ||
+ | |||
+ | zenity --error --text=" | ||
+ | |||
+ | fi | ||
+ | |||
+ | |||
+ | exit 0 | ||
+ | </ | ||
+ | |||
+ | * **Achtung: ** bei Debian Buster ist gksudo/gksu nicht mehr in den Repositories vorhanden | ||
+ | * Openvpn Aufruf als Root : | ||
+ | < | ||
+ | pkexec --user root openvpn --daemon --writepid / | ||
+ | |||
+ | </ | ||
+ | ===== Einfache Zeitaufzeichnung ===== | ||
+ | * Benötigt wird zenity / dateutils | ||
+ | * KUNDE1 / KUNDE2 .. durch zB: Stammkunden ersetzen | ||
+ | * Erstellt Einträge unter / | ||
+ | * **Zeitaufzeichnung-Firma.sh** | ||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | PREFIX_TIME_RECORDING="/ | ||
+ | |||
+ | |||
+ | function getTime() { | ||
+ | timePattern=" | ||
+ | ok=0 | ||
+ | |||
+ | while [[ $ok == 0 ]] ; do | ||
+ | |||
+ | time=$(zenity --entry --text=" | ||
+ | |||
+ | if [[ $time =~ $timePattern ]]; then | ||
+ | ok=1 | ||
+ | fi | ||
+ | |||
+ | done | ||
+ | |||
+ | echo $time | ||
+ | |||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | function bailout() { | ||
+ | |||
+ | zenity --error --text=" | ||
+ | |||
+ | exit 1 | ||
+ | |||
+ | } | ||
+ | |||
+ | |||
+ | function getCustomerName { | ||
+ | |||
+ | customerName=$(zenity --list --editable --column=" | ||
+ | |||
+ | while [[ $customerName | ||
+ | |||
+ | | ||
+ | |||
+ | done | ||
+ | |||
+ | echo $customerName | ||
+ | |||
+ | } | ||
+ | |||
+ | function getActivity { | ||
+ | activityName=$(zenity --text=" | ||
+ | |||
+ | while [[ $activityName | ||
+ | |||
+ | | ||
+ | done | ||
+ | |||
+ | echo $activityName | ||
+ | |||
+ | } | ||
+ | |||
+ | |||
+ | function getDate { | ||
+ | datePattern=" | ||
+ | |||
+ | ok=0 | ||
+ | |||
+ | curDate=$(date +%d.%m.%Y) | ||
+ | |||
+ | while [[ $ok == 0 ]] ; do | ||
+ | |||
+ | datiges=$(zenity --entry --entry-text=" | ||
+ | |||
+ | if [[ $datiges =~ $datePattern ]]; then | ||
+ | ok=1 | ||
+ | fi | ||
+ | |||
+ | done | ||
+ | |||
+ | echo $datiges | ||
+ | |||
+ | |||
+ | } | ||
+ | |||
+ | which dateutils.ddiff || (zenity --error --text=" | ||
+ | |||
+ | beginTime=$(getTime " | ||
+ | |||
+ | endTime=$(getTime " | ||
+ | |||
+ | timeDiff=$(dateutils.ddiff $beginTime $endTime -f " | ||
+ | hours=$(echo $timeDiff | cut -d":" | ||
+ | minutes=$(echo $timeDiff | cut -d":" | ||
+ | minPercentage=$(echo " | ||
+ | |||
+ | [[ $minPercentage == " | ||
+ | |||
+ | entryDate=$(getDate) | ||
+ | |||
+ | customerName=$(getCustomerName) | ||
+ | |||
+ | activityName=$(getActivity) | ||
+ | |||
+ | month=$(echo " | ||
+ | year=$(echo " | ||
+ | |||
+ | |||
+ | CURRENT_MONTH=" | ||
+ | |||
+ | echo $CURRENT_MONTH | ||
+ | |||
+ | [[ ! -w " | ||
+ | |||
+ | |||
+ | [[ ! -w " | ||
+ | |||
+ | |||
+ | entryText=" | ||
+ | |||
+ | echo -n -e " | ||
+ | |||
+ | zenity --info --text=" | ||
+ | |||
+ | exit 0 | ||
+ | |||
+ | |||
+ | </ | ||
+ | |||
+ | |||
===== dsniff suite ===== | ===== dsniff suite ===== | ||
* Oldschool | * Oldschool | ||
Zeile 8: | Zeile 448: | ||
Keywords: layer 2 attacks, arp spoofing, sniffing , man-in-the-middle attack, arpspoof, dsniff | Keywords: layer 2 attacks, arp spoofing, sniffing , man-in-the-middle attack, arpspoof, dsniff | ||
+ | </ | ||
+ | |||
+ | ===== hping3 ===== | ||
+ | * Firewall Tests durchführen / DoS | ||
+ | * https:// | ||
+ | * {{ : | ||
+ | |||
+ | < | ||
+ | In summary, the aim of SYN flood is sending lots of SYN packets to the | ||
+ | server and ignoring SYN+ACK packets returned by the server. This causes | ||
+ | the server to use their resources for a configured amount of time for | ||
+ | the possibility of the expected ACK packets arriving. | ||
+ | |||
+ | If an attacker sends enough SYN packets, this will overwhelm the server | ||
+ | because servers are limited in the number of concurrent TCP connections. | ||
+ | If the server reaches its limit, it cannot establish new TCP connections | ||
+ | until the existing connections which are in the SYN-RCVD state timeout. | ||
+ | |||
+ | SYN flood attacks can be performed with hping3. | ||
+ | |||
+ | Simple SYN flood: | ||
+ | |||
+ | root@kali: | ||
+ | using eth0, addr: xxx.xxx.xxx.xxx, | ||
+ | HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): | ||
+ | bytes | ||
+ | hping in flood mode, no replies will be shown | ||
+ | |||
+ | Advanced SYN flood with random source IP, different data size, and | ||
+ | window size: | ||
+ | |||
+ | root@kali: | ||
+ | --rand-source TARGET_SITE | ||
+ | HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): | ||
+ | data bytes | ||
+ | hping in flood mode, no replies will be shown | ||
+ | |||
+ | –flood: sent packets as fast as possible | ||
+ | –rand-source: | ||
+ | -c –count: packet count | ||
+ | -d –data: data size | ||
+ | -S –syn: set SYN flag | ||
+ | -w –win: winsize (default 64) | ||
+ | -p –destport: | ||
+ | |||
+ | For detailed information see the manual. | ||
+ | UDP Flood | ||
+ | |||
+ | UDP is a protocol which does not need to create a session between two | ||
+ | devices. In other words, no handshake process required. | ||
+ | |||
+ | A UDP flood does not exploit any vulnerability. The aim of UDP floods is | ||
+ | simply creating and sending large amount of UDP datagrams from spoofed | ||
+ | IP’s to the target server. When a server receives this type of traffic, | ||
+ | it is unable to process every request and it consumes its bandwidth with | ||
+ | sending ICMP “destination unreachable” packets. | ||
+ | |||
+ | hping3 can be used for creating UDP floods: | ||
+ | |||
+ | root@kali: | ||
+ | HPING xxx.xxx.xxx.xxx (eth0 xxx.xxx.xxx.xxx): | ||
+ | headers + 0 data bytes | ||
+ | hping in flood mode, no replies will be shown | ||
+ | |||
+ | –flood: sent packets as fast as possible | ||
+ | –rand-source: | ||
+ | –udp: UDP mode | ||
+ | -p –destport: | ||
+ | |||
+ | For detailed information see the manual. | ||
+ | </ | ||
+ | * **Uptime** bei tcp-timestamps ermitteln / ist **keine exakte Wissenschaft** | ||
+ | * https:// | ||
+ | < | ||
+ | hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245 | ||
+ | HPING 10.0.23.245 (eth0 10.0.23.245): | ||
+ | len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms | ||
+ | TCP timestamp: tcpts=1138723235 | ||
+ | |||
+ | len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms | ||
+ | TCP timestamp: tcpts=1138724235 | ||
+ | HZ seems hz=1000 | ||
+ | System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds | ||
+ | |||
+ | |||
+ | --- 10.0.23.245 hping statistic --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/avg/max = 3.5/5.6/7.6 ms | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== consumeDHCP ===== | ||
+ | * DHCP Server leases aufsaugen / getestet mit Debian Bookworm | ||
+ | * **consumeDHCP.sh** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | NIC_INTERFACE=" | ||
+ | NUMBER=" | ||
+ | BRIDGE_NAME=" | ||
+ | |||
+ | |||
+ | function bailout | ||
+ | { | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | exit 2 | ||
+ | } | ||
+ | |||
+ | function clean | ||
+ | { | ||
+ | count=" | ||
+ | tap_names=" | ||
+ | while ( ip addr ls " | ||
+ | do | ||
+ | echo " | ||
+ | dhclient -r --no-pid -d -lf / | ||
+ | ip li set dev " | ||
+ | ip li del " | ||
+ | ((count++)) | ||
+ | done | ||
+ | |||
+ | pgrep -a " | ||
+ | |||
+ | } | ||
+ | |||
+ | which macchanger > /dev/null || bailout " | ||
+ | which ip > /dev/null || bailout " | ||
+ | which dhclient > /dev/null || bailout " | ||
+ | |||
+ | [[ $# != 2 && $# != 1 ]] && bailout " | ||
+ | |||
+ | if [ " | ||
+ | clean | ||
+ | exit 0 | ||
+ | |||
+ | fi | ||
+ | |||
+ | (( NUMBER > 0 )) || bailout " | ||
+ | |||
+ | ip addr ls $NIC_INTERFACE &> /dev/null || bailout " | ||
+ | |||
+ | clean | ||
+ | |||
+ | ip li set dev $NIC_INTERFACE up | ||
+ | |||
+ | for i in $(seq 1 $NUMBER); do | ||
+ | tap_names=" | ||
+ | ip li add link $NIC_INTERFACE " | ||
+ | ip li set dev " | ||
+ | | ||
+ | ip li set dev " | ||
+ | |||
+ | dhclient --no-pid -lf / | ||
+ | | ||
+ | done | ||
+ | |||
+ | |||
+ | exit 0 | ||
</ | </ | ||
===== yersinia ===== | ===== yersinia ===== | ||
* Level2/3 Chaos | * Level2/3 Chaos | ||
+ | * {{ : | ||
< | < | ||
http:// | http:// | ||
keywords: Dos , DHCP flooding , vlan attack | keywords: Dos , DHCP flooding , vlan attack | ||
- | {{ : | + | |
</ | </ | ||
Zeile 28: | Zeile 630: | ||
+ | ===== reptyr ===== | ||
+ | * zB: vim Session wieder herstellen / wenn die SSH Verbindung abbricht / Programm mit PID zum aktuellen terminal " | ||
+ | < | ||
+ | man Auszug | ||
+ | " | ||
+ | |||
+ | apt-get install reptyr | ||
+ | |||
+ | |||
+ | reptyr PID | ||
+ | |||
+ | </ | ||
===== crunch ===== | ===== crunch ===== | ||
* Wordlists erstellen unter bestimmten Kriterien | * Wordlists erstellen unter bestimmten Kriterien |
know-how/tools.txt · Zuletzt geändert: 2024/02/26 10:30 von cc