Benutzer-Werkzeuge

Webseiten-Werkzeuge


know-how:tools

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
Letzte Überarbeitung Beide Seiten der Revision
know-how:tools [2018/08/13 09:38]
cc [hping3]
know-how:tools [2021/04/24 16:03]
cc [hping3]
Zeile 1: Zeile 1:
 ====== Need to have ====== ====== Need to have ======
 +
 +===== wipe =====
 +  * In meinem Fall im Einsatz bei einer Live PXE Debian Variante um Rechner zu wipen die nicht mehr gebraucht werden
 +  * **Achtung** Löscht alle Platten die gefunden werden (!)
 +
 +  * **wipe.sh**
 +<code>
 +#!/bin/bash
 +
 +GRACE_TIME="10"
 +TIMES_OVERWRITE="2"
 +
 +while (($GRACE_TIME > 0)) ; do 
 +
 + sleep 1
 +
 + ((GRACE_TIME--))
 +
 +done
 +
 +HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk '{print $1}')
 +
 +echo "MACHINE: "
 +
 +echo "--------------------"
 +
 +dmidecode --type '1'
 +
 +echo "--------------------"
 +
 +procCount=0
 +
 +for CURRENT_HARDDISK in $HARDDISKS ; do 
 +
 +
 + echo "Harddisk - $CURRENT_HARDDISK - Debug below"
 +
 + echo "-------------------------"
 +
 + for i in $(seq 1 $TIMES_OVERWRITE ) ; do 
 +
 + dd if=/dev/zero of=$CURRENT_HARDDISK bs=16M 2>&1 &
 + # https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +
 + pids[${procCount}]=$!
 +
 + ((procCount++))
 +
 +
 + done
 +
 +
 +
 + echo "-------------------------"
 +
 +done
 +
 +# https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +echo "Process Count Waiting: $procCount"
 +
 +for pid in "${pids[*]}" ;
 +do
 + wait $pid
 + done
 +
 +sync
 +</code>
 +
 +===== checkDNSEntriesLDAP =====
 +  * Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen
 +  * Getestet auf: Ubuntu 18.04 
 +  * Pakete erforderlich: php , php-ldap , php-mbstring
 +  * **Achtung** ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter **/usr/share/ca-certificates/** und wurde mit **dpkg-reconfigure ca-certififcates** ins System "integriert" auch der Hostname stimmt mit dem Hostnamen aus den Zertifikatsinfos überein
 +
 +
 +  * **/usr/local/bin/checkDNSEntriesLDAP.php**
 +<code>
 +<?php
 +
 +$server = "ldaps://AD_SERVER:636";
 +//domain user to connect to LDAP
 +$user = "STANDARD_USER_DOMAIN@DOMAIN_ACTIVE_DIRECTORY";
 +//user password
 +$passwd = "PASSWORD_STANDARD_USER_DOMAIN";
 +
 +//zB: OU=EDV1,OU=Workstations,OU=Ressourcen,OU=VirtualSchool,DC=schule,DC=intern
 +$dn = array(0=>"DN_NAME_LDAP_PFAD1",1=>"DN_NAME_LDAP_PFAD2");
 +
 +
 +$search="(objectClass=computer)";
 +
 +
 +$errDNS=0;
 +$countAll=0;
 +$okDNS=0;
 +
 +for ($j=0; $j<count($dn); $j++)
 +{
 +        $ds=ldap_connect($server);
 +       $r=ldap_bind($ds, $user , $passwd);
 +
 + $sr=ldap_search($ds, $dn[$j], $search, array(0=>"dNSHostName",1=>"distinguishedName"));
 +
 + $data = ldap_get_entries($ds, $sr);    
 +       
 +
 +         $countAll+=$data["count"];
 +
 + for ($i=0; $i<$data["count"]; $i++) 
 + {
 +
 +
 + if(isset($data[$i]["dnshostname"][0]))
 + {
 +
 + $ip=gethostbyname($data[$i]["dnshostname"][0]);
 + if($ip!=$data[$i]["dnshostname"][0])
 + {
 +
 + $reverseLookup=gethostbyaddr($ip);
 +
 + if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i]["dnshostname"][0]) )
 + {
 +
 + echo "FAIL Hostname: ".$data[$i]["dnshostname"][0]." IP: ".$ip." Reverse: ".$reverseLookup."\n";
 +                       $errDNS++;
 +
 + }
 + else
 + {
 + $okDNS++;
 + }
 +
 +
 +
 + }
 + else
 + {
 + echo "FAIL NO-IP Entry: ".$data[$i]["dnshostname"][0]."\n";
 +                $errDNS++;
 + }
 +
 + }
 + else
 + {
 + echo "FAIL NO DNSHostname: ".$data[$i]["distinguishedName"][0]."\n";
 + $errDNS++;
 + }
 +
 +
 + }
 +
 + ldap_close($ds);
 +}
 +
 +echo "Summary:\n";
 +echo "All Computer objects found: ".$countAll."\n";
 +echo "All Computer objects ok: ".$okDNS."\n";
 +echo "Consistency integrity: ";
 +printf("%.2f \n",(($okDNS/$countAll)*100));
 +echo "Errors computer count: ".$errDNS."\n";
 +echo "OU's that i looked for :\n";
 +print_r($dn);
 +
 +echo "\n";
 +
 +
 +?>
 +
 +</code>
 +
 +===== mac-switchport =====
 +  * Für HPE1950 Serie / damit es möglich wird herauszufinden auf welchem Port und Switch bestimmte MAC Adressen gefunden werden
 +
 +  * **mac-switchport.sh IP_Switch MAC_Address** 
 +
 +<code>
 +#!/bin/bash
 +
 +function bailout
 +{
 + echo -en "ERROR: $1\n";
 + exit 2;
 +}
 +
 +function run_ips
 +{
 + exit_codes=0
 +
 + for i in $SWITCHES_IPS ;
 + do
 +           $0 $i "$1" ;
 +    exit_codes=$(($exit_codes + $?))
 + done
 +
 +       exit $exit_codes
 +}
 +
 +
 +function usage 
 +{
 + echo -en "Usage: $0 ip-address-switch  mac-address e.g. 00:75:2d:ee:5e:11\n";
 + echo -en "Usage: export SWITCHES_IPS="ip1 ip2 ip3" then $0 mac-address e.g. 00:75:2d:ee:5e:11\n";
 + exit 1;
 +}
 +
 +OID_INTERFACE_AND_MAC="1.3.6.1.2.1.17.4.3.1.2"
 +
 +which cut > /dev/null || bailout "command cut not found!"
 +
 +which snmpwalk > /dev/null || bailout "command snmpwalk not found! Debian/Ubuntu package: snmp"
 +
 +which xargs > /dev/null || bailout "command xargs not found!"
 +
 +which sed > /dev/null || bailout "command sed not found!"
 +
 +which printf > /dev/null || bailout "command printf not found!"
 +
 +
 +[[ -n "$SWITCHES_IPS" ]] && [[ $# == 1 ]] && run_ips $1
 +
 +[[ $# != 2 ]] && usage 
 +
 +
 +ip="$1"
 +mac="$2"
 +IFS=$'\n'
 +
 +echo $mac | grep -q -P "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$" 
 +
 +[[ $? != 0 ]] && bailout "Not a correct MAC address format: $mac \n I need two digit  hex mac address  e.g. 00:1f:11:32:7f:1f"
 +
 +while read line ; 
 +do 
 + mac_found=$(echo $line | cut -d"=" -f 1 | cut -d"." -f 12,13,14,15,16,17 | tr . ' ' | xargs  printf '%02x:' | sed 's/\(.*\):/\1 /')
 +
 +       
 +        echo $mac_found | grep -q -i --fixed-strings $mac
 +
 +        if [ $? == "0" ]
 + then
 +            interface_found=$(echo $line | cut -d":" -f 2 | tr -d ' ' )
 +     number_macs=$(snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" | grep -c "^.*INTEGER: $interface_found$")
 +     echo "SUCCESS;$ip;$mac;$interface_found;$number_macs"
 +     exit 0
 + fi
 +
 +
 +done  < <( snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" )
 +
 +echo "ERROR;$ip;$mac;0;0"
 +exit 1
 +</code>
 +
 +
 +===== Roadworker-Start OpenVPN =====
 +  * Ich möchte eine Roadworker OpenVPN Datei mit verschlüsseltem Private Key in der XFCE GUI starten nach dem Login
 +
 +  * XFCE Startup nach dem Einloggen:
 +
 +{{:know-how:startup-xfce-roadworker-vpn.png?400|}}
 +
 +
 +  * **roadworker-start.sh**
 +
 +<code>
 +#!/bin/bash
 +
 +
 +temp_file=$(mktemp)
 +
 +chmod 600 $temp_file
 +
 +
 +zenity --title "Roadworker VPN Password" --password > $temp_file
 +
 +openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
 +
 +
 +rm $temp_file
 +
 +
 +pgrep --pidfile /tmp/roadworker.pid
 +
 +
 +if [ $? == "0" ]
 +then
 +
 +       zenity --info --text="Konnte VPN erfolgreich starten pid: /tmp/roadworker.pid"
 +
 +else
 +
 + zenity --error --text="Konnte VPN nicht erfolgreich starten - passwort?"
 +
 +fi
 +
 +
 +exit 0
 +</code>
 +
 +  * **Achtung: ** bei Debian Buster ist gksudo/gksu nicht mehr in den Repositories vorhanden
 +  * Openvpn Aufruf als Root :
 +<code>
 +pkexec --user root openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
 +
 +</code>
 +===== Einfache Zeitaufzeichnung =====
 +  * Benötigt wird zenity / dateutils 
 +  * KUNDE1 / KUNDE2 .. durch zB: Stammkunden ersetzen
 +  * Erstellt Einträge unter /PFAD/STUNDEN/KUNDENNÀME_JAHRMONAT mit Datum/Von/Bis/Dauer/Tätigkeitsbeschreibung im CSV Format
 +  * **Zeitaufzeichnung-Firma.sh**
 +<code>
 +#!/bin/bash
 +
 +PREFIX_TIME_RECORDING="/PFAD/STUNDEN/"
 +
 +
 +function getTime() {
 +timePattern="^[0-9]{2}\:[0-9]{2}$"
 +ok=0
 +
 +while [[ $ok == 0 ]]  ; do
 +
 +time=$(zenity --entry --text="$1 im Format hh:mm")
 +
 +if [[ $time =~ $timePattern ]]; then 
 +ok=1
 +fi
 +
 +done
 +
 +echo $time
 +
 +}
 +
 +
 +
 +function bailout() {
 +
 +zenity --error --text="$1"
 +
 +exit 1
 +
 +}
 +
 +
 +function getCustomerName {
 +
 +customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3" )
 +
 +while [[ $customerName  == "" ]] ; do
 +
 + customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3")
 +
 +done 
 +
 +echo $customerName
 +
 +}
 +
 +function getActivity {
 +  activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
 +
 + while [[ $activityName  == "" ]] ; do
 +
 + activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
 +done 
 +
 +echo $activityName  
 +
 +}
 +
 +
 +function getDate {
 +datePattern="^[0-9]{2}\.[0-9]{2}\.[0-9]{4}$"
 +
 +ok=0
 +
 +curDate=$(date +%d.%m.%Y)
 +
 +while [[ $ok == 0 ]]  ; do
 +
 +datiges=$(zenity --entry --entry-text="$curDate" --text="im Format dd.mm.yyyy")
 +
 +if [[ $datiges =~ $datePattern ]]; then 
 +ok=1
 +fi
 +
 +done
 +
 +echo $datiges
 +
 +
 +}
 +
 +which dateutils.ddiff || (zenity --error --text="dateutils.ddiff not found. Consider installing: sudo apt-get install dateutils" ; exit 1)
 +
 +beginTime=$(getTime "Beginnzeit")
 +
 +endTime=$(getTime "Endzeit")
 +
 +timeDiff=$(dateutils.ddiff $beginTime $endTime -f "%H:%M"
 +hours=$(echo $timeDiff | cut -d":" -f 1)
 +minutes=$(echo $timeDiff | cut -d":" -f 2)
 +minPercentage=$(echo "scale=2;$minutes/60" | bc -l)
 +
 +[[ $minPercentage == "0" ]] && minPercentage=".00";
 +
 +entryDate=$(getDate)
 +
 +customerName=$(getCustomerName)
 +
 +activityName=$(getActivity)
 +
 +month=$(echo "$entryDate" | grep -o -P "\.[0-9]{1,2}\." ) ; month=$(echo "${month//.}")
 +year=$(echo "$entryDate" | grep -o -P "\.[0-9]{4}" ) ; year=$(echo "${year//.}")
 +
 +
 +CURRENT_MONTH="$PREFIX_TIME_RECORDING$customerName-$year$month.txt"
 +
 +echo $CURRENT_MONTH
 +
 +[[ ! -w "$CURRENT_MONTH" ]] && touch "$CURRENT_MONTH"
 +
 +
 +[[ ! -w "$CURRENT_MONTH" ]] &&  bailout "Cannot write to: $CURRENT_MONTH" 
 + 
 +
 +entryText="$entryDate;$beginTime-$endTime;$hours${minPercentage}h;$activityName\n"
 +
 +echo -n -e  "$entryText" >> $CURRENT_MONTH ||  bailout "Cannot write to: $CURRENT_MONTH CHECK MANUALLY !!!!";
 +
 +zenity --info --text="SUCCESS: $CURRENT_MONTH : $entryText" 
 +
 +exit 0
 +
 +
 +</code>
 +
 +
 ===== dsniff suite ===== ===== dsniff suite =====
   * Oldschool   * Oldschool
Zeile 14: Zeile 454:
   * https://pentest.blog/how-to-perform-ddos-test-as...   * https://pentest.blog/how-to-perform-ddos-test-as...
   * {{ :know-how:hping3-attacks-flood.pdf |}}   * {{ :know-how:hping3-attacks-flood.pdf |}}
 +
 +<code>
 +In summary, the aim of SYN flood is sending lots of SYN packets to the
 +server and ignoring SYN+ACK packets returned by the server. This causes
 +the server to use their resources for a configured amount of time for
 +the possibility of the expected ACK packets arriving.
 +
 +If an attacker sends enough SYN packets, this will overwhelm the server
 +because servers are limited in the number of concurrent TCP connections.
 +If the server reaches its limit, it cannot establish new TCP connections
 +until the existing connections which are in the SYN-RCVD state timeout.
 +
 +SYN flood attacks can be performed with hping3.
 +
 +Simple SYN flood:
 +
 +    root@kali:~# hping3 -S --flood -V -p TARGET_PORT TARGET_SITE
 +    using eth0, addr: xxx.xxx.xxx.xxx, MTU: 1500
 +    HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 0 data
 +bytes
 +    hping in flood mode, no replies will be shown
 +
 +Advanced SYN flood with random source IP, different data size, and
 +window size:
 +
 +    root@kali:~# hping3 -c 20000 -d 120 -S -w 64 -p TARGET_PORT --flood
 +--rand-source TARGET_SITE
 +    HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 120
 +data bytes
 +    hping in flood mode, no replies will be shown
 +
 +–flood: sent packets as fast as possible
 +–rand-source: random source address
 +-c –count: packet count
 +-d –data: data size
 +-S –syn: set SYN flag
 +-w –win: winsize (default 64)
 +-p –destport: destination port (default 0)
 +
 +For detailed information see the manual.
 +UDP Flood
 +
 +UDP is a protocol which does not need to create a session between two
 +devices. In other words, no handshake process required.
 +
 +A UDP flood does not exploit any vulnerability. The aim of UDP floods is
 +simply creating and sending large amount of UDP datagrams from spoofed
 +IP’s to the target server. When a server receives this type of traffic,
 +it is unable to process every request and it consumes its bandwidth with
 +sending ICMP “destination unreachable” packets.
 +
 +hping3 can be used for creating UDP floods:
 +
 +    root@kali:~# hping3 --flood --rand-source --udp -p TARGET_PORT TARGET_IP
 +    HPING xxx.xxx.xxx.xxx (eth0 xxx.xxx.xxx.xxx): udp mode set, 28
 +headers + 0 data bytes
 +    hping in flood mode, no replies will be shown
 +
 +–flood: sent packets as fast as possible
 +–rand-source: random source address
 +–udp: UDP mode
 +-p –destport: destination port (default 0)
 +
 +For detailed information see the manual.
 +</code>
 +  * Uptime bei tcp-timestamps ermitteln 
 +  * https://floatingoctothorpe.uk/2018/detecting-uptime-from-tcp-timestamps.html
 +<code>
 +hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245
 +HPING 10.0.23.245 (eth0 10.0.23.245): S set, 40 headers + 0 data bytes
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms
 +  TCP timestamp: tcpts=1138723235
 +
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms
 +  TCP timestamp: tcpts=1138724235
 +  HZ seems hz=1000
 +  System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds
 +
 +
 +--- 10.0.23.245 hping statistic ---
 +2 packets transmitted, 2 packets received, 0% packet loss
 +round-trip min/avg/max = 3.5/5.6/7.6 ms
 +
 +</code>
  
 ===== yersinia ===== ===== yersinia =====
Zeile 34: Zeile 558:
  
  
 +===== reptyr =====
 +  * zB: vim Session wieder herstellen / wenn die SSH Verbindung abbricht / Programm mit PID zum aktuellen terminal "ziehen"
 +<code>
 +man Auszug
 +"reptyr  is a utility for taking an existing running program and attach‐ing it to a new terminal"
 +
 +apt-get install reptyr
 +
 +
 +reptyr PID
 +
 +</code>
 ===== crunch ===== ===== crunch =====
   * Wordlists erstellen unter bestimmten Kriterien   * Wordlists erstellen unter bestimmten Kriterien
know-how/tools.txt · Zuletzt geändert: 2021/04/24 16:03 von cc