know-how:tools
Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen angezeigt.
Beide Seiten der vorigen RevisionVorhergehende ÜberarbeitungNächste Überarbeitung | Vorhergehende ÜberarbeitungNächste ÜberarbeitungBeide Seiten der Revision | ||
know-how:tools [2019/02/27 13:55] – cc | know-how:tools [2024/02/19 13:29] – [consumeDHCP] cc | ||
---|---|---|---|
Zeile 1: | Zeile 1: | ||
====== Need to have ====== | ====== Need to have ====== | ||
+ | |||
+ | ===== wipe ===== | ||
+ | * In meinem Fall im Einsatz bei einer Live PXE Debian Variante um Rechner zu wipen die nicht mehr gebraucht werden | ||
+ | * **Achtung** Löscht alle Platten die gefunden werden (!) | ||
+ | |||
+ | * **wipe.sh** | ||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | GRACE_TIME=" | ||
+ | TIMES_OVERWRITE=" | ||
+ | |||
+ | while (($GRACE_TIME > 0)) ; do | ||
+ | |||
+ | sleep 1 | ||
+ | |||
+ | ((GRACE_TIME--)) | ||
+ | |||
+ | done | ||
+ | |||
+ | HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk ' | ||
+ | |||
+ | echo " | ||
+ | |||
+ | echo " | ||
+ | |||
+ | dmidecode --type ' | ||
+ | |||
+ | echo " | ||
+ | |||
+ | procCount=0 | ||
+ | |||
+ | for CURRENT_HARDDISK in $HARDDISKS ; do | ||
+ | |||
+ | |||
+ | echo " | ||
+ | |||
+ | echo " | ||
+ | |||
+ | for i in $(seq 1 $TIMES_OVERWRITE ) ; do | ||
+ | |||
+ | dd if=/ | ||
+ | # https:// | ||
+ | |||
+ | pids[${procCount}]=$! | ||
+ | |||
+ | ((procCount++)) | ||
+ | |||
+ | |||
+ | done | ||
+ | |||
+ | |||
+ | |||
+ | echo " | ||
+ | |||
+ | done | ||
+ | |||
+ | # https:// | ||
+ | echo " | ||
+ | |||
+ | for pid in " | ||
+ | do | ||
+ | wait $pid | ||
+ | done | ||
+ | |||
+ | sync | ||
+ | </ | ||
+ | |||
+ | ===== checkDNSEntriesLDAP ===== | ||
+ | * Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen | ||
+ | * Getestet auf: Ubuntu 18.04 | ||
+ | * Pakete erforderlich: | ||
+ | * **Achtung** ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter **/ | ||
+ | |||
+ | |||
+ | * **/ | ||
+ | < | ||
+ | <?php | ||
+ | |||
+ | $server = " | ||
+ | //domain user to connect to LDAP | ||
+ | $user = " | ||
+ | //user password | ||
+ | $passwd = " | ||
+ | |||
+ | //zB: OU=EDV1, | ||
+ | $dn = array(0=>" | ||
+ | |||
+ | |||
+ | $search=" | ||
+ | |||
+ | |||
+ | $errDNS=0; | ||
+ | $countAll=0; | ||
+ | $okDNS=0; | ||
+ | |||
+ | for ($j=0; $j< | ||
+ | { | ||
+ | $ds=ldap_connect($server); | ||
+ | | ||
+ | |||
+ | $sr=ldap_search($ds, | ||
+ | |||
+ | $data = ldap_get_entries($ds, | ||
+ | |||
+ | |||
+ | | ||
+ | |||
+ | for ($i=0; $i< | ||
+ | { | ||
+ | |||
+ | |||
+ | if(isset($data[$i][" | ||
+ | { | ||
+ | |||
+ | $ip=gethostbyname($data[$i][" | ||
+ | if($ip!=$data[$i][" | ||
+ | { | ||
+ | |||
+ | $reverseLookup=gethostbyaddr($ip); | ||
+ | |||
+ | if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i][" | ||
+ | { | ||
+ | |||
+ | echo "FAIL Hostname: " | ||
+ | | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | $okDNS++; | ||
+ | } | ||
+ | |||
+ | |||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "FAIL NO-IP Entry: " | ||
+ | $errDNS++; | ||
+ | } | ||
+ | |||
+ | } | ||
+ | else | ||
+ | { | ||
+ | echo "FAIL NO DNSHostname: | ||
+ | $errDNS++; | ||
+ | } | ||
+ | |||
+ | |||
+ | } | ||
+ | |||
+ | | ||
+ | } | ||
+ | |||
+ | echo " | ||
+ | echo "All Computer objects found: " | ||
+ | echo "All Computer objects ok: " | ||
+ | echo " | ||
+ | printf(" | ||
+ | echo " | ||
+ | echo " | ||
+ | print_r($dn); | ||
+ | |||
+ | echo " | ||
+ | |||
+ | |||
+ | ?> | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== mac-switchport ===== | ||
+ | * Für HPE1950 Serie / damit es möglich wird herauszufinden auf welchem Port und Switch bestimmte MAC Adressen gefunden werden | ||
+ | |||
+ | * **mac-switchport.sh IP_Switch MAC_Address** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | function bailout | ||
+ | { | ||
+ | echo -en " | ||
+ | exit 2; | ||
+ | } | ||
+ | |||
+ | function run_ips | ||
+ | { | ||
+ | exit_codes=0 | ||
+ | |||
+ | for i in $SWITCHES_IPS ; | ||
+ | do | ||
+ | $0 $i " | ||
+ | | ||
+ | done | ||
+ | |||
+ | exit $exit_codes | ||
+ | } | ||
+ | |||
+ | |||
+ | function usage | ||
+ | { | ||
+ | echo -en " | ||
+ | echo -en " | ||
+ | exit 1; | ||
+ | } | ||
+ | |||
+ | OID_INTERFACE_AND_MAC=" | ||
+ | |||
+ | which cut > /dev/null || bailout " | ||
+ | |||
+ | which snmpwalk > /dev/null || bailout " | ||
+ | |||
+ | which xargs > /dev/null || bailout " | ||
+ | |||
+ | which sed > /dev/null || bailout " | ||
+ | |||
+ | which printf > /dev/null || bailout " | ||
+ | |||
+ | |||
+ | [[ -n " | ||
+ | |||
+ | [[ $# != 2 ]] && usage | ||
+ | |||
+ | |||
+ | ip=" | ||
+ | mac=" | ||
+ | IFS=$' | ||
+ | |||
+ | echo $mac | grep -q -P " | ||
+ | |||
+ | [[ $? != 0 ]] && bailout "Not a correct MAC address format: $mac \n I need two digit hex mac address | ||
+ | |||
+ | while read line ; | ||
+ | do | ||
+ | mac_found=$(echo $line | cut -d" | ||
+ | |||
+ | |||
+ | echo $mac_found | grep -q -i --fixed-strings $mac | ||
+ | |||
+ | if [ $? == " | ||
+ | then | ||
+ | interface_found=$(echo $line | cut -d":" | ||
+ | number_macs=$(snmpwalk -v 1 -Os -c public " | ||
+ | echo " | ||
+ | exit 0 | ||
+ | fi | ||
+ | |||
+ | |||
+ | done < <( snmpwalk -v 1 -Os -c public " | ||
+ | |||
+ | echo " | ||
+ | exit 1 | ||
+ | </ | ||
+ | |||
+ | |||
+ | ===== Roadworker-Start OpenVPN ===== | ||
+ | * Ich möchte eine Roadworker OpenVPN Datei mit verschlüsseltem Private Key in der XFCE GUI starten nach dem Login | ||
+ | |||
+ | * XFCE Startup nach dem Einloggen: | ||
+ | |||
+ | {{: | ||
+ | |||
+ | |||
+ | * **roadworker-start.sh** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | |||
+ | temp_file=$(mktemp) | ||
+ | |||
+ | chmod 600 $temp_file | ||
+ | |||
+ | |||
+ | zenity --title " | ||
+ | |||
+ | openvpn --daemon --writepid / | ||
+ | |||
+ | |||
+ | rm $temp_file | ||
+ | |||
+ | |||
+ | pgrep --pidfile / | ||
+ | |||
+ | |||
+ | if [ $? == " | ||
+ | then | ||
+ | |||
+ | | ||
+ | |||
+ | else | ||
+ | |||
+ | zenity --error --text=" | ||
+ | |||
+ | fi | ||
+ | |||
+ | |||
+ | exit 0 | ||
+ | </ | ||
+ | |||
+ | * **Achtung: ** bei Debian Buster ist gksudo/gksu nicht mehr in den Repositories vorhanden | ||
+ | * Openvpn Aufruf als Root : | ||
+ | < | ||
+ | pkexec --user root openvpn --daemon --writepid / | ||
+ | |||
+ | </ | ||
===== Einfache Zeitaufzeichnung ===== | ===== Einfache Zeitaufzeichnung ===== | ||
* Benötigt wird zenity / dateutils | * Benötigt wird zenity / dateutils | ||
Zeile 212: | Zeile 518: | ||
For detailed information see the manual. | For detailed information see the manual. | ||
+ | </ | ||
+ | * **Uptime** bei tcp-timestamps ermitteln / ist **keine exakte Wissenschaft** | ||
+ | * https:// | ||
+ | < | ||
+ | hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245 | ||
+ | HPING 10.0.23.245 (eth0 10.0.23.245): | ||
+ | len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms | ||
+ | TCP timestamp: tcpts=1138723235 | ||
+ | |||
+ | len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms | ||
+ | TCP timestamp: tcpts=1138724235 | ||
+ | HZ seems hz=1000 | ||
+ | System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds | ||
+ | |||
+ | |||
+ | --- 10.0.23.245 hping statistic --- | ||
+ | 2 packets transmitted, | ||
+ | round-trip min/avg/max = 3.5/5.6/7.6 ms | ||
+ | |||
+ | </ | ||
+ | |||
+ | ===== consumeDHCP ===== | ||
+ | * DHCP Server leases aufsaugen / getestet mit Debian Bookworm | ||
+ | * **consumeDHCP.sh** | ||
+ | |||
+ | < | ||
+ | #!/bin/bash | ||
+ | |||
+ | NIC_INTERFACE=" | ||
+ | NUMBER=" | ||
+ | BRIDGE_NAME=" | ||
+ | |||
+ | |||
+ | function bailout | ||
+ | { | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | echo -e " | ||
+ | exit 2 | ||
+ | } | ||
+ | |||
+ | function clean | ||
+ | { | ||
+ | count=" | ||
+ | tap_names=" | ||
+ | while ( ip addr ls " | ||
+ | do | ||
+ | echo " | ||
+ | dhclient -r --no-pid -d -lf / | ||
+ | ip li set dev " | ||
+ | ip li del " | ||
+ | ((count++)) | ||
+ | done | ||
+ | |||
+ | pgrep -a " | ||
+ | |||
+ | } | ||
+ | |||
+ | which macchanger > /dev/null || bailout " | ||
+ | which ip > /dev/null || bailout " | ||
+ | which dhclient > /dev/null || bailout " | ||
+ | |||
+ | [[ $# != 2 && $# != 1 ]] && bailout " | ||
+ | |||
+ | if [ " | ||
+ | clean | ||
+ | exit 0 | ||
+ | |||
+ | fi | ||
+ | |||
+ | (( NUMBER > 0 )) || bailout " | ||
+ | |||
+ | ip addr ls $NIC_INTERFACE &> /dev/null || bailout " | ||
+ | |||
+ | clean | ||
+ | |||
+ | ip li set dev $NIC_INTERFACE up | ||
+ | |||
+ | for i in $(seq 1 $NUMBER); do | ||
+ | tap_names=" | ||
+ | ip li add link $NIC_INTERFACE " | ||
+ | ip li set dev " | ||
+ | | ||
+ | ip li set dev " | ||
+ | |||
+ | dhclient --no-pid -lf / | ||
+ | | ||
+ | done | ||
+ | |||
+ | |||
+ | exit 0 | ||
</ | </ | ||
Zeile 233: | Zeile 630: | ||
+ | ===== reptyr ===== | ||
+ | * zB: vim Session wieder herstellen / wenn die SSH Verbindung abbricht / Programm mit PID zum aktuellen terminal " | ||
+ | < | ||
+ | man Auszug | ||
+ | " | ||
+ | |||
+ | apt-get install reptyr | ||
+ | |||
+ | |||
+ | reptyr PID | ||
+ | |||
+ | </ | ||
===== crunch ===== | ===== crunch ===== | ||
* Wordlists erstellen unter bestimmten Kriterien | * Wordlists erstellen unter bestimmten Kriterien |
know-how/tools.txt · Zuletzt geändert: 2024/02/26 10:30 von cc