Benutzer-Werkzeuge

Webseiten-Werkzeuge


know-how:tools

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
know-how:tools [2018/06/27 08:09]
cc [transmageddon]
know-how:tools [2021/04/24 16:03] (aktuell)
cc [hping3]
Zeile 1: Zeile 1:
 ====== Need to have ====== ====== Need to have ======
 +
 +===== wipe =====
 +  * In meinem Fall im Einsatz bei einer Live PXE Debian Variante um Rechner zu wipen die nicht mehr gebraucht werden
 +  * **Achtung** Löscht alle Platten die gefunden werden (!)
 +
 +  * **wipe.sh**
 +<code>
 +#!/bin/bash
 +
 +GRACE_TIME="10"
 +TIMES_OVERWRITE="2"
 +
 +while (($GRACE_TIME > 0)) ; do 
 +
 + sleep 1
 +
 + ((GRACE_TIME--))
 +
 +done
 +
 +HARDDISKS=$(lsblk -p -d -n -l -o NAME,TYPE | grep -i disk | awk '{print $1}')
 +
 +echo "MACHINE: "
 +
 +echo "--------------------"
 +
 +dmidecode --type '1'
 +
 +echo "--------------------"
 +
 +procCount=0
 +
 +for CURRENT_HARDDISK in $HARDDISKS ; do 
 +
 +
 + echo "Harddisk - $CURRENT_HARDDISK - Debug below"
 +
 + echo "-------------------------"
 +
 + for i in $(seq 1 $TIMES_OVERWRITE ) ; do 
 +
 + dd if=/dev/zero of=$CURRENT_HARDDISK bs=16M 2>&1 &
 + # https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +
 + pids[${procCount}]=$!
 +
 + ((procCount++))
 +
 +
 + done
 +
 +
 +
 + echo "-------------------------"
 +
 +done
 +
 +# https://stackoverflow.com/questions/356100/how-to-wait-in-bash-for-several-subprocesses-to-finish-and-return-exit-code-0 
 +echo "Process Count Waiting: $procCount"
 +
 +for pid in "${pids[*]}" ;
 +do
 + wait $pid
 + done
 +
 +sync
 +</code>
 +
 +===== checkDNSEntriesLDAP =====
 +  * Active Directory auf seine Konsistenz überprüfen - forward lookup und reverse lookup der Einträge sollten übereinstimmen
 +  * Getestet auf: Ubuntu 18.04 
 +  * Pakete erforderlich: php , php-ldap , php-mbstring
 +  * **Achtung** ich benutze hier bewusst die tls verschüsselte Variante von ldap d.h. ldaps - die CA von der das Zertifikat für den AD Server unterschrieben wurde befindet sich unter **/usr/share/ca-certificates/** und wurde mit **dpkg-reconfigure ca-certififcates** ins System "integriert" auch der Hostname stimmt mit dem Hostnamen aus den Zertifikatsinfos überein
 +
 +
 +  * **/usr/local/bin/checkDNSEntriesLDAP.php**
 +<code>
 +<?php
 +
 +$server = "ldaps://AD_SERVER:636";
 +//domain user to connect to LDAP
 +$user = "STANDARD_USER_DOMAIN@DOMAIN_ACTIVE_DIRECTORY";
 +//user password
 +$passwd = "PASSWORD_STANDARD_USER_DOMAIN";
 +
 +//zB: OU=EDV1,OU=Workstations,OU=Ressourcen,OU=VirtualSchool,DC=schule,DC=intern
 +$dn = array(0=>"DN_NAME_LDAP_PFAD1",1=>"DN_NAME_LDAP_PFAD2");
 +
 +
 +$search="(objectClass=computer)";
 +
 +
 +$errDNS=0;
 +$countAll=0;
 +$okDNS=0;
 +
 +for ($j=0; $j<count($dn); $j++)
 +{
 +        $ds=ldap_connect($server);
 +       $r=ldap_bind($ds, $user , $passwd);
 +
 + $sr=ldap_search($ds, $dn[$j], $search, array(0=>"dNSHostName",1=>"distinguishedName"));
 +
 + $data = ldap_get_entries($ds, $sr);    
 +       
 +
 +         $countAll+=$data["count"];
 +
 + for ($i=0; $i<$data["count"]; $i++) 
 + {
 +
 +
 + if(isset($data[$i]["dnshostname"][0]))
 + {
 +
 + $ip=gethostbyname($data[$i]["dnshostname"][0]);
 + if($ip!=$data[$i]["dnshostname"][0])
 + {
 +
 + $reverseLookup=gethostbyaddr($ip);
 +
 + if(mb_strtolower($reverseLookup) != mb_strtolower($data[$i]["dnshostname"][0]) )
 + {
 +
 + echo "FAIL Hostname: ".$data[$i]["dnshostname"][0]." IP: ".$ip." Reverse: ".$reverseLookup."\n";
 +                       $errDNS++;
 +
 + }
 + else
 + {
 + $okDNS++;
 + }
 +
 +
 +
 + }
 + else
 + {
 + echo "FAIL NO-IP Entry: ".$data[$i]["dnshostname"][0]."\n";
 +                $errDNS++;
 + }
 +
 + }
 + else
 + {
 + echo "FAIL NO DNSHostname: ".$data[$i]["distinguishedName"][0]."\n";
 + $errDNS++;
 + }
 +
 +
 + }
 +
 + ldap_close($ds);
 +}
 +
 +echo "Summary:\n";
 +echo "All Computer objects found: ".$countAll."\n";
 +echo "All Computer objects ok: ".$okDNS."\n";
 +echo "Consistency integrity: ";
 +printf("%.2f \n",(($okDNS/$countAll)*100));
 +echo "Errors computer count: ".$errDNS."\n";
 +echo "OU's that i looked for :\n";
 +print_r($dn);
 +
 +echo "\n";
 +
 +
 +?>
 +
 +</code>
 +
 +===== mac-switchport =====
 +  * Für HPE1950 Serie / damit es möglich wird herauszufinden auf welchem Port und Switch bestimmte MAC Adressen gefunden werden
 +
 +  * **mac-switchport.sh IP_Switch MAC_Address** 
 +
 +<code>
 +#!/bin/bash
 +
 +function bailout
 +{
 + echo -en "ERROR: $1\n";
 + exit 2;
 +}
 +
 +function run_ips
 +{
 + exit_codes=0
 +
 + for i in $SWITCHES_IPS ;
 + do
 +           $0 $i "$1" ;
 +    exit_codes=$(($exit_codes + $?))
 + done
 +
 +       exit $exit_codes
 +}
 +
 +
 +function usage 
 +{
 + echo -en "Usage: $0 ip-address-switch  mac-address e.g. 00:75:2d:ee:5e:11\n";
 + echo -en "Usage: export SWITCHES_IPS="ip1 ip2 ip3" then $0 mac-address e.g. 00:75:2d:ee:5e:11\n";
 + exit 1;
 +}
 +
 +OID_INTERFACE_AND_MAC="1.3.6.1.2.1.17.4.3.1.2"
 +
 +which cut > /dev/null || bailout "command cut not found!"
 +
 +which snmpwalk > /dev/null || bailout "command snmpwalk not found! Debian/Ubuntu package: snmp"
 +
 +which xargs > /dev/null || bailout "command xargs not found!"
 +
 +which sed > /dev/null || bailout "command sed not found!"
 +
 +which printf > /dev/null || bailout "command printf not found!"
 +
 +
 +[[ -n "$SWITCHES_IPS" ]] && [[ $# == 1 ]] && run_ips $1
 +
 +[[ $# != 2 ]] && usage 
 +
 +
 +ip="$1"
 +mac="$2"
 +IFS=$'\n'
 +
 +echo $mac | grep -q -P "^([0-9a-fA-F]{2}:){5}[0-9a-fA-F]{2}$" 
 +
 +[[ $? != 0 ]] && bailout "Not a correct MAC address format: $mac \n I need two digit  hex mac address  e.g. 00:1f:11:32:7f:1f"
 +
 +while read line ; 
 +do 
 + mac_found=$(echo $line | cut -d"=" -f 1 | cut -d"." -f 12,13,14,15,16,17 | tr . ' ' | xargs  printf '%02x:' | sed 's/\(.*\):/\1 /')
 +
 +       
 +        echo $mac_found | grep -q -i --fixed-strings $mac
 +
 +        if [ $? == "0" ]
 + then
 +            interface_found=$(echo $line | cut -d":" -f 2 | tr -d ' ' )
 +     number_macs=$(snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" | grep -c "^.*INTEGER: $interface_found$")
 +     echo "SUCCESS;$ip;$mac;$interface_found;$number_macs"
 +     exit 0
 + fi
 +
 +
 +done  < <( snmpwalk -v 1 -Os -c public "$ip" "$OID_INTERFACE_AND_MAC" )
 +
 +echo "ERROR;$ip;$mac;0;0"
 +exit 1
 +</code>
 +
 +
 +===== Roadworker-Start OpenVPN =====
 +  * Ich möchte eine Roadworker OpenVPN Datei mit verschlüsseltem Private Key in der XFCE GUI starten nach dem Login
 +
 +  * XFCE Startup nach dem Einloggen:
 +
 +{{:know-how:startup-xfce-roadworker-vpn.png?400|}}
 +
 +
 +  * **roadworker-start.sh**
 +
 +<code>
 +#!/bin/bash
 +
 +
 +temp_file=$(mktemp)
 +
 +chmod 600 $temp_file
 +
 +
 +zenity --title "Roadworker VPN Password" --password > $temp_file
 +
 +openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
 +
 +
 +rm $temp_file
 +
 +
 +pgrep --pidfile /tmp/roadworker.pid
 +
 +
 +if [ $? == "0" ]
 +then
 +
 +       zenity --info --text="Konnte VPN erfolgreich starten pid: /tmp/roadworker.pid"
 +
 +else
 +
 + zenity --error --text="Konnte VPN nicht erfolgreich starten - passwort?"
 +
 +fi
 +
 +
 +exit 0
 +</code>
 +
 +  * **Achtung: ** bei Debian Buster ist gksudo/gksu nicht mehr in den Repositories vorhanden
 +  * Openvpn Aufruf als Root :
 +<code>
 +pkexec --user root openvpn --daemon --writepid /tmp/roadworker.pid --config /home/urnilxfgbez/openvpn/roadworker.conf --askpass $temp_file
 +
 +</code>
 +===== Einfache Zeitaufzeichnung =====
 +  * Benötigt wird zenity / dateutils 
 +  * KUNDE1 / KUNDE2 .. durch zB: Stammkunden ersetzen
 +  * Erstellt Einträge unter /PFAD/STUNDEN/KUNDENNÀME_JAHRMONAT mit Datum/Von/Bis/Dauer/Tätigkeitsbeschreibung im CSV Format
 +  * **Zeitaufzeichnung-Firma.sh**
 +<code>
 +#!/bin/bash
 +
 +PREFIX_TIME_RECORDING="/PFAD/STUNDEN/"
 +
 +
 +function getTime() {
 +timePattern="^[0-9]{2}\:[0-9]{2}$"
 +ok=0
 +
 +while [[ $ok == 0 ]]  ; do
 +
 +time=$(zenity --entry --text="$1 im Format hh:mm")
 +
 +if [[ $time =~ $timePattern ]]; then 
 +ok=1
 +fi
 +
 +done
 +
 +echo $time
 +
 +}
 +
 +
 +
 +function bailout() {
 +
 +zenity --error --text="$1"
 +
 +exit 1
 +
 +}
 +
 +
 +function getCustomerName {
 +
 +customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3" )
 +
 +while [[ $customerName  == "" ]] ; do
 +
 + customerName=$(zenity --list --editable --column="Kundenname" "KUNDE1" "KUNDE2" "KUNDE3")
 +
 +done 
 +
 +echo $customerName
 +
 +}
 +
 +function getActivity {
 +  activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
 +
 + while [[ $activityName  == "" ]] ; do
 +
 + activityName=$(zenity --text="Tätigkeitbeschreibung" --entry)
 +done 
 +
 +echo $activityName  
 +
 +}
 +
 +
 +function getDate {
 +datePattern="^[0-9]{2}\.[0-9]{2}\.[0-9]{4}$"
 +
 +ok=0
 +
 +curDate=$(date +%d.%m.%Y)
 +
 +while [[ $ok == 0 ]]  ; do
 +
 +datiges=$(zenity --entry --entry-text="$curDate" --text="im Format dd.mm.yyyy")
 +
 +if [[ $datiges =~ $datePattern ]]; then 
 +ok=1
 +fi
 +
 +done
 +
 +echo $datiges
 +
 +
 +}
 +
 +which dateutils.ddiff || (zenity --error --text="dateutils.ddiff not found. Consider installing: sudo apt-get install dateutils" ; exit 1)
 +
 +beginTime=$(getTime "Beginnzeit")
 +
 +endTime=$(getTime "Endzeit")
 +
 +timeDiff=$(dateutils.ddiff $beginTime $endTime -f "%H:%M"
 +hours=$(echo $timeDiff | cut -d":" -f 1)
 +minutes=$(echo $timeDiff | cut -d":" -f 2)
 +minPercentage=$(echo "scale=2;$minutes/60" | bc -l)
 +
 +[[ $minPercentage == "0" ]] && minPercentage=".00";
 +
 +entryDate=$(getDate)
 +
 +customerName=$(getCustomerName)
 +
 +activityName=$(getActivity)
 +
 +month=$(echo "$entryDate" | grep -o -P "\.[0-9]{1,2}\." ) ; month=$(echo "${month//.}")
 +year=$(echo "$entryDate" | grep -o -P "\.[0-9]{4}" ) ; year=$(echo "${year//.}")
 +
 +
 +CURRENT_MONTH="$PREFIX_TIME_RECORDING$customerName-$year$month.txt"
 +
 +echo $CURRENT_MONTH
 +
 +[[ ! -w "$CURRENT_MONTH" ]] && touch "$CURRENT_MONTH"
 +
 +
 +[[ ! -w "$CURRENT_MONTH" ]] &&  bailout "Cannot write to: $CURRENT_MONTH" 
 + 
 +
 +entryText="$entryDate;$beginTime-$endTime;$hours${minPercentage}h;$activityName\n"
 +
 +echo -n -e  "$entryText" >> $CURRENT_MONTH ||  bailout "Cannot write to: $CURRENT_MONTH CHECK MANUALLY !!!!";
 +
 +zenity --info --text="SUCCESS: $CURRENT_MONTH : $entryText" 
 +
 +exit 0
 +
 +
 +</code>
 +
 +
 ===== dsniff suite ===== ===== dsniff suite =====
   * Oldschool   * Oldschool
Zeile 8: Zeile 448:
  
 Keywords: layer 2 attacks, arp spoofing, sniffing , man-in-the-middle attack, arpspoof, dsniff  Keywords: layer 2 attacks, arp spoofing, sniffing , man-in-the-middle attack, arpspoof, dsniff 
 +</code>
 +
 +===== hping3 =====
 +  * Firewall Tests durchführen / DoS
 +  * https://pentest.blog/how-to-perform-ddos-test-as...
 +  * {{ :know-how:hping3-attacks-flood.pdf |}}
 +
 +<code>
 +In summary, the aim of SYN flood is sending lots of SYN packets to the
 +server and ignoring SYN+ACK packets returned by the server. This causes
 +the server to use their resources for a configured amount of time for
 +the possibility of the expected ACK packets arriving.
 +
 +If an attacker sends enough SYN packets, this will overwhelm the server
 +because servers are limited in the number of concurrent TCP connections.
 +If the server reaches its limit, it cannot establish new TCP connections
 +until the existing connections which are in the SYN-RCVD state timeout.
 +
 +SYN flood attacks can be performed with hping3.
 +
 +Simple SYN flood:
 +
 +    root@kali:~# hping3 -S --flood -V -p TARGET_PORT TARGET_SITE
 +    using eth0, addr: xxx.xxx.xxx.xxx, MTU: 1500
 +    HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 0 data
 +bytes
 +    hping in flood mode, no replies will be shown
 +
 +Advanced SYN flood with random source IP, different data size, and
 +window size:
 +
 +    root@kali:~# hping3 -c 20000 -d 120 -S -w 64 -p TARGET_PORT --flood
 +--rand-source TARGET_SITE
 +    HPING TARGET_SITE (eth0 xxx.xxx.xxx.xxx): S set, 40 headers + 120
 +data bytes
 +    hping in flood mode, no replies will be shown
 +
 +–flood: sent packets as fast as possible
 +–rand-source: random source address
 +-c –count: packet count
 +-d –data: data size
 +-S –syn: set SYN flag
 +-w –win: winsize (default 64)
 +-p –destport: destination port (default 0)
 +
 +For detailed information see the manual.
 +UDP Flood
 +
 +UDP is a protocol which does not need to create a session between two
 +devices. In other words, no handshake process required.
 +
 +A UDP flood does not exploit any vulnerability. The aim of UDP floods is
 +simply creating and sending large amount of UDP datagrams from spoofed
 +IP’s to the target server. When a server receives this type of traffic,
 +it is unable to process every request and it consumes its bandwidth with
 +sending ICMP “destination unreachable” packets.
 +
 +hping3 can be used for creating UDP floods:
 +
 +    root@kali:~# hping3 --flood --rand-source --udp -p TARGET_PORT TARGET_IP
 +    HPING xxx.xxx.xxx.xxx (eth0 xxx.xxx.xxx.xxx): udp mode set, 28
 +headers + 0 data bytes
 +    hping in flood mode, no replies will be shown
 +
 +–flood: sent packets as fast as possible
 +–rand-source: random source address
 +–udp: UDP mode
 +-p –destport: destination port (default 0)
 +
 +For detailed information see the manual.
 +</code>
 +  * **Uptime** bei tcp-timestamps ermitteln / ist **keine exakte Wissenschaft**
 +  * https://floatingoctothorpe.uk/2018/detecting-uptime-from-tcp-timestamps.html
 +<code>
 +hping3 --count 2 --syn --destport 22 --tcp-timestamp 10.0.23.245
 +HPING 10.0.23.245 (eth0 10.0.23.245): S set, 40 headers + 0 data bytes
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=0 win=65160 rtt=7.6 ms
 +  TCP timestamp: tcpts=1138723235
 +
 +len=56 ip=10.0.23.245 ttl=64 DF id=0 sport=22 flags=SA seq=1 win=65160 rtt=3.5 ms
 +  TCP timestamp: tcpts=1138724235
 +  HZ seems hz=1000
 +  System uptime seems: 13 days, 4 hours, 18 minutes, 44 seconds
 +
 +
 +--- 10.0.23.245 hping statistic ---
 +2 packets transmitted, 2 packets received, 0% packet loss
 +round-trip min/avg/max = 3.5/5.6/7.6 ms
 +
 </code> </code>
  
 ===== yersinia ===== ===== yersinia =====
   * Level2/3 Chaos   * Level2/3 Chaos
 +  * {{ :know-how:yersinia.pdf |}}
 <code> <code>
 http://www.yersinia.net/ http://www.yersinia.net/
 keywords: Dos , DHCP flooding , vlan attack  keywords: Dos , DHCP flooding , vlan attack 
-{{ :know-how:yersinia.pdf |}}+
 </code> </code>
  
Zeile 28: Zeile 558:
  
  
 +===== reptyr =====
 +  * zB: vim Session wieder herstellen / wenn die SSH Verbindung abbricht / Programm mit PID zum aktuellen terminal "ziehen"
 +<code>
 +man Auszug
 +"reptyr  is a utility for taking an existing running program and attach‐ing it to a new terminal"
 +
 +apt-get install reptyr
 +
 +
 +reptyr PID
 +
 +</code>
 ===== crunch ===== ===== crunch =====
   * Wordlists erstellen unter bestimmten Kriterien   * Wordlists erstellen unter bestimmten Kriterien
Zeile 101: Zeile 643:
  
 keywords: video converter, VideoConverter, converter , Video keywords: video converter, VideoConverter, converter , Video
 +</code>
 +
 +
 +===== iso erstellen =====
 +   * Aus Directory heraus:
 +<code>
 +mkisofs -V Test -r Altaro_Backup/ > altaro_cd.iso
 +
 +</code>
 +  * oder paket genisoimage
 +<code>
 +
 +genisoimage -o c23x_intel_raid.iso C23x_INTEL_RAID/
 +
 +
 +keywords: iso, ISO, iso-erstellen, mkisofs, ISO-mount
 </code> </code>
know-how/tools.1530079770.txt.gz · Zuletzt geändert: 2018/06/27 08:09 von cc