|
|
|
100 UNIX commands to issue on other people's systems |
Si vous voulez bloquer ce service sur vos fils RSS
Si vous voulez nous contacter ou nous proposer un fil RSS
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
100 UNIX commands to issue on other people's systems Par dd if dev profanityLe [2009-07-20] à 02:53:36
Présentation : In response to Halvar Flake's request... I'm not sure about 100, but there are a few that I use on any new system, mostly just basics that are useful on any multi-user environment ifconfig -a, netstat -pan --inet, uname -a, w, id, mount, ps auxww. These tell you a lot about the system and where you might go from there for further exploitation. ifconfig, like ipconfig on Windows, can tell you if the system has a NIC on another network and netstat can tell you if it's talking to one. It's important to note that options to netstat vary from one OS to another -- the above options will list all AF_INET sockets along with associated process IDs on Linux without doing DNS lookups. On Solaris and AIX it is not possible to see PIDs and the command to list all AF_INET sockets without doing DNS lookups is netstat -an -finet. uname tells you the OS name and kernel version. w or its cousin who will let you know if someone might be watching. id is whoami on steroids it gives uid, gid, and a list of groups you belong to. mount tells you how the system's storage is layed out and whether there are any removable drives attached at the moment. ps lists processes and the argument tells it to list all of them, including arguments, with the owner's username. If you're lucky, sometimes you see things like this root 21810 0.0 0.4 6984 2452 pts 10 S 21 13 0 00 mysql -uroot -ppassword Then we come to interesting files. Obviously etc passwd and etc shadow are of interest. But so are slightly more obscure things like home .ssh id_rsa private keys and tmp ssh- ssh-agent auth sockets . I mentioned some abuses of these files about a year and a half ago. I suggest a viewing of HD Moore and Valsmith's Blackhat 2007 talk, Tactical Exploitation for some more fun things to do with ssh and kerberos. Finding interesting files can sometimes be a problem, so we have find to help us out. For instance, if you want to list all of the binaries you have permission to read with the setuid bit set find -perm 0400 2 dev null. All files with password or passwd in their name find -iname ' passwd ' -or -iname ' password '. If you worry about leaving commands in a history file, you'll probably want to unset HISTFILE. On the other hand, sometimes the history helps an attacker, too. In bash the command history lists all of the commands in the history file. So history grep -A1 ' ssh' and history grep -A1 ' su' can often yield passwords when the user whose account you've compromised doesn't pay attention to make sure the password prompt actually came up before typing. A few more commands that are really cool but are less likely to be installed include lsof and screen.
Les derniers articles du site " dd if dev profanity" :
- Media Frenzy
- Sliding Home
- Hurray for IBM
- Hello, I must be going
- Highly Sceintific Random Internet Tests
- Defcon 0x0E
- Siren's call
- Vikings are not magical
- Keyboard Dancing
- Securosis and Daringflamebait
Menu > Articles de la revue de presse : - l'ensemble [ tous | francophone] - par mots clé [ tous] - par site [ tous] - le tagwall [ voir] - Top bi-hebdo de la revue de presse [ Voir]
Si vous voulez bloquer ce service sur vos fils RSS :
- avec iptables "iptables -A INPUT -s 88.191.75.173 --dport 80 -j DROP"
- avec ipfw et wipfw "ipfw add deny from 88.191.75.173 to any 80"
- Nous contacter par mail
| Mini-Tagwall des articles publiés sur SecuObs : | | | | sécurité, exploit, windows, attaque, outil, microsoft, réseau, audit, metasploit, vulnérabilité, système, virus, internet, usbsploit, données, source, linux, protocol, présentation, scanne, réseaux, scanner, bluetooth, conférence, reverse, shell, meterpreter, vista, rootkit, détection, mobile, security, malicieux, engineering, téléphone, paquet, trames, https, noyau, utilisant, intel, wishmaster, google, sysun, libre |
| Mini-Tagwall de l'annuaire video : | | | | curit, security, biomet, metasploit, biometric, cking, password, windows, botnet, defcon, tutorial, crypt, xploit, exploit, lockpicking, linux, attack, wireshark, vmware, rootkit, conference, network, shmoocon, backtrack, virus, conficker, elcom, etter, elcomsoft, server, meterpreter, openvpn, ettercap, openbs, iphone, shell, openbsd, iptables, securitytube, deepsec, source, office, systm, openssh, radio |
| Mini-Tagwall des articles de la revue de presse : | | | | security, microsoft, windows, hacker, attack, network, vulnerability, google, exploit, malware, internet, remote, iphone, server, inject, patch, apple, twitter, mobile, virus, ebook, facebook, vulnérabilité, crypt, source, linux, password, intel, research, virtual, phish, access, tutorial, trojan, social, privacy, firefox, adobe, overflow, office, cisco, conficker, botnet, pirate, sécurité |
| Mini-Tagwall des Tweets de la revue Twitter : | | | | security, linux, botnet, attack, metasploit, cisco, defcon, phish, exploit, google, inject, server, firewall, network, twitter, vmware, windows, microsoft, compliance, vulnerability, python, engineering, source, kernel, crypt, social, overflow, nessus, crack, hacker, virus, iphone, patch, virtual, javascript, malware, conficker, pentest, research, email, password, adobe, apache, proxy, backtrack |
|
|
|
|
|
