3.9 KiB

Raw Blame History

A bunch of how to do things in linux

Show explicitly installed packages on arch based distributions

$ pacman -Qqe

Grow your `tmp` directory.

$ mount -o remount,size=2G /tmp/

Curl common usage

Simplest way to GET data

$ curl example.com

Show response header

$ curl -i https://example.com/

GET json and show it nicely

$ curl https://example.com/json | jq

HEAD only shows the response headers

$ curl -I https://example.com/

Please follow redirects

$ curl -I -L https://example.com/redirected

URL Globbing

$ curl https://example.com/[1-9].html

$ curl https://example.com/[01-99].html

$ curl https://example.com/[a-z].html

Provide a step when globbing

$ curl https://example.com/[1-9:2].html

$ curl https://example.com/[a-z:3].html

Save the matching files to output with #1 -> [1-9] parameter

$ curl https://example.com/[1-9].html -o save_#1.html

Comma separated strings

$ curl https://example.com/{ham,cheese,pineapple}.jpg -o hawaii_#1.jpg

Combine everything in one line

$ curl https://example.com/issue[1996-1999]/vol[1-4]/part{a,b,c}.html

Verbose shows more from under the hood

$ curl -v https://example.com/ -o /dev/null

Pass in custom headers

$ curl https://example.com/ -H "User-Agent: Some Silly Agent"
$ curl https://example.com/ -H "Magic: disc0"
$ curl https://example.com/ -H "User-Agent:"
$ curl https://example.com/ -H "User-Agent;"

POST some basic data to the remote

$ curl -d name=Daniel -i https://example.com/receiver

POST a file

$ curl -d @file https://example.com/receiver -o saved
# Post a standard input
$ ls -l | curl -d @- https://example.com/receiver -o saved
# Post as binaries
$ ls -l | curl --data-binary @- https://example.com/receiver
# Post json as binary
$ curl --data-binary @file.json -H "Content-Type: application/json" https://example.com

PUT a file

$ curl -T localfile -i https://example.com/remote_name

Change the method string

# Use -X if you want a different menthod than curl would use
curl -T localfile -X SWOOSH https://example.com/remote_name -o save

Save cookies from site

$ curl -c cookiejar.txt https://example.com/

Send cookies to the server

$ curl -b cookiejar.txt https://example.com/

Cookies in a login

$ curl -b cookiejar.txt -c cookiejar.txt https://example.com/login -d user=daniel -d password=1234
# Request data as a logged in user
$ curl -b cookiejar.txt -c cookiejar.txt https://example.com/profile

DNS Enumeration and zone transfer

Check if tools are available

$ whatis host
host (1)    - DNS lookup utility
$ whatis dig
dig (1)    - DNS lookup utility

Simple DNS Lookup

$ host example.com

Query name services

$ host -t ns example.com

A records

$ host -t a example.com

MX records

$ host -t mx example.com

General information gathering using DIG

$ dig example.com

Specify type

$ dig -t ns example.com

Perform zone transfer query

$ dig axfr example.com @dns.server.server

General information, zone transfer and bruteforce

$ dnsenum example.com

$ fierce -dns example.com

Effective bruteforcing with SecLists, nmap, fierce and dnsmap

$ git clone https://github.com/danielmiessler/SecLists.git

$ nmap -p 53 --script dns-brute --script-args=[script-options] example.com

$ fierce -dns example.com -wordlist wordlist.txt

$ dnsmap example.com -w wordlist.txt

Check if a firewall is active with an ACK probe. If unfiltered, there is no firewall

$ nmap -sA 192.168.1.38 --reason

Specify port

$ nmap -sA 192.168.1.38 -p 22 --reason

3.9 KiB Raw Blame History