skullsecurity作者常用的一些linux指令

<a href="https://wiki.skullsecurity.org/index.php?title=Linux_Commands">https://wiki.skullsecurity.org/index.php?title=Linux_Commands</a>

Types of record: NS, A, HINFO, MX, TXT, CNAME, SOA, RP, PTR, SRV

Zone transfer

Iterative zone transfer

Dump the ARP table of an snmp server at HOST

Parameters

-n -- use numbers

-i &lt;interface&gt;

-v -- be verbose

-r &lt;file&gt;/-w &lt;file&gt; -- read from/write to file

-x -- print hex

-A -- print ASCII

-X -- print hex and ASCII

-s &lt;snaplen&gt; -- length to capture (-s0 for all data)

Filter string

Protocol

ether, ip, ip6, arp, rarp, tcp, udp

Type

host &lt;host&gt;

net &lt;network&gt;

port &lt;portnum&gt;

portrange &lt;start-end&gt;

Direction

src

dst

Logic

and

or

Show TCP against target 10.10.10.10 in ASCII

Show all UDP from 10.10.10.10

Show all TCP port 80 packets going to or from host 10.10.10.10

TCP Flags

--syn, --fin, --rst, --push, --ack, --urg

Target selection

--rand-dest

--interface &lt;int&gt;

Source selection

--spoof &lt;hostname&gt;

--rand-source

Port selection

--destport &lt;port&gt;

--destport +&lt;port&gt; -- increment by one for each packet received

--destport ++&lt;port&gt; -- increment by one for each packet sent

--scan &lt;portrange&gt;

--baseport &lt;port&gt;

--keep -- don't increment the source port

Speed options

--fast, --faster, --flood

--interval &lt;N&gt; -- interval in seconds

--interval u&lt;N&gt; -- interval in microseconds

Other options

--count &lt;N&gt;

--beep

--file &lt;filename&gt;

--data &lt;N&gt;

-f &lt;N&gt; -- Initial TTL

-g &lt;hostlist&gt; -- Loose source route

-I -- use ICMP Echo instead of UDP

-m &lt;N&gt; -- maximum number of hops (default 30)

-n -- numeric

-p &lt;baseport&gt; -- set the base UDP port

-w &lt;N&gt; -- wait N seconds (default 5)

<a href="http://pwhois.org/lft/index.who">http://pwhois.org/lft/index.who</a>

Options

-u -- use UDP

-p -- use ICMP echo

-d &lt;port&gt; -- destination port (default 80)

-s &lt;port&gt; -- source port

-L &lt;N&gt; -- length (including layer 3/4 header)

-A -- look up AS number

-P -- traceroute via tcp

Pinging

-PN -- don't ping

-PB -- default, ICMP Echo + TCP to port 80

-PE -- ICMP Echo request

-PS[portlist] -- TCP SYN

-PP -- ICMP Timestamp request

-PM -- ICMP Address Mask request

-PR -- default on subnet, use ARP to identify hosts

Scanning

-sT -- TCP Connect scan

-sS -- SYN scan

-sA -- ACK scan

-sF -- FIN scan

-sN -- Null scan

-sX -- Xmas Tree scan

-sM -- Maimon scan

--scanflags specify your own flags

-sU -- UDP scan

Fingerprinting

-O -- OS fingerprint

-sV -- Version scan

Scripts

-sC -- run all scripts

--script=&lt;category,dir,src,etc&amp;/gt;

--script-trace

Timing

--paranoid, --sneaky, --polite, --normal, --aggressive, --insane

--host_timeout, --max_rtt_timeout, --min-rtt-timeout, --initial_rtt_timeout, --max-parallelism, --scan_delay

-p&lt;ports&gt;

-F -- fast (checks only ports in nmap-services)

--packet-trace

--traceroute

--badsum

-q -- quiet (omit closed ports)

-v -- verbose

-b -- print banners

Example:

Commands

Remotely:

-l -- listen mode

-L -- listen harder (Windows only)

-u -- UDP mode

-p -- local port (in listen mode, the port to listen on)

-e -- program to execute

-n -- don't resolve names

-z -- don't send any data

-w&lt;N&gt; -- timeout for connects

-v/-vv -- be verbose

Setting up a relay

Relaying port 22 to the local system

Running an exploit

Interacting with sessions

Creating a malicious VBScript

Creating a malicious Exe

Example autorun.inf file to run a malicious exe (goes with Metasploit)

Metasploit listener

Filesystem commands

Modules

Adding an ordinary user

Adding a root user (note: a non-uid-0 account may be required to log in)

Checking for inetd/xinetd

Adding telnet to /etc/inetd

Adding telnet to xinetd

Steal the file from a service that's running (files are in /etc/xinetd.d)

Change server to "/usr/sbin/in.telnetd"

Restarting inetd/xinetd (the "kill" command with the PID can also be used)

File should be in /etc/rc*. Ways to enable:

Creating a dictionary

Scraping a Web site

-i -- input file

-o -- output file

-m &lt;N&gt; -- minimum length

-M &lt;N&gt; -- maximum length

-c &lt;N&gt; -- the number of criteria

-l -- lower case

-u -- upper case

-n -- numbers

-p -- printable characters (lower/upper/num)

-s -- special characters (all others)

Example

-l &lt;username&gt;/-L &lt;userfile&gt; -- Login name/file

-p &lt;password&gt;/-P &lt;passfile&gt; -- Password/file

-e &lt;n|s|ns&gt; -- extended checks (n = null, s = same as username)

-t &lt;N&gt; -- thread count

smb password

ssh password

Show cracked passwords

Speed test

Running against a password file

Specifying type type

Combining passwd/shadow

Loading the hash

Mounting a drive

Adding a user

Updating

Single check

On the attacker machine

On the victim machine

 本文轉自 simeon2005 51CTO部落格，原文連結:http://blog.51cto.com/simeon/2068854