find
find /home/joe -name joe.txt 2> /dev/null
find / -user joe -perm 777 -size 1mb
grep
nc -vv dbunityuat2.service-now.com 443 –proxy isa-dev-proxy.intranet.db.com:8080
curl -vvx “https://isa-dev-proxy.intranet.db.com:8080” https://bt.group-ib.com
export proxies
http_proxy=http://userproxy.intranet.db.com:8080 export http_proxy echo $http_proxy
https_proxy=http://userproxy.intranet.db.com:8080 export https_proxy echo $https_proxy
ssh
The private key is kept on the computer you log in from, while the public key is stored on the .ssh/authorized_keys file on all the computers you want to log in to.
ssh-keygen -t rsa -b 4096
- -t for passphrase
- -b for number of bits in key
- rsa algorithm only one considered secure these days
ssh-copy-id <username>@<host>
this will copy the user’s local public key to the server’s authorised keys file, therefore allowing login
note: server uses the public key to encrypt comms (not the client using their private key
service ssh restart
scp -i /home/linux/myprivatekey linux@10.10.10.10/home/linux/file_to_copy /home/linux/copied_file
Stream Editor (sed)
The sed command is commonly used to search and replace specific string patterns from text. Unlike tr, sed can search and replace for more specific strings rather than simply converting all instances of a character in the text.
A typical sed command is constructed like this:
sed ‘s/pattern_to_find/pattern_to_replace/g’ filewitherror.txt
Broken down, this command:
- Opens the file called ‘filewitherror.txt’
- Looks for the string ‘pattern_to_find’ in the text file. If it finds any;
- Replaces the string ‘pattern_to_find’ with the string “pattern_to_replace”
- Prints the results to the string
If, for example, you wanted to capitalise all instances of a name (e.g., Alice) in a file, sed would be advantageous over tr. tr could replace all lowercase a characters with their uppercase equivalent, but this would also convert characters you don’t want to convert. The command sed s/alice/Alice/g file.txt > newfile.txt would instead be used.
Note
Making unexpected changes such as modifying, moving or deleting the files or folders will prevent the correct token from being generated. Please do not make any changes inside the folder other than what has been asked by the question at each lab stage.
tr [original] [replacewith] < filename > newfile– replace all instances of the original character set with the character set specified. The > newfile part of the command is optional but allows you to use tr on files rather than input from the terminal.
sed ‘s/[original]/[replacewith]/g’ filename – search for all instances of the original string in the file and replace it with the specified string.
tr [original] [replacewith] < filename – allows you to run the tr command on files rather than waiting for input from the terminal.
tr [original] [replacewith] > filename – allows you to save command output to files rather than outputting it to the terminal.
Both the < and > parameters are optional, but they can be used on most Linux commands we’ve learned in the series so far.
Grep
The simplest way to use grep is to search a particular word in a file, grep ‘word’ [filename]. It’s also possible to search for a word in multiple files at the same time by adding all the separate filenames at the end. If you want to search everything in a directory instead of a file, use an asterisk (*) rather than the filename.
There are parameters that can be used with grep, but to keep things simple we’re not using them for now.
Outputting to a new file
You can use grep to search but instead of printing the output to the command line, you can output it to a new file. To do this, you use a > sign to print into a file, grep ‘word’ [filename] > [output-filename]
Sort
The sort command is used to sort data within a file. This command assumes that everything within the file is ASCII (text the computer can read) and can support sorting in many ways. You can sort files in ascending order (for example, A–Z or 0–9) or descending order (for example, Z–A or 9–0), but sort also supports various sorting methods.
At its core, sort can be used simply to sort in a file, sort [filename]. By default, this will make the contents of the file output into the command line in alphabetical order, with numbers ahead of letters. If you wanted the reverse of this, you would use the parameter -r.
Similarly to grep, you can also output your results to a new file using the > sign, shown in the example above.
grep ‘word’ [filename] – search for a particular word in a particular file.
grep ‘word’ [filename] > [output-filename] – search for a particular word in a particular file and output it to a new file.
sort [filename] – sorts the contents of a file into alphabetical order, with numbers at the top.
sort -r [filename] – sort the contents of a file in reverse order.
sort [filename] > [output-filename] – sorts a file’s contents into alphabetical order and outputs it into a new file.
hese are some of the suite’s most useful tools: AccessChk, AccessEnum, AdExplorer, AutoRuns, ProcDump, ProcExp, PsExec, SysMon, ProcMon, Handle, PortMon, PsLogList, PsTools, ShareEnum, Sigcheck, Streams, Strings, TCPView, WhoIs.
iptables
examples
sudo iptables -A INPUT -m state —state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A INPUT -i lo -j ACCEPT sudo iptables -A INPUT -p udp -j ACCEPT sudo iptables -A INPUT -s LONCDC11GSLB04.uk.db.com -p tcp —dport 28794 -j ACCEPT sudo iptables -A INPUT -s 10.236.73.68 -p tcp —dport 28794 -j ACCEPT sudo iptables -A INPUT -s ny1sapghs2.us.db.com -j ACCEPT sudo iptables -A INPUT -s 10.168.0.0/16 -p tcp —dport 22 -j ACCEPT sudo iptables -A INPUT -j DROP
flush rules
iptables -F
allowing ssh ;)
iptables -A INPUT -p tcp —dport 22 -j ACCEPT
setting default policies
iptables -P INPUT DROP iptables -P FORWARD DROP iptables -P OUTPUT ACCEPT
Set access for localhost
iptables -A INPUT -i lo -j ACCEPT
accept established and related connections
iptables -A INPUT -m state —state ESTABLISHED,RELATED -j ACCEPT
save settings
/sbin/service iptables save
List rules
vi
i insert here
a append here
A append at eol
. repeat last command
0 to beginning of line
$ to end of line
dd = delete line
dw = delete current word
d$ delete to end of line
d0 delete to beginning of line
daw delete a word ;)
H = high of page
M = middle of page
L = bottom of page
G to bottom of file
gg to top of file
G increase indentation until eof
ctrl-u scrolls up
ctrl-d scrolls down
w beginning of next word
b beginning of current word
e end of current word
u undo
/ search, with N and n
? reverse search, with n and N
vimrc (for python)
set number
set cursorline
let python_highlight_all = 1
set nocompatible
syntax on
filetype plugin indent on
git
set up ssh keys on local machine
ssh-keygen -m PEM -t rsa -b 4096
add public key (id_rsa.pub) to repo access online
git clone git@github.com:deliverordie/moonbase.git ~/repos/moonbase/
if you ever need to set the remote repo
git remote set-url origin git@github.com:deliverordie/moonbase.git
after you have made changes locally (in order)
git status
git commit
git push
git status
for when you add new files or directories locally
git add /boring
git!
getting started
- Integrating your GitHub account with Artic Wolf’s
- check version you are running via your Terminal app:
git --version
you can upgrade if you like
- set your username
git config --global user.name "joe mears"
- set email to the one used for your personal GitHub account
git config --global user.email "joe.mears.fake.email@icloud.com"
- Configure Git to handle line endings properly
git config --global core.autocrlf input
- set up ssh keys locally (or use existing ones)
ssh-keygen -t ed25519 -C "joe.mears.fake.email@icloud.com"
remember to set a passphrase for your (private) key - it will prompt you to do so
8 ) upload the public key to your personal GitHub account
- enable SSO on the key you just uploaded << this enables SSO for the arctic wolf repos using said key
- clone using ssh
git clone git@github.com:rtkwlf/labs.git
- check initial status (not necessary)
git status
- changing editor for commits:
git config —global core.editor “vim”
OR
via your .gitconfig file
If you’re in your terminal, head to your .gitconfig file withnano ~/.gitconfigand make your changes:
[core]
editor = nano - to add a file that you have created on you local copy (working copy) of the repo:
git add - then to commit it
git commit -m “first commit” - then to push these local changes back up to the online “master” repo, do this:
git push -u origin main
(push your changes to the origin (online repo and to it’s main branch) - hint: to make sure you’re using the correct origin/main:
git remote add origin git@github.com:vosill/stationlocations.git
[git push origin main](https://www.atlassian.com/git/tutorials/syncing/git-push).