Linux security CLI-commands (short list:)
https://t.me/w2hackIntro
The following is a haphazard list of Linux commands useful to know for security-related tasks. Some of these either require higher permissions to run, or will run but will not produce full results unless the proper permissions are used.
Attention!
Also note that depending on the Linux distribution, some of these commands refer to files located outside of the normal path.
So, let's go!
Ramdom and pre-Crypto
Create a file on /mnt/sdb1 called junk.dat and fill it with zeroes (ASCII null values) until all space is exhausted:
dd if=/dev/zero of=/mnt/sdb1/junk.dat
Same as above, but with fill junk.dat with pseudo-random data (returned pseudo-random values are theoretically vulnerable to a cryptographic attack):
dd if=/dev/urandom of=/mnt/sdb1/junk.dat
Encrypt file filename.txt with the symetric cipher AES 256 (use "gpg --version" to see the list of supported algorithms. By default gpg uses CAST5):
gpg -v -c --cipher-algo AES256 filename.txt
Network
See listening and open network connections:
netstat --inet -a
See the list of interfaces on which tcpdump can listen on:
tcpdump -D
See listing of running processes engaged in network communications:
lsof -i
Trace the route to www.example.com using TCP SYN packets on port 80 instead of ICMP:
traceroute --tcp -p 80 www.example.com
See which methods are allowed by the web server www.example.com:
printf "OPTIONS / HTTP/1.1\nHost: www.example.com\n\n" | nc -q 1 -v www.example.com 80
Confirm if SSLv2 or lower is enabled on host example.com by excluding SSLv3 and TLSv1 in the protocol handshake:
openssl s_client -no_ssl3 -no_tls1 -connect example.com:443
See iptables firewall rules:
/etc/init.d/iptables status
Set the MAC address of a network card to 00:01:02:03:04:05 (assuming the device driver supports this operation):
ifconfig eth0 down
ifconfig eth0 hw ether 00:01:02:03:04:05
ifconfig eth0 up
Users and accounts
See which users are currently logged on the system:
w
See the last logged in users:
last
See the last logins for user jsmith:
last jsmith
System Info
See the Linux distribution and version information:
cat /etc/issue
See the Linux kernel release, version, and hardware platform:
uname -a
See which services are configured to run on startup on (Debian based systems. sysv-rc-conf may need to be installed):
sysv-rc-conf --list
See which services are configured to run on startup on (Red Hat based systems):
chkconfig --list
List partition tables of mounted devices:
fdisk -l
See listing of open files:
lsof
Display the shared library dependencies for filename (useful if "file filename" above show the file as dynamically linked ELF):
ldd filename
Forensic
Display the assembler code for object /usr/bin/filename:
objdump -d /usr/bin/filename
Display a hex dump of filename:
hexdump -C -v filename
Search filename for patterns or keywords that are listed in wordlist.txt, case insensitive (due to the -i):
egrep -i -f wordlist.txt filename
See all world writable files and directories (excludes symbolic links):
find / -perm -o=w ! -type l -ls | more
See all world writable and executable files (excludes symbolic links):
find / -perm -o=wx ! -type l ! -type d -ls | more
Create a forensic image of all data within device /dev/sdb1, without stopping should an error be encountered (such as bad blocks), and replacing any errors found with null bytes:
dd if=/dev/sdb1 of=usb.img conv=notrunc,noerror,sync
Thank's so much:) Please visit my public T-channel @w2hack