Zobber
/ Suricata IDS Stats
Created
April 26, 2020 21:48
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Suricata_IDS stats | |
| cat eve.json | jq -c 'select(.alert.signature) | [.alert.signature]' |sed 's/"//g;s/\[//;s/\]//' | awk '{a[$0]++;}END{for (i in a)print i, a[i]}' FS=, OFS=, |sort -k2 -nrt, | head -n20 | ag -v package | termgraph --title "Estadística de Alertas" --width 300 |
Zobber
/ Suricata bloqueo temp de conn
Created
April 24, 2020 01:39
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #Suricata_IDS Bloqueo temporal de conexiones. | |
| alert tcp any any -> any any (msg:"Pruebas_Suricata";content:"Enviando segmento TCP";sid:9900001;rev:1;) | |
| threshold.config: | |
| rate_filter gen_id 1, sig_id 9900001, track by_dst, count 200, seconds 60, new_action drop, timeout 250 |
Zobber
/ Cisco IP Phone 11.7 - Denial of Service
Created
April 22, 2020 20:55
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Exploit Title: Cisco IP Phone 11.7 - Denial of Service (PoC) | |
| # Date: 2020-04-15 | |
| # Exploit Author: Jacob Baines | |
| # Vendor Homepage: https://www.cisco.com | |
| # Software Link: https://www.cisco.com/c/en/us/products/collaboration-endpoints/ip-phones/index.html | |
| # Version: Before 11.7(1) | |
| # Tested on: Cisco Wireless IP Phone 8821 | |
| # CVE: CVE-2020-3161 | |
| # Cisco Advisory: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voip-phones-rce-dos-rB6EeRXs | |
| # Researcher Advisory: https://www.tenable.com/security/research/tra-2020-24 |
Zobber
/ blackbox testing API
Created
April 21, 2020 21:43
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here's a decent list of me blackbox testing API | |
| http://site.com/?q=x | |
| */?q=y <= idor | |
| */?q=<img> => test xss | |
| */?q=http://IP:PORT => test ssrf | |
| */?q=file:///etc/passwd => file include | |
| /?q=/./../index.php => Path traversal | |
| /?q=x' or x=" or x=\ => sqli | |
| /?q[]=x <= change datatype |
Zobber
/ Elastic & Kibana Install
Created
April 21, 2020 00:42
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #### Install JAVA | |
| JAVA 11 | |
| apt-get install default-jre | |
| nano /etc/environment | |
| add -> JAVA_HOME"/usr7lib/jvm/java-11-openjdk-amd64/" | |
| source /etc/environment | |
| echo $JAVA_HOME | |
| #### Install ElasticSearch and Test | |
| wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - |
Zobber
/ Linux Commands 3
Created
April 21, 2020 00:33
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check if Fail2Ban is Running | |
| FAIL2BAN=`ps ax | grep fail2ban | grep -v grep | awk {'print $1'}` && if [ -n "$FAIL2BAN" ]; then printf "\n[INFO] Fail2Ban is running and the PID is %s\n\n" $FAIL2BAN; else printf "\n [INFO] Fail2Ban is not running\n\n"; fi | |
| # alias to list hidden files of a folder | |
| alias lh='ls -a | egrep "^\."' | |
| # grep: find in files | |
| egrep -in "this|that" *.dat | |
| # Salty detailed directory listing... | |
| ls -saltS [dirname] | |
| # play all songs under current directory smoothly as background job | |
| nice -n0 ls | mpg321 -@- & |
Zobber
/ Linux Commands 2
Created
April 21, 2020 00:31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Top ten (or whatever) memory utilizing processes (with children aggregate) - Can be done without the multi-dimensional array | |
| ps axo rss,comm,pid | awk '{ proc_list[$2] += $1; } END { for (proc in proc_list) { printf("%d\t%s\n", proc_list[proc],proc); }}' | sort -n | tail -n 10 | |
| # Download last file from index of | |
| NAME=`wget --quiet URL -O - | grep util-vserver | tail -n 1 | sed 's|</a>.*||;s/.*>//'`; wget URL$UTILVSERVER; | |
| # Delete newline | |
| tr -d "\n" < file1 > file2 | |
| # which procs have $PATH_REGEX open? | |
| find /proc -regex '/proc/[0-9]+/smaps' -exec grep -l "$PATH_REGEX" {} \; | cut -d'/' -f2 | |
| # Adding formatting to an xml document for easier reading | |
| xmllint --format <filename> > <output file> |
Zobber
/ Linux Commands 1
Created
April 21, 2020 00:28
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Run the last command as root | |
| sudo !! | |
| # Serve current directory tree at http://$HOSTNAME:8000/ | |
| python -m SimpleHTTPServer | |
| # Save a file you edited in vim without the needed permissions | |
| :w !sudo tee % | |
| # change to the previous working directory | |
| cd - | |
| # Runs previous command but replacing | |
| ^foo^bar |
Zobber
/ filebeat_zeek
Created
April 20, 2020 03:13
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| curl -L -O https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-7.6.2-amd64.deb | |
| sudo dpkg -i filebeat-7.6.2-amd64.deb | |
| ##### Modify /etc/filebeat/filebeat.yml to set the connection information: | |
| output.elasticsearch: | |
| hosts: ["<es_url>"] | |
| username: "elastic" | |
| password: "<password>" |
Zobber
/ hostname_from_certificate
Created
April 19, 2020 22:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Grep hostnames from ssl certificate | |
| echo | openssl s_client -connect example\.com | openssl x509 -noout -text | grep DNS |