CSbyGB - Pentips
Buy me a tea
  • CS By GB - PenTips
    • Welcome to CSbyGB's Pentips
  • Networking, Protocols and Network pentest
    • Basics
    • DNS
    • FTP
    • HTTP & HTTPS
    • IMAP
    • IPMI
    • MSSQL
    • MYSQL
    • NFS
    • Oracle TNS
    • POP3
    • RDP
    • RPC
    • Rservices
    • Rsync
    • SMB
    • SMTP
    • SNMP
    • SSH
    • VOIP and related protocols
    • Winrm
    • WMI
    • Useful tips when you find unknown ports
  • Ethical Hacking - General Methodology
    • Introduction
    • Information Gathering
    • Scanning & Enumeration
    • Exploitation (basics)
    • Password Attacks
    • Post Exploitation
    • Lateral Movement
    • Proof-of-Concept
    • Post-Engagement
    • MITRE ATT&CK
  • External Pentest
    • External Pentest
  • Web Pentesting
    • Introduction to HTTP and web
    • Enumeration
    • OWASP Top 10
    • General Methodo & Misc Tips
    • Web Services and API
    • Vunerabilities and attacks
      • Clickjacking
      • CORS (Misconfigurations)
      • CSRF
      • SSRF
      • Bypass captcha
      • Template Injection (client and server side)
      • MFA bypass
      • XXE
    • Exposed git folder
    • Docker exploitation and Docker vulnerabilities
    • Websockets
  • Mobile App Pentest
    • Android
    • IOS
  • Wireless Pentest
    • Wireless pentest
  • Cloud Pentest
    • Cloud Pentest
    • Google Cloud Platform
    • AWS
  • Thick Client Pentest
    • Thick Client
  • Hardware Pentest
    • ATM
    • IoT
  • Secure Code Review
    • Secure code review
    • Java notes for Secure Code Review
  • AI & AI Pentest
    • MITRE ATLAS
    • OWASP ML and LLM
    • Hugging face
    • AI Python
    • Gemini
    • Ollama
  • Checklist
    • Web Application and API Pentest Checklist
    • Linux Privesc Checklist
    • Mobile App Pentest Checklist
  • Tools
    • Burpsuite
    • Android Studio
    • Frida
    • CrackMapExec
    • Netcat and alternatives
    • Nmap
    • Nuclei
    • Evil Winrm
    • Metasploit
    • Covenant
    • Mimikatz
    • Passwords, Hashes and wordlist tools
    • WFuzz
    • WPScan
    • Powershell Empire
    • Curl
    • Vulnerability Scanning tools
    • Payload Tools
    • Out of band Servers
    • STEWS
    • Webcrawlers
    • Websocat
  • VM and Labs
    • General tips
    • Setup your pentest lab
  • Linux
    • Initial Foothold
    • Useful commands and tools for pentest on Linux
    • Privilege Escalation
      • Kernel Exploits
      • Password and file permission
      • Sudo
      • SUID
      • Capabilities
      • Scheduled tasks
      • NFS Root Squashing
      • Services
      • PATH Abuse
      • Wildcard Abuse
      • Privileged groups
      • Exploit codes Cheat Sheet
  • Windows
    • Offensive windows
    • Enumeration and general Win tips
    • Privilege Escalation
    • Active Directory
    • Attacking Active Directory
      • LLMNR Poisoning
      • SMB Relay Attacks
      • Shell Access
      • IPv6 Attacks
      • Passback Attacks
      • Abusing ZeroLogon
    • Post-Compromise Enumeration
      • Powerview or SharpView (.NET equivalent)
      • AD Manual Enumeration
      • Bloodhound
      • Post Compromise Enumeration - Resources
    • Post Compromise Attacks
      • Pass the Password / Hash
      • Token Impersonation - Potato attacks
      • Kerberos
      • GPP/cPassword Attacks
      • URL File Attack
      • PrintNightmare
      • Printer Bug
      • AutoLogon exploitation
      • Always Installed Elevated exploitation
      • UAC Bypass
      • Abusing ACL
      • Unconstrained Delegation
    • Persistence
    • AV Evasion
    • Weaponization
    • Useful commands in Powershell, CMD and Sysinternals
    • Windows Internals
  • Programming
    • Python programming
    • My scripts
    • Kotlin
  • Binary Exploitation
    • Assembly
    • Buffer Overflow - Stack based - Winx86
    • Buffer Overflow - Stack based - Linux x86
  • OSINT
    • OSINT
    • Create an OSINT lab
    • Sock Puppets
    • Search engines
    • OSINT Images
    • OSINT Email
    • OSINT Password
    • OSINT Usernames
    • OSINT People
    • OSINT Social Media
    • OSINT Websites
    • OSINT Business
    • OSINT Wireless
    • OSINT Tools
    • Write an OSINT report
  • Pentester hardware toolbox
    • Flipper Zero
    • OMG cables
    • Rubber ducky
  • Post Exploitation
    • File transfers between target and attacking machine
    • Maintaining Access
    • Pivoting
    • Cleaning up
  • Reporting
    • How to report your findings
  • Red Team
    • Red Team
    • Defenses Enumeration
    • AV Evasion
  • Writeups
    • Hackthebox Tracks
      • Hackthebox - Introduction to Android Exploitation - Track
    • Hackthebox Writeups
      • Hackthebox - Academy
      • Hackthebox - Access
      • Hackthebox - Active
      • Hackthebox - Ambassador
      • Hackthebox - Arctic
      • Hackthebox - Awkward
      • Hackthebox - Backend
      • Hackthebox - BackendTwo
      • Hackthebox - Bastard
      • Hackthebox - Bastion
      • Hackthebox - Chatterbox
      • Hackthebox - Devel
      • Hackthebox - Driver
      • Hackthebox - Explore
      • Hackthebox - Forest
      • Hackthebox - Good games
      • Hackthebox - Grandpa
      • Hackthebox - Granny
      • Hackthebox - Inject
      • Hackthebox - Jeeves
      • Hackthebox - Jerry
      • Hackthebox - Lame
      • Hackthebox - Late
      • Hackthebox - Love
      • Hackthebox - Mentor
      • Hackthebox - MetaTwo
      • Hackthebox - Monteverde
      • Hackthebox - Nibbles
      • Hackthebox - Optimum
      • Hackthebox - Paper
      • Hackthebox - Photobomb
      • Hackthebox - Poison
      • Hackthebox - Precious
      • Hackthebox - Querier
      • Hackthebox - Resolute
      • Hackthebox - RouterSpace
      • Hackthebox - Sauna
      • Hackthebox - SecNotes
      • Hackthebox - Shoppy
      • Hackthebox - Soccer
      • Hackthebox - Steamcloud
      • Hackthebox - Toolbox
      • Hackthebox - Vault
      • Hackthebox - Updown
    • TryHackme Writeups
      • TryHackMe - Anonymous
      • TryHackMe - Blaster
      • TryHackMe - CMesS
      • TryHackMe - ConvertMyVideo
      • TryHackMe - Corridor
      • TryHackMe - LazyAdmin
      • TryHackMe - Looking Glass
      • TryHackMe - Nahamstore
      • TryHackMe - Overpass3
      • TryHackMe - OWASP Top 10 2021
      • TryHackMe - SimpleCTF
      • TryHackMe - SQL Injection Lab
      • TryHackMe - Sudo Security Bypass
      • TryHackMe - Tomghost
      • TryHackMe - Ultratech
      • TryHackMe - Vulnversity
      • TryHackMe - Wonderland
    • Vulnmachines Writeups
      • Web Labs Basic
      • Web Labs Intermediate
      • Cloud Labs
    • Mobile Hacking Lab
      • Mobile Hacking Lab - Lab - Config Editor
      • Mobile Hacking Lab - Lab - Strings
    • Portswigger Web Security Academy Writeups
      • PS - DomXSS
      • PS - Exploiting vulnerabilities in LLM APIs
    • OWASP projects and challenges writeups
      • OWASP MAS Crackmes
    • Vulnerable APIs
      • Vampi
      • Damn Vulnerable Web Service
      • Damn Vulnerable RESTaurant
    • Various Platforms
      • flAWS 1&2
  • Digital skills
    • How to make a gitbook
    • Marp
    • Linux Tips
    • Docker
    • VSCodium
    • Git Tips
    • Obsidian
  • Durable skills
    • Durable skills wheel/Roue des compétences durables
  • Projects
    • Projects
      • Technical Projects
      • General Projects
  • Talks
    • My Talks about Web Pentest
    • My talks about Android Application hacking
    • Other of my talks and Podcast
  • Resources
    • A list of random resources
Powered by GitBook
On this page
  • Combine multiple commands
  • Examples
  • Change your hostname
  • Temporary
  • Permanently
  • Debug command not found
  • Debug apt
  • Debug snap
  • Update only 1 package
  • File conversions
  • HEIC to JPG
  • Images to PDF
  • webp to jpg
  • PDF to images
  • Find things
  • Other options with find
  • dd
  • Grep
  • Compare 2 files
  • Packets install and mamangement
  • List installed packets
  • Install a deb package with apt
  • Search for a package
  • Unzip
  • Extract unique occurrence from 2 files
  • Change DNS config in kali
  • Speed up update process in Kali
  • Add a set title function in gnome-terminal
  • kdenlive
  • Convert an mkv to mp4
  • Record a video from command line with ffmpeg
  • Choose an external webcam if you have multiple
  • Start recording
  • Capture your screen
  • Make your gnome terminal more fancy
  1. Digital skills

Linux Tips

Combine multiple commands

goes further than just a pipe

You can execute a command on the result of another command using command $(results of other commands) You need to put inside the parenthesis the command you wish use the result of.

Examples

  • kill $(ps -aux | grep 'chromium'| awk '{print $2}') kill all process with chromium in the name (because killall chromium does not work)

Change your hostname

Temporary

sudo hostname newhostname

Will get back as it was after reboot

Permanently

  • sudo nano /etc/hostname

  • sudo nano /etc/hosts

  • sudo reboot

  • hostname should give you your newly chosen hostname

Debug command not found

Works only in bash

This annoying message when you need something that is not installed.

  • sudo apt install command-not-found will install an utility that will provide information when you will get this error.

  • Alternatively you can use apt-cache search command-name it will tell what to install

Debug apt

  • If you get this error The following signatures were invalid

  • sudo wget -q -O - https://archive.kali.org/archive-key.asc | sudo apt-key add

Debug snap

  • If you get this error snap-confine has elevated permissions and is not confined but should be. Refusing to continue to avoid permission escalation attacks

  • sudo apparmor_parser -r /etc/apparmor.d/*snap-confine*

  • sudo apparmor_parser -r /var/lib/snapd/apparmor/profiles/snap-confine*

Update only 1 package

  • apt-get install --only-upgrade <packagename> This will upgrade only that single package, and only if it is installed.

File conversions

HEIC to JPG

  • sudo apt install libheif-examples install heif-convert

  • For one file heif-convert -q 85 input.HEIC output.JPG

  • For multiple files for file in *.HEIC; do heif-convert $file ${file/%.HEIC/.JPG}; done

Images to PDF

  • You can do this with one image or multiple to put them all in one pdf

  • convert *.png document.pdf convert all png files of current folder in one pdf

  • convert document.jpg document.pdf convert the file document.jpg in to a pdf named document.pdf

webp to jpg

  • convert *.webp *.jpg

PDF to images

  • You can do the other way around pdfimages file.pdf extracted-images/ you can add the lag -png to specify that you want the pictures to be in png format

Note this will get every image from the PDF file. If you want every slide as images this next command is the one you need

  • pdftoppm -png file.pdf file/name-you-want-to-give-to-the-images

Find things

  • find / -name "keyword" 2>/dev/null look for something named keyword in the whole system and do not show error messages

  • find / -type f -name ".*" 2>/dev/null find hidden files in the system and do not show error messages

Other options with find

  • -iname if you the letter capitalization does not matter

  • . to search in the current folder

  • -type d if you are looking for a directory

  • -type f if you are looking for a file

  • -perm 777 if you look for files with 777 perm

  • ! -perm 777 if you look for files without 777 perm

  • -perm /a=x to look for executables files

  • -exec to execute a command on the file found example find / -type d -perm 777 -print -exec chmod 755 {} \;

  • -empty to find empty files

  • -user username use with find to get files with the user named "username"

  • -group groupname same as user but for group

  • -mtime 5 modified in the last 5 days

  • -atime 5 accessed in the last 5 days

  • -mtime +5 –mtime -10 modify in between 5 to 10 days ago

  • -cmin -60 changed in the last 60 minutes

  • -mmin -60 modified in the last 60 minutes

  • -amin -60 accessed in the last 60 minutes

  • -size 5M get files that are 5MB

dd

dd is a command used to convert and copy a file. It can also be useful to generate dummy files that you could need during a pentest (to test for unrestricted resource consumption for example).

# create a file containing 30 random megabytes and assign it the .pdf extension
dd if=/dev/urandom of=mypdf.pdf bs=1M count=30
#  generate a file with the .exe extension, filling it with random bytes
dd if=/dev/urandom of=reverse-shell.exe bs=1M count=10

Grep

  • If you are looking for a specific thing in a file you can grep a string on it.

  • cat file.txt | grep "keyword" looking for keyword in file.txt

  • -B 2 this option will show us the 2 lines before our keyword

  • -A 2 This option will show su the 2 lines after our keyword

  • grep -iar "keyword" . i will ignore-case, a will Process a binary file as if it were text and r is for recursive and . is for the current directory.

Compare 2 files

Packets install and mamangement

List installed packets

  • apt list --installed (add a grep on it for example | grep image if you are looking for the package imagemagick)

Install a deb package with apt

  • sudo apt install ./packet.deb

Search for a package

  • apt-cache search package-name example apt-cache search mingw

Unzip

  • If you accidentally unzipped a file and want to delete all the files you just unzipped unzip -Z -1 <filename.zip> | xargs -I{} rm -v {}

Extract unique occurrence from 2 files

  • You have to files and you want to extract unique values and put them in a new file (file1 should be the one with the more lines)

    • Explanation of how the code works: If we're working on file1, track each line of text we see. If we're working on file2, and have not seen the line text, then print it. Explanation of details:

      FNR is the current file's record number NR is the current overall record number from all input files FNR==NR is true only when we are reading file1 $0 is the current line of text a[$0] is a hash with the key set to the current line of text a[$0]++ tracks that we've seen the current line of text !($0 in a) is true only when we have not seen the line text Print the line of text if the above pattern returns true, this is the default awk behavior when no explicit action is given

Change DNS config in kali

Speed up update process in Kali

  • If like me you are annoyed at the time it takes to update your kali, it is possible to use a mirror.

Note: it is not the official repositories so use with caution ;)

Add a set title function in gnome-terminal

  • Add this code in your bashrc

function set-title() {
  if [[ -z "$ORIG" ]]; then
    ORIG=$PS1
  fi
  TITLE="\[\e]2;$*\a\]"
  PS1=${ORIG}${TITLE}
}
  • source .bashrc

  • Then to set a title you will just need to do set-title mytitle

kdenlive

Useful gui tool to edit video and convert them

Convert an mkv to mp4

  • Drag and drop the mkv file in kdenlive

  • In Project choose render

  • Choose the format you want

  • Then click on render to file

Record a video from command line with ffmpeg

Choose an external webcam if you have multiple

  • Install v4l2-ctl

sudo apt-get update
sudo apt-get install v4l-utils
  • List your available cameras

v4l2-ctl --list-devices
# You should get something similar to this
Webcam intégrée: intégrée (usb-0000:00:14.0-8):
    /dev/video0
    /dev/video1

HD Webcam USB: (usb-0000:00:14.0-4):
    /dev/video2
    /dev/video3

Start recording

  • ffmpeg -f v4l2 -i /dev/video2 output.mkv start the recording

  • ffmpeg -f v4l2 -framerate 30 -video_size 1280x720 -i /dev/video2 -c:v libx264 -preset fast -pix_fmt yuv420p output.mp4 with more options

    • -framerate 30 image per second

    • -video_size 1280x720 resolution of capture

    • -c:v libx264 specify codec (H.264 in this example).

    • -preset fast will compromise between encoding speed and quality

    • -pix_fmt yuv420p define pixel format

You can also add -t 00:00:20 if you want a 20 second video. Also -an will make sure that no audio is recorded if you only want video this way the output file will only have video.

And when you are done if you did not set a timer you can just ctrl c.

If you only want to visualize without recording (to do your setup) you can use ffplay -f v4l2 -i /dev/video2

Unfortunately I could not find any solution to both visualize and record except by using OBS or another software :)

Capture your screen

  • Capture the whole screen ffmpeg -f x11grab -r 30 -s $(xdpyinfo | grep 'dimensions:'| awk '{print $2}') -i :0.0 -vcodec libx264 -preset ultrafast -crf 18 output.mp4

    • -f x11grab : Tells ffmpeg to use X11 for screen capture (for Linux systems).

    • -r 30 : Sets the refresh rate of the recording to 30 frames per second.

    • -s $(xdpyinfo | grep 'dimensions:'| awk '{print $2}') : Uses the current screen resolution as the recording dimension. xdpyinfo provides information about the X display, and this command extracts the screen resolution.

    • -i :0.0 : Specifies the screen source to capture. :0.0 refers to the main display.

    • -vcodec libx264 : Uses the H.264 video codec for the recording.

    • -preset ultrafast : Uses an encoding preset for maximum speed, at the expense of file size (useful for minimizing delay during recording).

    • -crf 18 : Sets the encoding quality factor, where a lower value means better quality (and therefore a larger file). 18 is a good balance between quality and size.

    • output.mp4 : The output file

  • Recording a Specific Portion of the Screen ffmpeg -f x11grab -r 30 -s 1280x720 -i :0.0+0,0 -vcodec libx264 -preset ultrafast -crf 18 output.mp4

Make your gnome terminal more fancy

  • Put this in your .bashrc

# Automatic coloration with ls and grep
alias ls='ls --color=auto'
alias grep='grep --color=auto'

# colored prompt
PS1='\[\e[0;32m\]\u@\h:\w\[\e[m\]\$ '

# Command to define a title // found on stack overflow
function set-title() {
  if [[ -z "$ORIG" ]]; then
    ORIG=$PS1
  fi
  TITLE="\[\e]2;$*\a\]"
  PS1=${ORIG}${TITLE}
}
PreviousMarpNextDocker

Last updated 6 months ago

See for more info

More info on

More info

Note: if you get this error, this is great. You just need to add this line <policy domain="coder" rights="read | write" pattern="PDF" /> before </policymap> in the file /etc/ImageMagick-6/policy.xml (the path can be different depending on your version of ImageMagick)

awk 'FNR==NR {a[$0]++; next} !($0 in a)' file1 file2 Command found on

explains it very well.

explains it very well.

Make sure it is in the sources. Like this

this thread
this thread
here
article
dd man page
stackoverflow
This article
This article
Source