Command Center

This Page Is A No Nonsense Straight To The Command List For Commonly Used Configs/Rules I Need To Remember

If You Have a Command Request Feel Free To Ping me @j3st3rjam3s and I’ll add it!

—————————————————————————————————————————————————————————————————————————————-

Firewall-cmd Commands

  1. Allow Traffic on an Inbound Port:
    # firewall-cmd –add-port=[YOUR PORT]/tcp
    

    Don’t Forget –Permanent For Persistence

    # firewall-cmd –permanent –add-port=[YOUR PORT]/tcp
    
  2. Allow Traffic With a Rich Rule:
    # firewall-cmd –permanent –add-rich-rule=’rule family=ipv4 destination address=192.168.3.10/24 port port=8080 protocol=tcp accept'
    
  3. Add a Service:
    # firewall-cmd –add-service [service]
    
  4. List Allowed Services and Ports:
    # firewall-cmd –list-services
    
  5. List All Zones
    # firewall-cmd –list-all-zones
    
  6. Starting and Stopping The Firewall/Services It’s called “firewalld”
    # systemctl enable firewalld
    # systemctl restart firewalld
    etc. (Just Use systemctl, etc.)
    

VYOS:

  1. How To Add A User In VYOS (user: James pass: examplepassword)
    vyos@vyos-rtr:~$ configure vyos
    vyos@vyos-rtr# set system login user James full-name “James”
    vyos@vyos-rtr# set system login user James authentication plaintext-password examplepassword
    —You also change the password by using the same command
    vyos@vyos-rtr# set system login user James level admin
    —You can set a user to admin by using 'level'
    vyos@vyos-rtr# commit
    vyos@vyos-rtr# save
    
  2. How to Change SSH Port:
    vyos@example.com# set service ssh port [insert a port #]
    vyos@example.com# commit
    vyos@example.com# save
    
  3. How to Assign SSH For Specific Addresses:
    vyos@example.com# set service ssh listen-address [ip address]
    
  4. Configuring a VYOS Firewall & Rules Set Nameserver
    # set system name-server <IP>
    
  5. Set Hostname
    # set system host-name <hostname>
    
  6. Set IP Address
    # set interfaces ethernet eth# address <IP address>/CIDR
    
  7. Synchronize NTP with Log Server For Consistent Log Dates/Times
    set date ntp <IP address>
    
  8. Set System Gateway
    # set system gateway-address <IP address>
    
  9. Set Up VRRP
    # set interfaces ethernet eth# vrrp vrrp-group #
    # set interfaces ethernet eth# vrrp vrrp-group # virtual-address [ip address]
    # set interfaces ethernet eth# vrrp vrrp-group # advertise-interval 1
    # set interfaces ethernet eth# vrrp vrrp-group # preempt true
    # set interfaces ethernet eth# vrrp vrrp-group # priority #
    # set interfaces ethernet eth# vrrp vrrp-group # sync-group [group name]
    
  10. Create the Firewall Rule
    vyos@example.com# set firewall name [WAN-to-LAN] default-action drop
    

    The above command creates the firewall rule for WAN to LAN and sets the default action to drop packets.

    vyos@example.com# set firewall name [WAN-to-LAN] enable-default-log
    

    This logs all attempts for traffic going thru the firewall

  11. Create the Zone and Assign it to the Interface
    vyos@example.com# set zone-policy zone [WAN] interface [eth0]
    
  12. Create the Zone and Link it to the Rule
    vyos@example.com# set zone-policy zone [LAN from WAN] firewall name [WAN-to-LAN]
    

    The above command creates the ZONE for connections from the WAN to the LAN and links it to the firewall rule WAN-to-LAN

  13. Set Up DNS Forwarding
    vyos@example.com# set service dns forwarding name-server [172.16.150.2]
    vyos@example.com# set service dns forwarding listen-on ‘eth1’
    
Create the specific firewall rules
  1. Set Up NAT: same syntax as the firewall rules in 7 (below) just without the firewall name
    set nat destination rule 1 destination address etc.
    set nat source rule 1 source address etc.
    
  2. Accept traffic
    vyos@example.com# set firewall name [WAN-to-LAN] rule [10] action accept
    
  3. Allow Firewall for certain traffic
    vyos@example.com# set firewall name [DMZ-to-LAN] rule [#] destination address [ip]
    vyos@example.com# set firewall name [DMZ-to-LAN] rule [#] destination port [#]
    vyos@example.com# set firewall name [DMZ-to-LAN] rule [#] protocol [udp]
    
  4. Accept Established Commands
    vyos@example.com# set firewall name [WAN-to-LAN] rule [20] state established enable
    

    You increment rules by 10 because if you have to add rules in the future you can place them in block chunks. For example if you want to deny traffic from a specific IP you could make Rule 11. The reason rules are blocked by 10 is only for organizational purposes. It’s just a number. As long as you keep track of your firewall rules in a spreadsheet or something then you’ll be fine.

  5. Configuring Logging with syslog on Vyos
    vyos@example.com# set system syslog host [log ip] facility [authpriv] level [info]
    

    Navigate here for a list of facilities and levels: https://wiki.vyos.net/wiki/Logging

General Linux(Quick Common Commands):

  1. Create a sudo user
    add user [username]
    passwd [username]
    usermod -aG [sudo/wheel] [username]
    

Fping:

  • Using fping: “fping -g 192.168.1.0/24”
fping [options] [ipaddress/s]

Options
-4 = restricts name resolution to IPv4 addresses
-6 = restricts name resolution to IPv6 addresses
-a = show alive systems
-A = show targets by address vs. DNS name
-d= use DNS to look up target (find DNS name)
-b = number of byte data to send in the ping
-c = number of ping request packets to send
-g = generate a list of targets based of a subnet
-H = set the TTL
-i = change the interval between each packet
-I = set the interface
-l = loop sending packets indefinitely (stop by using ctrl+c)
-n = name the addresses by running a reverse DNS lookup

Nmap:

  • Running an nmap scan: nmap -sC [target] This will run the default nmap scripts
  nmap [scanning options] [timing options] [ipaddress/s] [output options]
  Scan Options:
  Official Options Summary
  -p <port ranges> = Specify Ports
  -o = Determine the OS
  –osscan-limit = limit OS Detection to those hosts with one port open and one closed as this saves time
  –max-os-tries = reduce the number of OS Scans below the default 4 to save time.
  -A = Enable OS Detection, Version Detection, script scanning, and tracert.
  -sL = DNS/List Scan – simply list targets to scan (uses a list instead of doing host discovery which is the default)
  -sn = Ping scan – disable port scan
  -Pn = treat all hosts as online – skips host discovery
  -sS = Syn Scan
  -sA = ACK scan
  -sF = Fin Scan
  -sl = IDLE Scan
  -sN = Null Scan
  -sO = Protocol Scan
  -sP = Ping Scan
  -sR = RPC Scan
  -sT = TCP Connect Scan
  -sU = UDP Connect Scan(Expect replies)
  -sW Windows Scan
  -sX XMAS Scan
  -PI = ICMP Ping
  -Po = No ping
  -PS = SYN Ping
  -PT = TCP Ping
  -oN = Normal Output
  -oX = XML Output
  -T0 = Serial Slowest Scan (Paranoid Level)
  -T1 = Serial Slow Scan (Cautious Level)
  -T2 = Serial Slow Normal Speed Scan (Polite Level)
  -T3 = Serial Normal Speed Scan (Normal Level)
  -T4 = Serial Fast Scan (Aggressive Level)
  -T5 = Who gives a sh1t I want them to know what I’m doing.
  • Runnin an Nmap nse script:

same as nmap –script=default [target]

TheHarvester:

  • Use TheHarvester
    theharvester [options]
    example: theharvester -d jameskainth.com -l 100 -b google -h myresults.html
    Options:
    -d = domain to search
    -b = data source (baidu, bing, bingapi, dogpile, google, googleCSE, googleplus, google-profiles, linkedin,
    pgp, twitter, vhost, virustotal, threatcrowd, crtsh, netcraft, yahoo, all)
    -f = save results into an html or xml
    -c = DNS Bruteforce
    -l = limit the number of results
    

SSH Keys

  • Create Key Pairs on target host
ssh-keygen
  • That will create an RSA key pair
  • Use a password if you want
  • Copy the public key to the remote host
cd ~/.ssh
ssh-copy-id username@RemoteHostIpAddress

Or

cat ~/.ssh/id_rsa.pub | ssh username@RemoteHostIpAddress “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys”

Or

  • Manually copy and paste the key.

  • Test out the public key authentication. If it works you can also disable root password logins. Make sure you leave a shell open. In case something goes wrong in this step. You don’t want to lock yourself out of your own box.

  • Disable Root Logon

cd /etc/ssh/
sudo nano /etc/ssh/sshd_config
  • change this line(you’ll see it) to this “PermitRootLogin without-password“
  • save and close the file

  • Restart SSH
systemctl restart sshd

CeWL:

  • Using CeWL:
    cewl [options] <url>
    e.g. cewl -with-numbers -a -w wordList.txt 192.168.4.243/bios/marviMalware.html
    What are the CeWL Options?
    -h, –help: Show help.
    -k, –keep: Keep the downloaded file.
    -d ,–depth : Depth to spider to, default 2.
    -m, –min_word_length: Minimum word length, default 3.
    -o, –offsite: Let the spider visit other sites.
    -w, –write: Write the output to the file.
    -u, –ua : User agent to send.
    -n, –no-words: Don’t output the wordlist.
    –with-numbers: Accept words with numbers in as well as just letters
    -a, –meta: include meta data.
    –meta_file file: Output file for meta data.
    -e, –email: Include email addresses.
    –email_file : Output file for email addresses.
    –meta-temp-dir : The temporary directory used by exiftool when parsing files, default /tmp.
    -c, –count: Show the count for each word found.
    -v, –verbose: Verbose.
    –debug: Extra debug information.
    

RSMangler:

  • Using RSMangler:
    rsmangler [options] – -(that’s two dashes next to each other wordpress won’t make it look any closer) file wordlist.txt > mangledWordlist.txt
    
  • So because of the nature of a mangler. You want to really insert only like 4-5 words in your starting wordlist.
  • I recommend having multiple wordlists with about 4-5 word in each of them. Then use RSMangler to create passwordlists from all of the different wordlists.
  • That really just cuts down on the time it will take to generate these wordlists and password lists.

Options for RSMangler:

–help, -h: show help
–file, -f: the input file, use – for STDIN
–output, -o: the output file, use – for STDOUT
–max, -x: maximum word length
–min, -m: minimum word length
–perms, -p: permutate all the words
–double, -d: double each word
–reverse, -r: reverser the word
–leet, -t: l33t speak the word
–full-leet, -T: all posibilities l33t
–capital, -c: capitalise the word
–upper, -u: uppercase the word
–lower, -l: lowercase the word
–swap, -s: swap the case of the word
–ed, -e: add ed to the end of the word
–ing, -i: add ing to the end of the word
–punctuation: add common punctuation to the end of the word
–years, -y: add all years from 1990 to current year to start and end
–acronym, -a: create an acronym based on all the words entered in order and add to word list
–common, -C: add the following words to start and end: admin, sys, pw, pwd
–pna: add 01 – 09 to the end of the word
–pnb: add 01 – 09 to the beginning of the word
–na: add 1 – 123 to the end of the word
–nb: add 1 – 123 to the beginning of the word
–force: don\’t check output size
–space: add spaces between words
–allow-duplicates: allow duplicates in the output list

NCrack:

  • ncrack -v -T3 -p 80 –user [bigMike] -P [magledMikeListn.txt] [ip address]
-v is for verbosity
-T3 is the level of paranoia. I did T3 b/c that’s average
-p is to set the port number afterwards so -p 80 is port 80 for web
–user is username [insert the username without brackets]
-P specifies the word list [insert your word list without brackets]
[ip address] is obviously [insert the target ip without brackets]

Ubuntu 18.04 Bionic Beaver:

  • How to set up networking
    • Edit the file: /etc/netplan/50-cloud-init.yaml
    • Should look something like This
      network:
        ethernet:
          enp0s3:
            addresses: [192.168.1.10/24]
            gateway4: 192.168.1.1
            nameservers:
              search: [lab,  home]
              addresses: [8.8.8.8, 8.8.7.7]
            optional: true
      version: 2
      
    • Apply Your Changes sudo netplan apply