The Lovely Command-Center
This Page Is A No Nonsense Straight To The Command List For Commonly Used Configs/Rules I Need To Remember
If You Have a Command Request Feel Free To Ping me @j3st3rjam3s and I’ll add it!
—————————————————————————————————————————————————————————————————————————————- Firewall-cmd Commands
Allow Traffic on an Inbound Port:
# firewall-cmd –add-port=[YOUR PORT]/tcp
Don’t Forget –Permanent For Persistence
# firewall-cmd –permanent –add-port=[YOUR PORT]/tcp
Allow Traffic With a Rich Rule:
# firewall-cmd –permanent –add-rich-rule=’rule family=ipv4 destination address=192.168.3.10/24 port port=8080 protocol=tcp accept'
Add a Service:
# firewall-cmd –add-service [service]
List Allowed Services and Ports:
# firewall-cmd –list-services
List All Zones
# firewall-cmd –list-all-zones
Starting and Stopping The Firewall/Services It’s called “firewalld”
# systemctl enable firewalld
# systemctl restart firewalld
etc. (Just Use systemctl, etc.)
VYOS:
How To Add A User In VYOS (user: James pass: examplepassword)
vyos@vyos-rtr:~$ configure vyos
vyos@vyos-rtr# set system login user James full-name “James”
vyos@vyos-rtr# set system login user James authentication plaintext-password examplepassword
—You also change the password by using the same command
vyos@vyos-rtr# set system login user James level admin
—You can set a user to admin by using 'level'
vyos@vyos-rtr# commit
vyos@vyos-rtr# save
How to Change SSH Port:
[email protected]# set service ssh port [insert a port #]
[email protected]# commit
[email protected]# save
How to Assign SSH For Specific Addresses:
[email protected]# set service ssh listen-address [ip address]
Configuring a VYOS Firewall & Rules Set Nameserver
# set system name-server <IP>
Set Hostname
# set system host-name <hostname>
Set IP Address
# set interfaces ethernet eth# address <IP address>/CIDR
Synchronize NTP with Log Server For Consistent Log Dates/Times
set date ntp <IP address>
Set System Gateway
# set system gateway-address <IP address>
Set Up VRRP
# set interfaces ethernet eth# vrrp vrrp-group #
# set interfaces ethernet eth# vrrp vrrp-group # virtual-address [ip address]
# set interfaces ethernet eth# vrrp vrrp-group # advertise-interval 1
# set interfaces ethernet eth# vrrp vrrp-group # preempt true
# set interfaces ethernet eth# vrrp vrrp-group # priority #
# set interfaces ethernet eth# vrrp vrrp-group # sync-group [group name]
Create the Firewall Rule
[email protected]# set firewall name [WAN-to-LAN] default-action drop
The above command creates the firewall rule for WAN to LAN and sets the default action to drop packets.
[email protected]# set firewall name [WAN-to-LAN] enable-default-log
This logs all attempts for traffic going thru the firewall
Create the Zone and Assign it to the Interface
[email protected]# set zone-policy zone [WAN] interface [eth0]
Create the Zone and Link it to the Rule
[email protected]# set zone-policy zone [LAN from WAN] firewall name [WAN-to-LAN]
The above command creates the ZONE for connections from the WAN to the LAN and links it to the firewall rule WAN-to-LAN
Set Up DNS Forwarding
[email protected]# set service dns forwarding name-server [172.16.150.2]
[email protected]# set service dns forwarding listen-on ‘eth1’
Create the specific firewall rules
Set Up NAT: same syntax as the firewall rules in 7 (below) just without the firewall name
set nat destination rule 1 destination address etc.
set nat source rule 1 source address etc.
Accept traffic
[email protected]# set firewall name [WAN-to-LAN] rule [10] action accept
Allow Firewall for certain traffic
[email protected]# set firewall name [DMZ-to-LAN] rule [#] destination address [ip]
[email protected]# set firewall name [DMZ-to-LAN] rule [#] destination port [#]
[email protected]# set firewall name [DMZ-to-LAN] rule [#] protocol [udp]
Accept Established Commands
[email protected]# set firewall name [WAN-to-LAN] rule [20] state established enable
You increment rules by 10 because if you have to add rules in the future you can place them in block chunks. For example if you want to deny traffic from a specific IP you could make Rule 11. The reason rules are blocked by 10 is only for organizational purposes. It’s just a number. As long as you keep track of your firewall rules in a spreadsheet or something then you’ll be fine.
Configuring Logging with syslog on Vyos
[email protected]# set system syslog host [log ip] facility [authpriv] level [info]
Navigate here for a list of facilities and levels: https://wiki.vyos.net/wiki/Logging
General Linux(Quick Common Commands):
Create a sudo user
add user [username]
passwd [username]
usermod -aG [sudo/wheel] [username]
Fping:
Using fping: “fping -g 192.168.1.0/24”
fping [options] [ipaddress/s]
Options -4 = restricts name resolution to IPv4 addresses -6 = restricts name resolution to IPv6 addresses -a = show alive systems -A = show targets by address vs. DNS name -d= use DNS to look up target (find DNS name) -b = number of byte data to send in the ping -c = number of ping request packets to send -g = generate a list of targets based of a subnet -H = set the TTL -i = change the interval between each packet -I = set the interface -l = loop sending packets indefinitely (stop by using ctrl+c) -n = name the addresses by running a reverse DNS lookup
Nmap:
Running an nmap scan: nmap -sC [target] This will run the default nmap scripts
nmap [scanning options] [timing options] [ipaddress/s] [output options]
Scan Options:
Official Options Summary
-p
Runnin an Nmap nse script:
same as nmap –script=default [target]
nmap –script=[nmap script/category] [target]
What categories James? Go here: https://nmap.org/nsedoc/categories/
NMAP Cheat Sheet Here is Helpful: https://highon.coffee/blog/nmap-cheat-sheet/ shoutout to highoncoffee whoever that is lol.
TheHarvester:
Use TheHarvester
theharvester [options]
example: theharvester -d jameskainth.com -l 100 -b google -h myresults.html
Options:
-d = domain to search
-b = data source (baidu, bing, bingapi, dogpile, google, googleCSE, googleplus, google-profiles, linkedin,
pgp, twitter, vhost, virustotal, threatcrowd, crtsh, netcraft, yahoo, all)
-f = save results into an html or xml
-c = DNS Bruteforce
-l = limit the number of results
SSH Keys
Create Key Pairs on target host
ssh-keygen
That will create an RSA key pair
Use a password if you want
Copy the public key to the remote host
cd ~/.ssh ssh-copy-id username@RemoteHostIpAddress
Or
cat ~/.ssh/id_rsa.pub | ssh username@RemoteHostIpAddress “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat » ~/.ssh/authorized_keys” |
Or
Manually copy and paste the key.
Test out the public key authentication. If it works you can also disable root password logins. Make sure you leave a shell open. In case something goes wrong in this step. You don’t want to lock yourself out of your own box.
Disable Root Logon
cd /etc/ssh/
sudo nano /etc/ssh/sshd_config
change this line(you’ll see it) to this “PermitRootLogin without-password“
save and close the file
Restart SSH
systemctl restart sshd
CeWL:
Using CeWL:
cewl [options] <url>
e.g. cewl -with-numbers -a -w wordList.txt 192.168.4.243/bios/marviMalware.html
What are the CeWL Options?
-h, –help: Show help.
-k, –keep: Keep the downloaded file.
-d ,–depth : Depth to spider to, default 2.
-m, –min_word_length: Minimum word length, default 3.
-o, –offsite: Let the spider visit other sites.
-w, –write: Write the output to the file.
-u, –ua : User agent to send.
-n, –no-words: Don’t output the wordlist.
–with-numbers: Accept words with numbers in as well as just letters
-a, –meta: include meta data.
–meta_file file: Output file for meta data.
-e, –email: Include email addresses.
–email_file : Output file for email addresses.
–meta-temp-dir : The temporary directory used by exiftool when parsing files, default /tmp.
-c, –count: Show the count for each word found.
-v, –verbose: Verbose.
–debug: Extra debug information.
RSMangler:
Using RSMangler:
rsmangler [options] – -(that’s two dashes next to each other wordpress won’t make it look any closer) file wordlist.txt > mangledWordlist.txt
So because of the nature of a mangler. You want to really insert only like 4-5 words in your starting wordlist.
I recommend having multiple wordlists with about 4-5 word in each of them. Then use RSMangler to create passwordlists from all of the different wordlists.
That really just cuts down on the time it will take to generate these wordlists and password lists.
Options for RSMangler:
–help, -h: show help –file, -f: the input file, use – for STDIN –output, -o: the output file, use – for STDOUT –max, -x: maximum word length –min, -m: minimum word length –perms, -p: permutate all the words –double, -d: double each word –reverse, -r: reverser the word –leet, -t: l33t speak the word –full-leet, -T: all posibilities l33t –capital, -c: capitalise the word –upper, -u: uppercase the word –lower, -l: lowercase the word –swap, -s: swap the case of the word –ed, -e: add ed to the end of the word –ing, -i: add ing to the end of the word –punctuation: add common punctuation to the end of the word –years, -y: add all years from 1990 to current year to start and end –acronym, -a: create an acronym based on all the words entered in order and add to word list –common, -C: add the following words to start and end: admin, sys, pw, pwd –pna: add 01 – 09 to the end of the word –pnb: add 01 – 09 to the beginning of the word –na: add 1 – 123 to the end of the word –nb: add 1 – 123 to the beginning of the word –force: don\’t check output size –space: add spaces between words –allow-duplicates: allow duplicates in the output list
NCrack:
ncrack -v -T3 -p 80 –user [bigMike] -P [magledMikeListn.txt] [ip address]
-v is for verbosity -T3 is the level of paranoia. I did T3 b/c that’s average -p is to set the port number afterwards so -p 80 is port 80 for web –user is username [insert the username without brackets] -P specifies the word list [insert your word list without brackets] [ip address] is obviously [insert the target ip without brackets]
Ubuntu 18.04 Bionic Beaver:
How to set up networking
Edit the file: /etc/netplan/50-cloud-init.yaml
Should look something like This
network:
ethernet:
enp0s3:
addresses: [192.168.1.10/24]
gateway4: 192.168.1.1
nameservers:
search: [lab, home]
addresses: [8.8.8.8, 8.8.7.7]
optional: true
version: 2
Apply Your Changes sudo netplan apply