Commands by operat0r

Commands by operat0r (6)

sorted by

Dump top 10 ports tcp/udp from nmap

To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output
This is sample output - yours may be different.
```
7,9,13,21-23,25-26,37,53,79-81,88,106,110-111,113,119,135,139,143-144,179,199,389,427,443-445,465,513-515,543-544,548,554,587,631,646,873,990,993,995,1025-1029,1110,1433,1720,1723,1755,1900,2000-2001,2049,2121,2717,3000,3128,3306,3389,3986,4899,5000,5009,5051,5060,5101,5190,5357,5432,5631,5666,5800,5900,6000-6001,6646,7070,8000,8008-8009,8080-8081,8443,8888,9100,9999-10000,32768,49152-49157
```
0

nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'

operat0r · 2020-02-06 12:59:24 1
Disable updates for installed Chrome plugins

This will allow you to ensure you don't get nagged by updates and also protects you from watering hole attacks! Please be sure to make sure your plugins don't have any security issues! Backups are manifext.jason.bak credit @Jay https://chat.counterpoint.info
This is sample output - yours may be different.
0

find / -iname "manifest.json" -exec sed 's/\"update_url\": \"http/\"update_url\": \"hxxp/g' -i.bak '{}' \;

operat0r · 2018-10-09 19:50:31 0
sort of automaticly install gems that are depend

When bundle install sucks ...This runs isuckat_ruby.rb and when stderror matches find gem ' it will gem install what ever is missing ... Show Sample Output
This is sample output - yours may be different.
```
Could not find gem 'metasploit-payloads (= 1.1.13) ruby', which is required by gem 'metasploit-framework (>= 0) ruby', in any of the sources.
```
0

gem install `ruby ./isuckat_ruby.rb 2>&1 | sed -e 's/.*find gem .//g' -e 's/ .*//g' | head -n 1`

operat0r · 2016-08-03 19:41:27 0

This dumps serial numbers of all the drives but HP warranty check does not say they are valid ... Show Sample Output

operat0r · 2016-07-20 17:42:40 0

wmic search systems for running 'exe' to hijack migrate

This is used during pentest to quickly poll all the processes running on a set of systems you have common credentials for the /FAILFAST:ON speeds up the scans. Show Sample Output
This is sample output - yours may be different.
```
Executing (\\MYBOX\ROOT\CIMV2:Win32_Process.Handle="384")->getowner()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
	Domain = "NT AUTHORITY";
	ReturnValue = 0;
	User = "SYSTEM";
};
Executing (\\MYBOX\ROOT\CIMV2:Win32_Process.Handle="532")->getowner()
Method execution successful.

Out Parameters:
instance of __PARAMETERS
```
0

FOR /F "delims==" %%A IN ('type ips.txt') DO wmic /Node:%%A wmic /user:username /password:yourpassword /FAILFAST:ON process where "name like '%.exe'" call getowner

operat0r · 2014-06-26 01:53:29 1
search office documents for credit card numbers and social security number SSN docx xlsx

# CC with SSN dash ( low false positive only match ###-##-#### not any 8digi number ) find . -iname "*.???x" -type f -exec unzip -p '{}' '*' \; | sed -e 's/]\{1,\}>/ /g; s/[^[:print:]]\{1,\}/ /g' | egrep "\b4[0-9]{12}(?:[0-9]{3})?\b|\b5[1-5][0-9]{14}\b|\b6011[0-9]{14}\b|\b3(?:0[0-5]\b|\b[68][0-9])[0-9]{11}\b|\b3[47][0-9]{13}\b|\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b" rmccurdyDOTcom Show Sample Output
This is sample output - yours may be different.
```
Anatomy of Credit Card Numbers                                                   Mastercard                    5578627312605125          5331881516316066
```
1

find . -iname "*.???x" -type f -exec unzip -p '{}' '*'

operat0r · 2012-01-24 04:15:28 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands

Check These Out

Undo mkdir -p new/directory/path

Removes all directories on given path, working from right to left, and stops when reaching a non-empty directory Counterpart of $ mkdir -p new/directory/path Shortcut (must be issues as next command immediately after mkdir): $ ^mk^rm ( see http://www.commandlinefu.com/commands/view/19/runs-previous-command-but-replacing )

Test disk I/O

Especially useful to gauge the performance of a VPS.

Add strikethrough to text

Convert CSV to JSON

Replace 'csv_file.csv' with your filename.

Print a row of characters across the terminal

shorter than alternative

Find files with root setuids settings

Indent a one-liner.

Bash builtin type also indents the function.

Find usb device in realtime

Using this command you can track a moment when usb device was attached.

Plays Music from SomaFM

This command asks for the station name and then connects to somafm, Great for those who have linux home entertainment boxes and ssh enabled on them, just for the CLI fiends out there ( I know I'm one of them ;) Also, don't forget to add this as alias(ie alias somafm="read -p 'Which Station? "; mplayer --reallyquite -vo none -ao sdl http://somafm.com/startstream=${REPLY}.pls")

Given process ID print its environment variables

Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for:

» all commands
» commands with 3 up-votes (commandlinefu3)
» commands with 10 up-votes (commandlinefu10)
» commands by operat0r