Commands by operat0r (6)

  • To be used with other port scanners and or for help with iptables --dport 1000:2000 style expansion Show Sample Output


    0
    nmap -oA derp --top-ports 10 localhost>/dev/null;grep 'services\=' derp.xml | sed -r 's/.*services\=\"(.*)(\"\/>)/\1/g'
    operat0r · 2020-02-06 12:59:24 3
  • This will allow you to ensure you don't get nagged by updates and also protects you from watering hole attacks! Please be sure to make sure your plugins don't have any security issues! Backups are manifext.jason.bak credit @Jay https://chat.counterpoint.info


    0
    find / -iname "manifest.json" -exec sed 's/\"update_url\": \"http/\"update_url\": \"hxxp/g' -i.bak '{}' \;
    operat0r · 2018-10-09 19:50:31 0
  • When bundle install sucks ...This runs isuckat_ruby.rb and when stderror matches find gem ' it will gem install what ever is missing ... Show Sample Output


    0
    gem install `ruby ./isuckat_ruby.rb 2>&1 | sed -e 's/.*find gem .//g' -e 's/ .*//g' | head -n 1`
    operat0r · 2016-08-03 19:41:27 0
  • This dumps serial numbers of all the drives but HP warranty check does not say they are valid ... Show Sample Output


    1
    hpacucli controller all show config detail | grep -A 7 Fail | egrep '(Failed|Last|Serial Number|physicaldrive)'
    operat0r · 2016-07-20 17:42:40 0
  • This is used during pentest to quickly poll all the processes running on a set of systems you have common credentials for the /FAILFAST:ON speeds up the scans. Show Sample Output


    0
    FOR /F "delims==" %%A IN ('type ips.txt') DO wmic /Node:%%A wmic /user:username /password:yourpassword /FAILFAST:ON process where "name like '%.exe'" call getowner
    operat0r · 2014-06-26 01:53:29 1
  • # CC with SSN dash ( low false positive only match ###-##-#### not any 8digi number ) find . -iname "*.???x" -type f -exec unzip -p '{}' '*' \; | sed -e 's/]\{1,\}>/ /g; s/[^[:print:]]\{1,\}/ /g' | egrep "\b4[0-9]{12}(?:[0-9]{3})?\b|\b5[1-5][0-9]{14}\b|\b6011[0-9]{14}\b|\b3(?:0[0-5]\b|\b[68][0-9])[0-9]{11}\b|\b3[47][0-9]{13}\b|\b[0-9]{3}-[0-9]{2}-[0-9]{4}\b" rmccurdyDOTcom Show Sample Output


    1
    find . -iname "*.???x" -type f -exec unzip -p '{}' '*'
    operat0r · 2012-01-24 04:15:28 0

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

list all opened ports on host
in loop, until the last port (65535), list all opened ports on host. in the sample I used localhost, but you can replace with any host to test.

Copy an element from the previous command
You can specify a range via '-'.

postgresql SQL to show count of ALL tables (relations) including relation-size
Postgresql specific SQL - to show count of ALL tables including relation-size (pg_relation_size = used space on filesystem) - might need a VACUUM ANALYZE before showing all counts correctly !

Network Proxy to dump the application level forward traffic in plain text in the console and in a file.
If you have a client that connects to a server via plain text protocol such as HTTP or FTP, with this command you can monitor the messages that the client sends to the server. Application level text stream will be dumped on the command line as well as saved in a file called proxy.txt. You have to change 8080 to the local port where you want your client to connect to. Change also 192.168.0.1 to the IP address of the destination server and 80 to the port of the destination server. Then simply point your client to localhost 8080 (or whatever you changed it to). The traffic will be redirected to host 192.168.0.1 on port 80 (or whatever you changed them to). Any requests from the client to the server will be dumped on the console as well as in the file "proxy.txt". Unfortunately the responses from the server will not be dumped.

Ctrl+S Ctrl+Q terminal output lock and unlock
These are simple shortcuts to pause and continue terminal output, works in most terminals and screen multiplexers like screen. You can use it to catch something if things change too fast, and scroll with Shift + PgUp PgDown. On linux console ScrollLock can also be used.

Let your computer lull you to sleep
Can change language and speed, see espeak man page for options. (Install espeak in your linux distro via yum or apt-get) For insomniacs you may need to enclose in a while true; do ...; done loop ;)

Mount and umount iso files
Add the functions to the .bashrc to make it work Example: First go to the iso file directory and type: ---------------------------------------------------------------------------------------------------- [email protected]:~$ miso file.iso ---------------------------------------------------------------------------------------------------- It will put you into a temporary mounting point directory (ISO_CD) and will show the files You can umount the iso file whatever the directory you are ---------------------------------------------------------------------------------------------------- [email protected]:~/ISO_CD$ uiso ---------------------------------------------------------------------------------------------------- It wil umount the iso file and remove the temporary directory in your home

return external ip
curl inet-ip.info -> 113.33.232.62\n curl inet-ip.info/ip -> 113.33.232.62 curl inet-ip.info/json -> JSON print curl inet-ip.info/json/indent -> JSON pretty print curl inet-ip.info/yaml -> YAML format curl inet-ip.info/toml -> TOML format http://inet-ip.info

Toggle between directories
switch to previous directory or toggle

Test http request every second, fancy display.
Use the command watch, which is really hard to pass nested quotes to, and insert newlines where they are supposed to go in the HTTP request. that is after 1.1 after the host and two newlines at the end before the EOF. i use this all day what? no support for HEREDOCs on commandlinefu's interface? need more fu.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: