Commands tagged pentest (3)

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands


Check These Out

Recover username and password for Technicolor TC7200 admin page (vulnerability)
The router Technicolor TC7200 has an exploit where the file http://192.168.0.1/goform/system/GatewaySettings.bin is open for unauthenticated access. Even though it is binary, the 2 last strings are the username and password for the pages for router management. It can be read using the 'strings' command, 'hexdump -C' or a hexadecimal editor. (default user/password = admin/admin) Reveals more configuration, including SSID name and Key for the wifi network: $wget -q -O - http://192.168.0.1/goform/system/GatewaySettings.bin Hexadecimal dump of the file: $wget -q -O - http://192.168.0.1/goform/system/GatewaySettings.bin | hexdump -C

Displays the version of the Adobe Flash plugin installed
This is for Debian, simply change the path if your Flash plugin is installed elsewhere.

check the status of 'dd' in progress (OS X)
"killall -USR1 dd" does not work in OS X for me. However, sending INFO instead of USR1 works.

create random numbers within range for conjob usage
if you need to install cron jobs in a given time range.

Setting global redirection of STDERR to STDOUT in a script
You have a script where =ALL= STDERR should be redirected to STDIN and you don't want to add "2>&1" at the end of each command... E.G.: $ ls -al /foo/bar 2>&1 Than just add this piece of code at the beginning of your script! I hope this can help someone. :)

Sort by IP address

Exclude svn directories with grep
exclude-dir option requires grep 2.5.3

DELETE all those duplicate files but one based on md5 hash comparision in the current directory tree
This one-liner will the *delete* without any further confirmation all 100% duplicates but one based on their md5 hash in the current directory tree (i.e including files in its subdirectories). Good for cleaning up collections of mp3 files or pictures of your dog|cat|kids|wife being present in gazillion incarnations on hd. md5sum can be substituted with sha1sum without problems. The actual filename is not taken into account-just the hash is used. Whatever sort thinks is the first filename is kept. It is assumed that the filename does not contain 0x00. As per the good suggestion in the first comment, this one does a hard link instead: $ find . -xdev -type f -print0 | xargs -0 md5sum | sort | perl -ne 'chomp; $ph=$h; ($h,$f)=split(/\s+/,$_,2); if ($h ne $ph) { $k = $f; } else { unlink($f); link($k, $f); }'

Swap a file or dir with quick resotre
This lets you replace a file or directory and quickly revert if something goes wrong. For example, the current version of a website's files are in public_html. Put a new version of the site in public_html~ and execute the command. The names are swapped. If anything goes wrong, execute it again (up arrow or !!).

check the status of 'dd' in progress (OS X)
Sends SIGINFO to the process. This is a BSD feature OS X inherited. You must have the terminal window executing dd selected when entering CTRL + T for this to work.


Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: