-
-
[翻译]渗透测试备忘单
-
发表于: 2022-10-17 17:31 17374
-
原文链接
作者:H21LAB
译者:阳春
翻译时间:2022/10/17
译者注:转载清注明作者、译者和出处
日常渗透测试可以显著改善公司的安全状况。在进行任何安全审计之前,审计员应该从目标网络或者目标系统所有者那里获得必要的权限和允许。
剑其铸时必盼其有所用,作者不承担其被错用的责任。本文成文时亦盼其有所用,但是对此不作任何保证。
``bash
uptime```
traceroute
8.8
.
8.8
traceroute
8.8
.
8.8
traceroute
-
I
8.8
.
8.8
traceroute
-
I
8.8
.
8.8
nmap
-
sS
-
sV
-
sC
-
v
-
p
-
-
oA
all
-
tcp
-
127.0
.
0.1
127.0
.
0.1
nmap
-
sS
-
sV
-
sC
-
v
-
p
-
-
oA
all
-
tcp
-
127.0
.
0.1
127.0
.
0.1
nmap
-
sS
-
sV
-
A
-
v
-
p
-
-
oA
all
-
tcp
-
127.0
.
0.1
127.0
.
0.1
nmap
-
sS
-
sV
-
A
-
v
-
p
-
-
oA
all
-
tcp
-
127.0
.
0.1
127.0
.
0.1
nmap
-
Pn
-
sn
-
R
-
oA dns
-
10.1
.
0.0_16
10.1
.
0.0
/
16
nmap
-
Pn
-
sn
-
R
-
oA dns
-
10.1
.
0.0_16
10.1
.
0.0
/
16
nmap
-
-
script
-
updatedb
nmap
-
-
script
-
updatedb
ls
-
la
/
usr
/
share
/
nmap
/
scripts
/
ls
-
la
/
usr
/
share
/
nmap
/
scripts
/
nmap
-
vvv
-
-
script http
-
brute
-
-
script
-
args userdb
-
users.txt,passdb
-
pass
.txt
-
p <port> <host>
nmap
-
vvv
-
-
script http
-
brute
-
-
script
-
args userdb
-
users.txt,passdb
-
pass
.txt
-
p <port> <host>
nmap
-
-
script vmauthd
-
brute
-
p <port> <host>
nmap
-
-
script vmauthd
-
brute
-
p <port> <host>
nmap
-
-
script ftp
-
brute
-
p <port> <host>
nmap
-
-
script ftp
-
brute
-
p <port> <host>
nmap
-
-
script
-
help
-
ssl
-
heartbleed
nmap
-
-
script
-
help
-
ssl
-
heartbleed
nmap
-
sV –script
=
ssl
-
heartbleed.nse
-
p <port> <host>
nmap
-
sV –script
=
ssl
-
heartbleed.nse
-
p <port> <host>
nmap
-
sV
-
-
script
=
smb
*
-
p <port> <host>
nmap
-
sV
-
-
script
=
smb
*
-
p <port> <host>
mkdir
/
usr
/
share
/
nmap
/
scripts
/
vulscan
cd
/
usr
/
share
/
nmap
/
scripts
/
vulscan
git clone https:
/
/
github.com
/
scipag
/
vulscan.git
nmap
-
sV
-
-
script
=
vulscan
/
vulscan.nse
127.0
.
0.1
mkdir
/
usr
/
share
/
nmap
/
scripts
/
vulscan
cd
/
usr
/
share
/
nmap
/
scripts
/
vulscan
git clone https:
/
/
github.com
/
scipag
/
vulscan.git
nmap
-
sV
-
-
script
=
vulscan
/
vulscan.nse
127.0
.
0.1
ncrack
-
vv
-
-
user root <host>:<port>
ncrack
-
vv
-
-
user root <host>:<port>
ncrack
-
vv
-
U username.txt
-
P password.txt <host>:
3389
ncrack
-
vv
-
U username.txt
-
P password.txt <host>:
3389
ncrack
-
vv
-
-
user root <host>:
22
ncrack
-
vv
-
-
user root <host>:
22
fcrackzip
-
b
-
l
1
-
4
-
u .
/
archive.
zip
fcrackzip
-
b
-
l
1
-
4
-
u .
/
archive.
zip
hydra
-
L <user
-
list
.txt>
-
P <password
-
list
.txt> ssh:
/
/
<host>
hydra
-
L <user
-
list
.txt>
-
P <password
-
list
.txt> ssh:
/
/
<host>
hydra
-
V
-
l admin
-
P passwords.txt
-
t
36
-
f
-
s
80
192.168
.
1.1
http
-
get
/
hydra
-
V
-
l admin
-
P passwords.txt
-
t
36
-
f
-
s
80
192.168
.
1.1
http
-
get
/
hydra
-
V
-
l admin
-
P passwords.txt
-
t
36
-
f
-
s
80
http
-
get:
/
/
192.168
.
1.1
:
8080
hydra
-
V
-
l admin
-
P passwords.txt
-
t
36
-
f
-
s
80
http
-
get:
/
/
192.168
.
1.1
:
8080
hydra
-
V
-
l admin
-
P passwords.txt
-
e ns
-
f
-
s
21
192.168
.
1.1
ftp
hydra
-
V
-
l admin
-
P passwords.txt
-
e ns
-
f
-
s
21
192.168
.
1.1
ftp
hydra
-
t
1
-
V
-
f
-
l username
-
P password.lst rdp:
/
/
192.168
.
1.1
hydra
-
t
1
-
V
-
f
-
l username
-
P password.lst rdp:
/
/
192.168
.
1.1
skipfish
-
o out_dir https:
/
/
www.host.com
skipfish
-
o out_dir https:
/
/
www.host.com
skipfish
-
o out_dir
-
I urls_to_scan
-
X urls_not_to_scan
-
C cookie1
=
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
C cookie2
=
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX https:
/
/
www.host.com
skipfish
-
o out_dir
-
I urls_to_scan
-
X urls_not_to_scan
-
C cookie1
=
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
-
C cookie2
=
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX https:
/
/
www.host.com
wfuzz
-
c
-
z
file
,Directories_Common.wordlist
-
-
hc
404
http:
/
/
<host>
/
FUZZ.php
wfuzz
-
c
-
z
file
,Directories_Common.wordlist
-
-
hc
404
http:
/
/
<host>
/
FUZZ.php
wfuzz
-
c
-
z
file
,users.txt
-
z
file
,
pass
.txt
-
-
hc
404
http:
/
/
<host>
/
index.php?user
=
FUZZ&
pass
=
FUZ2Z
wfuzz
-
c
-
z
file
,users.txt
-
z
file
,
pass
.txt
-
-
hc
404
http:
/
/
<host>
/
index.php?user
=
FUZZ&
pass
=
FUZ2Z
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
sql
-
query
=
"select name,master.sys.fn_sqlvarbasetostr(password_hash)
from
master.sys.sql_logins
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
dbs
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
dump
-
D database
-
T table
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
cookie
"cookie1=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
sqlmap
-
r POST.txt
-
p field
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
sql
-
query
=
"select name,master.sys.fn_sqlvarbasetostr(password_hash)
from
master.sys.sql_logins
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
dbs
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
dbms
"Microsoft SQL Server"
-
-
dump
-
D database
-
T table
sqlmap
-
u
"http://host.com/vulnerable.php?param=12345"
-
-
cookie
"cookie1=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
sqlmap
-
r POST.txt
-
p field
mysql
-
u <username>
-
p
-
-
port <port>
-
h <host>
mysqldump
-
h <host>
-
u <username>
-
p
-
f
-
-
port <port>
-
-
events
-
-
routines
-
-
triggers
-
-
all
-
databases > MySQLData.sql
mysql
-
u <username>
-
p
-
-
port <port>
-
h <host>
mysqldump
-
h <host>
-
u <username>
-
p
-
f
-
-
port <port>
-
-
events
-
-
routines
-
-
triggers
-
-
all
-
databases > MySQLData.sql
sqlplus
"username/password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=port))(CONNECT_DATA=(SERVER=dedicated)(SERVICE_NAME=servicename)))"
sqlplus
"username/password@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=hostname)(PORT=port))(CONNECT_DATA=(SERVER=dedicated)(SERVICE_NAME=servicename)))"
# 改善sqlplus命令行输出
SET
PAGESIZE
50000
;
# 列举表空间
SELECT TABLESPACE_NAME FROM USER_TABLESPACES;
# 列举所有表
SELECT owner, table_name FROM dba_tables;
# 查找具有给定列名的表
SELECT owner, table_name, column_name FROM all_tab_columns WHERE UPPER(column_name)
=
UPPER(
'PASSWORD'
);
SELECT owner, table_name, column_name FROM all_tab_columns WHERE UPPER(column_name) LIKE
'%PASS%'
;
# 给定列名查找表并计算行数
SET
SERVEROUTPUT ON
DECLARE
val NUMBER;
BEGIN
FOR I IN (SELECT DISTINCT owner, table_name FROM all_tab_columns WHERE UPPER(column_name) LIKE
'%PASS%'
) LOOP
EXECUTE IMMEDIATE
'SELECT count(*) FROM '
|| i.owner ||
'.'
|| i.table_name INTO val;
DBMS_OUTPUT.PUT_LINE(i.owner ||
'.'
|| i.table_name ||
' ==> '
|| val );
END LOOP;
END;
/
# 查找数据库中所有NVARCHAR2类型的列
SET
SERVEROUTPUT ON SIZE
100000
DECLARE
match_count INTEGER;
BEGIN
FOR t IN (SELECT owner, table_name, column_name
FROM all_tab_columns
WHERE owner <>
'SYS'
and
data_type LIKE
'NVARCHAR2'
) LOOP
EXECUTE IMMEDIATE
'SELECT COUNT(*) FROM '
|| t.owner ||
'.'
|| t.table_name ||
' WHERE '
||t.column_name||
' = :1'
INTO match_count
USING
'SEARCH_TEXT'
;
IF match_count >
0
THEN
dbms_output.put_line( t.table_name ||
' '
||t.column_name||
' '
||match_count );
END IF;
END LOOP;
END;
/
# 改善sqlplus命令行输出
SET
PAGESIZE
50000
;
# 列举表空间
SELECT TABLESPACE_NAME FROM USER_TABLESPACES;
# 列举所有表
SELECT owner, table_name FROM dba_tables;
# 查找具有给定列名的表
SELECT owner, table_name, column_name FROM all_tab_columns WHERE UPPER(column_name)
=
UPPER(
'PASSWORD'
);
SELECT owner, table_name, column_name FROM all_tab_columns WHERE UPPER(column_name) LIKE
'%PASS%'
;
# 给定列名查找表并计算行数
SET
SERVEROUTPUT ON
DECLARE
val NUMBER;
BEGIN
FOR I IN (SELECT DISTINCT owner, table_name FROM all_tab_columns WHERE UPPER(column_name) LIKE
'%PASS%'
) LOOP
EXECUTE IMMEDIATE
'SELECT count(*) FROM '
|| i.owner ||
'.'
|| i.table_name INTO val;
DBMS_OUTPUT.PUT_LINE(i.owner ||
'.'
|| i.table_name ||
' ==> '
|| val );
END LOOP;
END;
/
# 查找数据库中所有NVARCHAR2类型的列
SET
SERVEROUTPUT ON SIZE
100000
DECLARE
match_count INTEGER;
BEGIN
FOR t IN (SELECT owner, table_name, column_name
FROM all_tab_columns
WHERE owner <>
'SYS'
and
data_type LIKE
'NVARCHAR2'
) LOOP
EXECUTE IMMEDIATE
'SELECT COUNT(*) FROM '
|| t.owner ||
'.'
|| t.table_name ||
' WHERE '
||t.column_name||
' = :1'
INTO match_count
USING
'SEARCH_TEXT'
;
IF match_count >
0
THEN
dbms_output.put_line( t.table_name ||
' '
||t.column_name||
' '
||match_count );
END IF;
END LOOP;
END;
/
psql
-
h
127.0
.
0.1
db_name username
psql
-
h
127.0
.
0.1
db_name username
snmpwalk
-
mALL
-
v1
-
cpublic <host>
snmpwalk
-
mALL
-
v1
-
cprivate <host>
snmpget
-
mALL
-
v1
-
cpublic <host> sysName.
0
snmpwalk
-
mALL
-
v1
-
cpublic <host>
snmpwalk
-
mALL
-
v1
-
cprivate <host>
snmpget
-
mALL
-
v1
-
cpublic <host> sysName.
0
snmpwalk
-
v2c
-
cprivate <host>:<port>
snmpget
-
v2c
-
cprivate
-
mALL <host> sysName.
0
sysObjectID.
0
ilomCtrlDateAndTime.
0
snmpset
-
mALL
-
v2c
-
cprivate <host> ilomCtrlHttpEnabled.
0
i
1
SUN
-
ILOM
-
CONTROL
-
MIB::ilomCtrlHttpEnabled.
0
=
INTEGER: true(
1
)
snmpwalk
-
v2c
-
cprivate <host>:<port>
snmpget
-
v2c
-
cprivate
-
mALL <host> sysName.
0
sysObjectID.
0
ilomCtrlDateAndTime.
0
snmpset
-
mALL
-
v2c
-
cprivate <host> ilomCtrlHttpEnabled.
0
i
1
SUN
-
ILOM
-
CONTROL
-
MIB::ilomCtrlHttpEnabled.
0
=
INTEGER: true(
1
)
snmpwalk
-
v3
-
l authPriv
-
u snmpadmin
-
a MD5
-
A PaSSword
-
x DES
-
X PRIvPassWord <host>:<port> system
snmpwalk
-
v3
-
l authPriv
-
u snmpadmin
-
a MD5
-
A PaSSword
-
x DES
-
X PRIvPassWord <host>:<port> system
ldapsearch
-
x
-
b
"dc=company,dc=com"
-
s base
-
h <host>
LDAPTLS_REQCERT
=
never ldapsearch
-
x
-
D
"uid=Name.Surname,OU=People,DC=Company,DC=com"
-
W
-
H ldaps:
/
/
<host>
-
b
"uid=Name.Surname,OU=People,DC=Company,DC=com"
-
s sub
ldapsearch
-
x
-
p
389
-
h
"127.0.0.1"
-
b
"ou=people,dc=company,dc=com"
-
s sub
"objectClass=*"
ldapsearch
-
x
-
p
1389
-
h
"127.0.0.1"
-
b
"dc=company,dc=com"
-
s one
"objectClass=*"
ldapmodify
-
a
-
h
"127.0.0.1"
-
p
389
-
D
"cn=Directory Manager"
-
w
'password'
-
f modify.ldif
dn: ou
=
people,dc
=
company,dc
=
com
objectClass: top
objectClass: organizationalunit
ou: people
...
ldap delete
-
x
-
D
"cn=Directory Manager"
-
w
'password'
-
p
1389
-
h
"127.0.0.1"
"uid=identifier,ou=people,dc=company,dc=com"
ldapsearch
-
x
-
b
"dc=company,dc=com"
-
s base
-
h <host>
LDAPTLS_REQCERT
=
never ldapsearch
-
x
-
D
"uid=Name.Surname,OU=People,DC=Company,DC=com"
-
W
-
H ldaps:
/
/
<host>
-
b
"uid=Name.Surname,OU=People,DC=Company,DC=com"
-
s sub
ldapsearch
-
x
-
p
389
-
h
"127.0.0.1"
-
b
"ou=people,dc=company,dc=com"
-
s sub
"objectClass=*"
ldapsearch
-
x
-
p
1389
-
h
"127.0.0.1"
-
b
"dc=company,dc=com"
-
s one
"objectClass=*"
ldapmodify
-
a
-
h
"127.0.0.1"
-
p
389
-
D
"cn=Directory Manager"
-
w
'password'
-
f modify.ldif
dn: ou
=
people,dc
=
company,dc
=
com
objectClass: top
objectClass: organizationalunit
ou: people
...
ldap delete
-
x
-
D
"cn=Directory Manager"
-
w
'password'
-
p
1389
-
h
"127.0.0.1"
"uid=identifier,ou=people,dc=company,dc=com"
redis
-
cli dbsize
redis
-
cli dbsize
redis
-
cli
-
n
0
keys
"*"
redis
-
cli
-
n
0
keys
"*"
showmount
-
e
127.0
.
0.1
mount
-
o ro
127.0
.
0.1
:
/
/
mnt
/
nfs
showmount
-
e
127.0
.
0.1
mount
-
o ro
127.0
.
0.1
:
/
/
mnt
/
nfs
svmap
-
p5060,
5061
,
5080
-
5090
10.0
.
0.1
svmap
-
p5060,
5061
,
5080
-
5090
10.0
.
0.1
svcrack
-
u100
-
d dictionary.txt
10.0
.
0.1
svcrack
-
u100
-
d dictionary.txt
10.0
.
0.1
smbclient
-
L <host>
-
N
smbclient
/
/
<host>
/
<
dir
>
-
N
smbclient
-
L <host>
-
N
smbclient
/
/
<host>
/
<
dir
>
-
N
sshfs user@<host>:
/
remote
/
path
/
mnt
/
tmp
-
C
-
p
22
sshfs user@<host>:
/
remote
/
path
/
mnt
/
tmp
-
C
-
p
22
fusermount
-
u
/
mnt
/
tmp
fusermount
-
u
/
mnt
/
tmp
redir
-
-
laddr
=
<listen_address>
-
-
lport
=
<listen_port>
-
-
caddr
=
<connect_address>
-
-
cport
=
<connect_port>
redir
-
-
laddr
=
<listen_address>
-
-
lport
=
<listen_port>
-
-
caddr
=
<connect_address>
-
-
cport
=
<connect_port>
curl
-
-
data
"param1=value1¶m2=value2"
https:
/
/
host.com
/
index.php
curl
-
-
data
"param1=value1¶m2=value2"
https:
/
/
host.com
/
index.php
#!/bin/sh
HOST
=
host.com
PORT
=
8888
nc $HOST $PORT << __EOF__
POST
/
services
/
HTTP
/
1.1
Host: host.com:
8888
Content
-
Type
: text
/
xml;charset
=
UTF
-
8
SOAPAction: ""
<soapenv:Envelope xmlns:soapenv
=
"http://schemas.xmlsoap.org/soap/envelope/"
xmlns:web
=
"http://host.com/"
>
<soapenv:Header
/
>
<soapenv:Body>
<web:soapRequest>
<
/
web:soapRequest>
<
/
soapenv:Body>
<
/
soapenv:Envelope>
__EOF__
#!/bin/sh
HOST
=
host.com
PORT
=
8888
nc $HOST $PORT << __EOF__
POST
/
services
/
HTTP
/
1.1
Host: host.com:
8888
Content
-
Type
: text
/
xml;charset
=
UTF
-
8
SOAPAction: ""
<soapenv:Envelope xmlns:soapenv
=
"http://schemas.xmlsoap.org/soap/envelope/"
xmlns:web
=
"http://host.com/"
>
<soapenv:Header
/
>
<soapenv:Body>
<web:soapRequest>
<
/
web:soapRequest>
<
/
soapenv:Body>
<
/
soapenv:Envelope>
__EOF__
$ proxychains curl
-
-
header
"Content-Type: text/xml;charset=UTF-8"
-
-
header
"SOAPAction:"
-
-
data @data.xml http:
/
/
127.0
.
0.1
:
8888
/
$ cat data.xml
<?xml version
=
"1.0"
encoding
=
"UTF-8"
?>
<soapenv:Envelope xmlns:soapenv
=
"http://schemas.xmlsoap.org/soap/envelope/"
xmlns:web
=
"http://host.com/"
>
<soapenv:Header
/
>
<soapenv:Body>
<web:soapRequest>
<
/
web:soapRequest>
<
/
soapenv:Body>
<
/
soapenv:Envelope>
$ proxychains curl
-
-
header
"Content-Type: text/xml;charset=UTF-8"
-
-
header
"SOAPAction:"
-
-
data @data.xml http:
/
/
127.0
.
0.1
:
8888
/
$ cat data.xml
<?xml version
=
"1.0"
encoding
=
"UTF-8"
?>
<soapenv:Envelope xmlns:soapenv
=
"http://schemas.xmlsoap.org/soap/envelope/"
xmlns:web
=
"http://host.com/"
>
<soapenv:Header
/
>
<soapenv:Body>
<web:soapRequest>
<
/
web:soapRequest>
<
/
soapenv:Body>
<
/
soapenv:Envelope>
sudo nping
-
c
1
-
-
data hexstring
-
-
udp
-
p dest_port
-
S source_ip
-
g source_port dest_ip
sudo nping
-
c
1
-
-
data hexstring
-
-
udp
-
p dest_port
-
S source_ip
-
g source_port dest_ip
cat test.txt | sort | uniq
-
c | sort
-
n
cat test.txt | sort | uniq
-
c | sort
-
n
ssh root@
192.168
.
1.1
"sudo tcpdump -U -s0 -i lo -w - 'not port 22'"
| wireshark
-
k
-
i
-
wireshark
-
k
-
i <(ssh root@
192.168
.
1.1
tcpdump
-
U
-
s0
-
i
any
-
w
-
not
port
22
)
ssh root@
192.168
.
1.1
"sudo tcpdump -U -s0 -i lo -w - 'not port 22'"
| wireshark
-
k
-
i
-
wireshark
-
k
-
i <(ssh root@
192.168
.
1.1
tcpdump
-
U
-
s0
-
i
any
-
w
-
not
port
22
)
xxd
-
r
-
p test.
hex
| od
-
Ax
-
tx1 | text2pcap
-
test.pcap
xxd
-
r
-
p test.
hex
| od
-
Ax
-
tx1 | text2pcap
-
test.pcap
grep
-
Po
'"field" : .*?[^\\]",'
test.json
grep
-
Po
'"field" : .*?[^\\]",'
test.json
tshark
-
r
input
.pcap
-
Y
"ip.src == 10.1.1.1"
-
w output.pcap
-
F pcap
tshark
-
r
input
.pcap
-
Y
"ip.src == 10.1.1.1"
-
w output.pcap
-
F pcap
john
-
-
session
=
session_name
-
-
format
=
opencl ~
/
hash
.txt
john
-
-
session
=
session_name
-
-
format
=
opencl ~
/
hash
.txt
john
-
-
list
=
formats
-
-
format
=
opencl
john
-
-
list
=
formats
-
-
format
=
opencl
john
-
-
restore
=
session_name
john
-
-
restore
=
session_name
john ~
/
hash
.txt
-
-
show
john ~
/
hash
.txt
-
-
show
john
-
-
fork
=
16
-
-
session
=
session_dynamic
-
-
format
=
dynamic_xxxx
hash
.txt
john
-
-
fork
=
16
-
-
session
=
session_dynamic
-
-
format
=
dynamic_xxxx
hash
.txt
script <filename>
script <filename>
ssh username@hostname
ssh username@hostname
echo $
0
echo $
0
whoami
whoami
uname
-
a
uname
-
a
export
export
ps
-
ef
ps auxf
ps auxfww
ps
-
ef
ps auxf
ps auxfww
find .
-
name
"*.java"
-
type
f
-
exec
fgrep
-
iHn
"textToFind"
{} \;
find .
-
regex
".*\.\(c\|java\)"
-
type
f
-
exec
fgrep
-
iHn
"textToFind"
{} \;
find
/
-
maxdepth
4
-
name
*
.conf
-
type
f
-
exec
grep
-
Hn
"textToFind"
{} \;
2
>
/
dev
/
null
find .
-
name
"*.java"
-
type
f
-
exec
fgrep
-
iHn
"textToFind"
{} \;
find .
-
regex
".*\.\(c\|java\)"
-
type
f
-
exec
fgrep
-
iHn
"textToFind"
{} \;
find
/
-
maxdepth
4
-
name
*
.conf
-
type
f
-
exec
grep
-
Hn
"textToFind"
{} \;
2
>
/
dev
/
null
find
/
-
uid
0
-
perm
-
4000
-
type
f
2
>
/
dev
/
null
find
/
-
uid
0
-
perm
-
4000
-
type
f
2
>
/
dev
/
null
find
/
-
uid
0
-
perm
-
u
=
s,o
=
r
-
type
f
-
exec
ls
-
la {} \;
2
>
/
dev
/
null
find
/
-
uid
0
-
perm
-
u
=
s,o
=
r
-
type
f
-
exec
ls
-
la {} \;
2
>
/
dev
/
null
find
/
-
perm
-
4000
-
type
f
2
>
/
dev
/
null
find
/
-
perm
-
4000
-
type
f
2
>
/
dev
/
null
find
/
-
perm
-
2
-
type
d
2
>
/
dev
/
null
find
/
-
perm
-
2
-
type
d
2
>
/
dev
/
null
find . !
-
path
"*/proc/*"
-
type
f
-
name
"*"
-
exec
fgrep
-
iHn password {} \;
find .
-
type
f \(
-
iname \
*
.conf
-
o
-
iname \
*
.cfg
-
o
-
iname \
*
.xml
-
o
-
iname \
*
.ini
-
o
-
iname \
*
.json
-
o
-
iname \
*
.sh
-
o
-
iname \
*
.pl
-
o
-
iname \
*
.py \)
-
exec
fgrep
-
iHn password {} \;
2
>
/
dev
/
null
find . !
-
path
"*/proc/*"
-
type
f
-
name
"*"
-
exec
fgrep
-
iHn password {} \;
find .
-
type
f \(
-
iname \
*
.conf
-
o
-
iname \
*
.cfg
-
o
-
iname \
*
.xml
-
o
-
iname \
*
.ini
-
o
-
iname \
*
.json
-
o
-
iname \
*
.sh
-
o
-
iname \
*
.pl
-
o
-
iname \
*
.py \)
-
exec
fgrep
-
iHn password {} \;
2
>
/
dev
/
null
find .
-
type
f
-
exec
grep
-
iHFf patterns.txt {} \;
find .
-
type
f
-
exec
grep
-
iHFf patterns.txt {} \;
find .
-
type
f
-
size
-
512k
-
exec
fgrep
-
iHn password {} \;
find .
-
type
f
-
size
-
512k
-
exec
fgrep
-
iHn password {} \;
find .
-
name
"*.jar"
-
type
f
-
exec
~
/
jd
-
cli
/
jd
-
cli
-
oc
-
l
-
n
-
st {} \; | egrep
-
i
-
e
"Location:"
-
e
"password"
| uniq
find .
-
name
"*.jar"
-
type
f
-
exec
~
/
jd
-
cli
/
jd
-
cli
-
oc
-
l
-
n
-
st {} \; | egrep
-
i
-
e
"Location:"
-
e
"password"
| uniq
netstat
-
anp
netstat
-
anp
cat
/
etc
/
hosts
cat
/
etc
/
hosts
ifconfig
-
a
ifconfig
-
a
route
-
v
route
-
v
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
最后于 2022-10-17 17:32
被阳春编辑
,原因: typo
赞赏
他的文章
- [翻译]渗透测试备忘单 17375
- [翻译]为编程和逆向搭建RISC-V开发环境 13832
- [翻译]状态机的状态 10999
- [原创]看雪CTF.TSRC 2018 团队赛 第一题 初世纪 writeup 2912
- [原创]京东AI CTF大挑战Writeup 7151
看原图
赞赏
雪币:
留言: