Apr 30, 2022

Running Commands Over SSH

Running commands on a remote server vi SSH is common nowadays. For example:

  • Get the file system and disk info
  • Get user info
  • Get all the running process

 

The syntax is as follows:

$ ssh xx@192.168.31.215 command1

$ ssh xx@192.168.31.215 -- command1 -arg1 -arg2

$ ssh xx@192.168.31.215 -- "command1 && command2"

$ ssh xx@192.168.31.215 -- command1 -arg1 > /tmp/local.out

$ ssh -t xx@192.168.31.215 -- sudo command1 -arg1 -arg2

 

The double dash “--“, means “end of command line flags.” It tells ssh not to try to parse what comes after command line options.

The -t option needed when using sudo command over ssh.


Links:

Apr 29, 2022

Linux Run Levels

Linux changes the run-level:

  • (Old Linux distro) SysV init uses run-level number from 0 to 6.
    • cmdline: init, telinit, who
  • (New Linux distro) systemd init uses systemd targets.
    • cmdline: systemctl 

 

Linux runlevel defines the state of the OS. 

SysV Systemd targetsDescription
0
runlevel0.target
poweroff.target
Halt or shutdown the Linux system
  
runlevel1.target
rescue.target
Single-user text mode (useful for maintenance mode)
2 runlevel2.target
multi-user.target
Not used
3 runlevel3.target
multi-user.target
Full multi-user text mode (used on Linux servers)
4 runlevel4.target
multi-user.target
Not used
5 runlevel5.target
graphical.target
Full multi-user GUI mode. You can use X-based login screen. Useful for Linux desktop
6 runlevel6.target
reboot.target
Reboot Linux system


Comparing the cmdline used.

SysV Systemd Description
runelvel
who -r
systemctl get-default
Show the current runlevel
init 1
systemctl rescue
systemctl emergency
Change the runlevel to single user mode for maintenance
init 3
systemctl multi-user-target Change to multi-user text mode
init 0
systemctl poweroff Poweroff
init 6
systemctl reboot
Reboot

systemctl default Back to default target
init 5
systemctl graphical.target
Change to GUI mode


Links:

  • https://www.cyberciti.biz/tips/linux-changing-run-levels.html

Apr 25, 2022

Microsoft April 2022 Security Updates

Patch Tuesday (rev 7)

Microsoft releases the Patch Tuesday every month. But it never stop there. Between April 13 and April 25 (today), there are new updates, from 145 vulns to 156 vulns, to the Patch Tuesday.


Links:

Apr 23, 2022

Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and un-patched services. 

It does not do authenticated scans. And it operates in black-box mode and do "some" CVE checks based on fingerprinting.

Example of some of NERVE's detection capabilities:    

  • Subdomain takeovers
  • Information Disclosures
  • Misconfigurations in services (Nginx, Apache, IIS, etc.)
  • Open Databases or Caches

There are 2 ways to setup NERVE: docker or standalone server. Here, I just document how I setup NERVE in docker.

$ git clone http://github.com/PaytmLabs/nerve

$ cd nerve

$ docker build -t nerve .

$ docker run -e username="admin" -e password="pass1234" -d -p 80:8080 nerve

NERVE Dashboard


Links: