Running Commands Over SSH

Running commands on a remote server vi SSH is common nowadays. For example:

• Get the file system and disk info
• Get user info
• Get all the running process

 

The syntax is as follows:

$ ssh xx@192.168.31.215 command1

$ ssh xx@192.168.31.215 -- command1 -arg1 -arg2

$ ssh xx@192.168.31.215 -- "command1 && command2"

$ ssh xx@192.168.31.215 -- command1 -arg1 > /tmp/local.out

$ ssh -t xx@192.168.31.215 -- sudo command1 -arg1 -arg2

 

The double dash “--“, means “end of command line flags.” It tells ssh not to try to parse what comes after command line options.

The -t option needed when using sudo command over ssh.

Links:

• https://www.cyberciti.biz/tips/linux-running-commands-on-a-remote-host.html
• https://www.cyberciti.biz/faq/what-does-double-dash-mean-in-ssh-command/
  

Linux Run Levels

Linux changes the run-level:

• (Old Linux distro) SysV init uses run-level number from 0 to 6.
• cmdline: init, telinit, who
  
• (New Linux distro) systemd init uses systemd targets.
• cmdline: systemctl 

 

Linux runlevel defines the state of the OS. 

SysV	Systemd targets	Description
0	runlevel0.target poweroff.target	Halt or shutdown the Linux system
1	runlevel1.target rescue.target	Single-user text mode (useful for maintenance mode)
2	runlevel2.target multi-user.target	Not used
3	runlevel3.target multi-user.target	Full multi-user text mode (used on Linux servers)
4	runlevel4.target multi-user.target	Not used
5	runlevel5.target graphical.target	Full multi-user GUI mode. You can use X-based login screen. Useful for Linux desktop
6	runlevel6.target reboot.target	Reboot Linux system

Comparing the cmdline used.

SysV	Systemd	Description
runelvel who -r	systemctl get-default	Show the current runlevel
init 1	systemctl rescue systemctl emergency	Change the runlevel to single user mode for maintenance
init 3	systemctl multi-user-target	Change to multi-user text mode
init 0	systemctl poweroff	Poweroff
init 6	systemctl reboot	Reboot
	systemctl default	Back to default target
init 5	systemctl graphical.target	Change to GUI mode

Links:

• https://www.cyberciti.biz/tips/linux-changing-run-levels.html
  

Microsoft April 2022 Security Updates

Patch Tuesday (rev 7)

Microsoft releases the Patch Tuesday every month. But it never stop there. Between April 13 and April 25 (today), there are new updates, from 145 vulns to 156 vulns, to the Patch Tuesday.

Links:

• April 2002 Microsoft Security Updates [April 13]
  

Network Exploitation, Reconnaissance & Vulnerability Engine

NERVE is a vulnerability scanner tailored to find low-hanging fruit level vulnerabilities, in specific application configurations, network services, and un-patched services. 

It does not do authenticated scans. And it operates in black-box mode and do "some" CVE checks based on fingerprinting.

Example of some of NERVE's detection capabilities:    

• Subdomain takeovers
• Information Disclosures
• Misconfigurations in services (Nginx, Apache, IIS, etc.)
• Open Databases or Caches

There are 2 ways to setup NERVE: docker or standalone server. Here, I just document how I setup NERVE in docker.

$ git clone http://github.com/PaytmLabs/nerve

$ cd nerve

$ docker build -t nerve .

$ docker run -e username="admin" -e password="pass1234" -d -p 80:8080 nerve

NERVE Dashboard

Links:

• https://hakin9.org/nerve-network-exploitation-reconnaissance-vulnerability-engine/
• https://github.com/PaytmLabs/nerve