SMART hard drive monitoring utility

Cli

Installation

1
apt-get install smartmontools

Basic usage

1
2
3
4
5
6
7
8
9
10
11
# show details
smartctl -i /dev/sda

# SMART overall-health self-assessment test result: PASSED
smartctl -H /dev/sda

# do test
smartctl —-test=short /dev/sda
smartctl --test=long /dev/sda
# show test report
smartctl -a

Nmap basic example

Cli

Scan

1
2
3
4
5
6
7
8
9
10
11
# 100 ports
nmap --top-ports 100 192.168.1.54

# -sC Scan script default
nmap --top-ports 100 -T4 -sC 192.168.1.54

# -A Enable OS detection
nmap -A --top-ports 100 -sC -T4 192.168.1.54

# -Pn No ping
nmap --top-ports 100 -T4 -Pn -sC 192.168.1.54

Port output

1
2
3
4
5
6
7
8
Starting Nmap 7.60 ( https://nmap.org ) at 2018-01-04 15:36 HKT
Nmap scan report for cmtech-company (192.168.1.54)
Host is up (0.047s latency).
Not shown: 97 filtered ports
PORT    STATE SERVICE
22/tcp  open  ssh
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds

OS detection

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Host script results:
|_nbstat: NetBIOS name: XXX-COMPANY, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery:
|   OS: Windows 6.1 (Samba 4.3.11-Ubuntu)
|   Computer name: xxx-company
|   NetBIOS computer name: XXX-COMPANY\x00
|   Domain name: \x00
|   FQDN: xxx-company
|_  System time: 2018-01-04T15:37:28+08:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
| smb2-security-mode:
|   2.02:
|_    Message signing enabled but not required
| smb2-time:
|   date: 2018-01-04 15:37:28
|_  start_date: 1601-01-01 07:36:42

Reference

https://linux.die.net/man/1/nmap

GoBuster basic example

Cli

DIR mode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
gobuster -u https://mysite.com/path/to/folder -c 'session=123456' -t 50 -w common-files.txt -x .php,.html


# -t Number of threads
gobuster -u http://httpbin.org/ -w words.txt -t 10
/index (Status: 200)
/posts (Status: 301)
/contact (Status: 301)

# -v Verbose output
gobuster -u http://httpbin.org/ -w words.txt -v
Found : /index (Status: 200)
Missed: /derp (Status: 404)
Found : /posts (Status: 301)

# -l Show content length
gobuster -u http://httpbin.org/ -w words.txt -l
/contact (Status: 301)
/posts (Status: 301)
/index (Status: 200) [Size: 61481]

# -n No status code
# -q Quiet output
# -e "grep` mode"
gobuster -u http://httpbin.org/ -w words.txt -q -n -e
http://httpbin.org/ip
http://httpbin.org/index
http://httpbin.org/uuid

DNS mode

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
gobuster -m dns -w subdomains.txt -u google.com
Found: m.google.com
Found: mobile.google.com
Found: search.google.com

# -i Show IP
gobuster -m dns -w subdomains.txt -u google.com -i
Found: chrome.google.com [2404:6800:4006:801::200e, 216.58.220.110]
Found: m.google.com [216.58.220.107, 2404:6800:4006:801::200b]
Found: www.google.com [74.125.237.179, 74.125.237.177, 74.125.237.178, 74.125.237.180, 74.125.237.176, 2404:6800:4006:801::2004]

# -fw Force wildcard
gobuster -m dns -w subdomains.txt -u google.com -fw
[-] Wildcard DNS found. IP address(es):  123.123.123.123
Found: email.doesntexist.com
^C[!] Keyboard interrupt detected, terminating.

Reference

https://github.com/OJ/gobuster
https://www.owasp.org/index.php/Category:OWASP_DirBuster_Project

Ubuntu apt-get NO_PUBKEY solution

Ubuntu

Scenario

1
2
3
4
5
# when run apt-get update or apt-get install you got below error

W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Failed to fetch https://dl.yarnpkg.com/debian/dists/stable/InRelease The following signatures couldn't be verified because the public key is not available: NO_PUBKEY E074D16EB6FF4DE3
W: Some index files failed to download. They have been ignored, or old ones used instead.

Solution

1
2
3
4
# Add the latest key that will be fixed
curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
# or
wget -qO - https://raw.githubusercontent.com/yarnpkg/releases/gh-pages/debian/pubkey.gpg | sudo apt-key add -

Reference

https://github.com/yarnpkg/yarn/issues/4453

Verify checksum file

Cli

SHA-256

1
2
3
4
5
6
7
# Create checksum file
shasum -a 256 file.ext > file.ext.sha256sum
# file content: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855  file.ext

# Verify checksum 
shasum -c file.ext.sha256sum
# output: file.ext: OK

SHA-1

1
2
shasum file.ext > file.ext.sha1sum
shasum file.ext.sha1sum

MD5

1
2
md5 file.ext > file.ext.md5sum
md5 -c file.ext.md5sum

Cronjob Cheatsheet 

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# crontab
# min, hour, day, month, day_of_week, command

# every 5 mins
*/5 * * * * /path/to/myscript.sh

# 0,2,4 mins
0,2,4 * * * * /path/to/myscript.sh

# 1-10 mins
1-10 * * * * /path/to/myscript.sh

# hourly
@hourly /path/to/myscript.sh
0 * * * * /path/to/myscript.sh

# startup
@reboot /path/to/myscript.sh