Linux Command Line Hackery Series - Part 6

Welcome back to Linux Command Line Hackery series, I hope you've enjoyed this series so far and would have learned something (at least a bit). Today we're going to get into user management, that is we are going to learn commands that will help us add and remove users and groups. So bring it on...

Before we get into adding new users to our system lets first talk about a command that will be useful if you are a non-root user.

Command: sudo
Syntax: sudo [options] command
Description: sudo allows a permitted user to execute a command as a superuser or another user.

Since the commands to follow need root privileges, if you are not root then don't forget to prefix these commands with sudo command. And yes you'll need to enter the root password in order to execute any command with sudo as root.

Command: useradd
Syntax: useradd [options] username
Description: this command is used for creating new user but is kinda old school.
Lets try to add a new user to our box.
[Note: I'm performing these commands as root user, you'll need root privileges to add a new user to your box. If you aren't root then you can try these commands by prefixing the sudo command at the very beginning of these command like this sudo useradd joe. You'll be prompted for your root password, enter it and you're good to go]

useradd joe

To verify that this command has really added a user to our box we can look at three files that store a users data on a Linux box, which are:

/etc/passwd -> this file stores information about a user separated by colons in this manner, first is login name, then in past there used to be an encrypted password hash at the second place however since the password hashes were moved to shadow file now it has a cross (x) there, then there is user id, after it is the user's group id, following it is a comment field, then the next field contains users home directory, and at last is the login shell of the user.

/etc/group  -> this file stores information about groups, that is id of the group and to which group an user belongs.

/etc/shadow -> this file stores the encrypted password of users.

Using our command line techniques we learned so far lets check out these files and verify if our user has been created:

cat /etc/passwd /etc/group /etc/shadow | grep joe



In the above screenshot you can notice an ! in the /etc/shadow, this means the password of this user has not been set yet. That means we have to set the password of user joe manually, lets do just that.

Command: passwd
Syntax: passwd [options] [username]
Description: this command is used to change the password of user accounts.
Note that this command needs root privileges. So if you are not root then prefix this command with sudo.

passwd joe



After typing this command, you'll be prompted password and then for verifying your password. The password won't show up on the terminal.
Now joe's account is up and running with a password.

The useradd command is a old school command, lets create a new user with a different command which is kinda interactive.

Command: adduser
Syntax: adduser [options] user
Description: adduser command adds a user to the system. It is more friendly front-end to the useradd command.

So lets create a new user with adduser.

adduser jane



as seen in the image it prompts for password, full name and many other things and thus is easy to use.

OK now we know how to create a user its time to create a group which is very easy.

Command: addgroup
Syntax: addgroup [options] groupname
Description: This command is used to create a new group or add an existing user to an existing group.

We create a new group like this

addgroup grownups



So now we have a group called grownups, you can verify it by looking at /etc/group file.
Since joe is not a grownup user yet but jane is we'll add jane to grownups group like this:

addgroup jane grownups



Now jane is the member of grownups.

Its time to learn how to remove a user from our system and how to remove a group from the system, lets get straight to that.

Command: deluser
Syntax: deluser [options] username
Description: remove a user from system.

Lets remove joe from our system

deluser joe

Yes its as easy as that. But remember by default deluser will remove the user without removing the home directory or any other files owned by the user. Removing the home directory can be achieved by using the --remove-home option.

deluser jane --remove-home

Also the --remove-all-files option removes all the files from the system owned by the user (better watch-out). And to create a backup of all the files before deleting use the --backup option.

We don't need grownups group so lets remove it.

Command: delgroup
Syntax: delgroup [options] groupname
Description: remove a group from the system.

To remove grownups group just type:

delgroup grownups



That's it for today hope you got something in your head.

More info

1. Pentest Tools Github
2. Kik Hack Tools
3. Hack Tools Github
4. Hacking Tools
5. Hacking App
6. Github Hacking Tools
7. Hacking Tools Online
8. Pentest Tools Kali Linux
9. Hacking Tools Github
10. Hacking Tools Download
11. New Hacker Tools
12. Hacking Tools Free Download
13. Hacking Tools For Windows
14. Pentest Tools Android
15. Hacker Techniques Tools And Incident Handling
16. Hack Tools Online
17. Hacking Tools Pc
18. Hacker Tools For Windows
19. Pentest Tools Bluekeep
20. Hacking Tools 2019
21. Hacker
22. Pentest Tools Download
23. Hacking Tools Windows
24. Hacking Tools And Software
25. Free Pentest Tools For Windows
26. Hacking Tools For Kali Linux
27. Hacker Tools List
28. Best Hacking Tools 2020
29. Pentest Tools Find Subdomains
30. Hacking Tools For Windows 7
31. World No 1 Hacker Software
32. Pentest Tools Github
33. Pentest Tools For Windows
34. Pentest Tools Apk
35. Hacking Tools Github
36. Hack Tools Pc
37. Hacking Tools Usb
38. Pentest Tools For Ubuntu
39. Hack Tool Apk No Root
40. Hack App
41. Usb Pentest Tools
42. Hacking Tools For Windows 7
43. Pentest Tools Online
44. Pentest Tools Review
45. Hacking Tools 2020
46. Hacker Tools Apk
47. Hacking Tools 2020
48. Hacker Search Tools
49. Pentest Reporting Tools
50. Hacker Tools 2020
51. Hack Tools For Pc
52. Hacking Tools Free Download
53. Pentest Tools For Windows
54. Pentest Tools Port Scanner
55. Hacker Tools Free Download
56. Hack Tool Apk No Root
57. How To Install Pentest Tools In Ubuntu
58. Hacker Tools Mac
59. Pentest Tools Kali Linux
60. Hacker Tools
61. Nsa Hack Tools Download
62. What Is Hacking Tools
63. Pentest Tools Online
64. Hacking Tools
65. Hacking Tools 2020
66. Nsa Hacker Tools
67. Hacking Tools Online
68. Usb Pentest Tools
69. Hack Tool Apk No Root
70. Hacker Tools Windows
71. New Hack Tools
72. Game Hacking
73. Hack Tools
74. Hack Tools For Games
75. Hack Tools For Mac
76. How To Install Pentest Tools In Ubuntu
77. Pentest Tools For Windows
78. Pentest Tools Alternative
79. Hacking Tools Free Download
80. Hacking Tools Free Download
81. Pentest Tools Android
82. Hack Tools For Games
83. Hacking Tools For Mac
84. Hacker Tools Online
85. Hacking Tools For Beginners
86. Hack And Tools
87. Pentest Tools For Mac
88. Hacker Search Tools
89. Pentest Tools For Mac
90. Hacker Tools 2019
91. Termux Hacking Tools 2019
92. Pentest Box Tools Download
93. Top Pentest Tools
94. Hacking Tools 2019
95. New Hacker Tools
96. Termux Hacking Tools 2019
97. Hack Tools For Ubuntu
98. Hackrf Tools
99. New Hack Tools
100. What Is Hacking Tools
101. Hack Rom Tools
102. Hacking Apps
103. Pentest Tools Url Fuzzer
104. Hacking Tools Pc
105. Hacking App
106. Hacking Tools Kit
107. Android Hack Tools Github
108. Black Hat Hacker Tools
109. World No 1 Hacker Software
110. Hacker Tools For Ios
111. How To Hack
112. Hacking Tools Hardware
113. Android Hack Tools Github
114. Hacker Tool Kit
115. Hack Tool Apk
116. Hacker Tools For Windows
117. Hacker Tools Apk
118. Hacking Apps
119. Hack Website Online Tool
120. Hacker Tools Free Download
121. Hacking Tools Name
122. Hacker Tools For Mac
123. Pentest Tools Android
124. Pentest Tools For Mac
125. Usb Pentest Tools
126. Pentest Tools For Windows
127. New Hacker Tools
128. Hacking Tools Usb
129. Hacker
130. Hacker
131. Hacking Tools For Kali Linux
132. Hacker Tools
133. Pentest Tools Windows
134. Install Pentest Tools Ubuntu
135. Hacker Tools Mac
136. How To Make Hacking Tools
137. Hack Tools Online
138. Computer Hacker
139. Nsa Hack Tools Download
140. Android Hack Tools Github
141. Hack Tool Apk No Root
142. Pentest Tools Open Source
143. Pentest Reporting Tools
144. Pentest Tools Url Fuzzer
145. Hacking Tools 2019
146. Growth Hacker Tools
147. Pentest Tools For Mac
148. Hack Tools
149. Hacker Tools Online
150. Hack Tools For Games
151. Hacking Tools For Beginners
152. New Hack Tools

How To Start | How To Become An Ethical Hacker

Are you tired of reading endless news stories about ethical hacking and not really knowing what that means? Let's change that!

This Post is for the people that:

• Have No Experience With Cybersecurity (Ethical Hacking)
• Have Limited Experience.
• Those That Just Can't Get A Break

OK, let's dive into the post and suggest some ways that you can get ahead in Cybersecurity.

I receive many messages on how to become a hacker. "I'm a beginner in hacking, how should I start?" or "I want to be able to hack my friend's Facebook account" are some of the more frequent queries. Hacking is a skill. And you must remember that if you want to learn hacking solely for the fun of hacking into your friend's Facebook account or email, things will not work out for you. You should decide to learn hacking because of your fascination for technology and your desire to be an expert in computer systems. Its time to change the color of your hat 😀

 I've had my good share of Hats. Black, white or sometimes a blackish shade of grey. The darker it gets, the more fun you have.

If you have no experience don't worry. We ALL had to start somewhere, and we ALL needed help to get where we are today. No one is an island and no one is born with all the necessary skills. Period.OK, so you have zero experience and limited skills…my advice in this instance is that you teach yourself some absolute fundamentals.

Let's get this party started.

•  What is hacking?

Hacking is identifying weakness and vulnerabilities of some system and gaining access with it.

Hacker gets unauthorized access by targeting system while ethical hacker have an official permission in a lawful and legitimate manner to assess the security posture of a target system(s)

 There's some types of hackers, a bit of "terminology".
White hat — ethical hacker.
Black hat — classical hacker, get unauthorized access.
Grey hat — person who gets unauthorized access but reveals the weaknesses to the company.
Script kiddie — person with no technical skills just used pre-made tools.
Hacktivist — person who hacks for some idea and leaves some messages. For example strike against copyright.

•  Skills required to become ethical hacker.

1. Curosity anf exploration
2. Operating System
3. Fundamentals of Networking

*Note this sites

• hackquest.de
• hacktissite.org
• www.trythis0ne.com
• www.hackchallenge.net
• hacking-lab.com

More info

• Hacker Tools Windows
• Hacker Tools Apk Download
• Hackrf Tools
• Hacker
• Hacker Tools Apk
• Hackrf Tools
• Hacker Tools 2019
• Usb Pentest Tools
• Hacker Tools Apk Download
• Hacking Tools Github
• Hacker Tools 2019
• Pentest Tools Website
• Hacking Tools Kit
• Pentest Recon Tools
• Termux Hacking Tools 2019
• How To Make Hacking Tools
• Beginner Hacker Tools
• Hacking Tools Software
• Pentest Tools Free
• Pentest Tools Download
• Hack Tools Online
• Pentest Tools Bluekeep
• Hacker Tool Kit
• Hacking Tools For Pc
• Pentest Tools Find Subdomains
• Pentest Tools Linux
• Hack App
• Pentest Tools Apk
• Pentest Tools For Ubuntu
• Hack Tools Mac
• Hack Tools Github
• Hacking Apps
• Hacking Tools For Windows 7
• Hacking Tools Windows
• Tools 4 Hack
• World No 1 Hacker Software
• Kik Hack Tools
• Hacker Tools List
• Hacker Tools Free Download
• Pentest Tools For Windows
• Hacking Apps
• Hacking Tools Usb
• Hacking Tools And Software
• Hacking Tools For Windows 7
• Pentest Automation Tools
• Hacking Tools For Windows
• Pentest Tools Alternative
• Best Hacking Tools 2020
• Hacker Tools Github
• Hacker Tools Hardware
• Hacking Tools Pc
• Pentest Tools For Android
• Hacking Tools Github
• Hacker Search Tools
• Pentest Tools
• Hack Tools For Mac
• Hacking Tools And Software
• Hacking Tools For Windows 7
• Pentest Tools
• Hacking Tools Download
• Hacker Tools Mac
• Hacker Tools For Pc
• Hack Tools For Games
• Hacking Apps
• Nsa Hacker Tools
• Hacking Tools 2020
• Hacking Apps
• Bluetooth Hacking Tools Kali
• Hacking Tools For Beginners
• How To Hack
• Pentest Tools Apk
• Hacker
• Hacking Tools For Windows Free Download
• Pentest Box Tools Download
• Pentest Tools Framework
• Hacker Tools Linux
• Best Hacking Tools 2020
• Pentest Reporting Tools
• New Hacker Tools
• Pentest Tools Open Source
• Hack Tools Online
• Pentest Tools Website Vulnerability
• Hacking Tools 2020
• Computer Hacker
• Hack Tools For Games
• Wifi Hacker Tools For Windows
• Github Hacking Tools
• Hack Tools Mac
• Pentest Box Tools Download
• Hackers Toolbox
• Hack Website Online Tool
• Top Pentest Tools
• Hack Tools For Pc
• What Are Hacking Tools
• Hacker Tools 2019
• Hack Tools For Pc
• How To Install Pentest Tools In Ubuntu
• Best Hacking Tools 2020
• Pentest Tools Url Fuzzer
• Hacker Tools Software
• Hack Tools For Games
• Hacking Tools And Software
• Pentest Tools Alternative
• Hacker Tools Free Download
• New Hack Tools
• Pentest Automation Tools
• Hacking Tools For Pc

Smuggler - An HTTP Request Smuggling / Desync Testing Tool

An HTTP Request Smuggling / Desync testing tool written in Python 3

IMPORTANT

This tool does not guarantee no false-positives or false-negatives. Just because a mutation may report OK does not mean there isn't a desync issue, but more importantly just because the tool indicates a potential desync issue does not mean there definitely exists one. The script may encounter request processors from large entities (i.e. Google/AWS/Yahoo/Akamai/etc..) that may show false positive results.

Installation

1. git clone https://github.com/defparam/smuggler.git
2. cd smuggler
3. python3 smuggler.py -h

Example Usage

Single Host:

python3 smuggler.py -u <URL>

List of hosts:

cat list_of_hosts.txt | python3 smuggler.py

Options

usage: smuggler.py [-h] [-u URL] [-v VHOST] [-x] [-m METHOD] [-l LOG] [-q]
                   [-t TIMEOUT] [--no-color] [-c CONFIGFILE]

optional arguments:
  -h, --help            show this help message and exit
  -u URL, --url URL     Target URL with Endpoint
  -v VHOST, --vhost VHOST
                        Specify a virtual host
  -x, --exit_early      Exit scan on first finding
  -m METHOD, --method METHOD
                        HTTP method to use (e.g GET, POST) Default: POST
  -l LOG, --log LOG     Specify a log file
  -q, --quiet           Quiet mode will only log issues found
  -t TIMEOUT, --timeout TIMEOUT
                        Socket timeout value Default: 5
  --no-color            Suppress color codes
  -c CONFIGFILE, --configfile CONFIGFILE
                        Filepath to the configuration file of payloads

Smuggler at a minimum requires either a URL via the -u/--url argument or a list of URLs piped into the script via stdin. If the URL specifies https:// then Smuggler will connect to the host:port using SSL/TLS. If the URL specifies http:// then no SSL/TLS will be used at all. If only the host is specified, then the script will default to https://

Use -v/--vhost <host> to specify a different host header from the server address

Use -x/--exit_early to exit the scan of a given server when a potential issue is found. In piped mode smuggler will just continue to the next host on the list

Use -m/--method <method> to specify a different HTTP verb from POST (i.e GET/PUT/PATCH/OPTIONS/CONNECT/TRACE/DELETE/HEAD/etc...)

Use -l/--log <file> to write output to file as well as stdout

Use -q/--quiet reduce verbosity and only log issues found

Use -t/--timeout <value> to specify the socket timeout. The value should be high enough to conclude that the socket is hanging, but low enough to speed up testing (default: 5)

Use --no-color to suppress the output color codes printed to stdout (logs by default don't include color codes)

Use -c/--configfile <configfile> to specify your smuggler mutation configuration file (default: default.py)

Config Files

Configuration files are python files that exist in the ./config directory of smuggler. These files describe the content of the HTTP requests and the transfer-encoding mutations to test.

Here is example content of default.py:

def render_template(gadget):
	RN = "\r\n"
	p = Payload()
	p.header  = "__METHOD__ __ENDPOINT__?cb=__RANDOM__ HTTP/1.1" + RN
	# p.header += "Transfer-Encoding: chunked" +RN	
	p.header += gadget + RN
	p.header += "Host: __HOST__" + RN
	p.header += "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.87 Safari/537.36" + RN
	p.header += "Content-type: application/x-www-form-urlencoded; charset=UTF-8" + RN
	p.header += "Content-Length: __REPLACE_CL__" + RN
	return p


mutations["nameprefix1"] = render_template(" Transfer-Encoding: chunked")
mutations["tabprefix1"] = render_template("Transfer-Encoding:\tchunked")
mutations["tabprefix2"] = render_template("Transfer-Encoding\t:\tchunked")
mutations["space1"] = render_template("Transfer-Encoding : chunked")

for i in [0x1,0x4,0x8,0x9,0xa,0xb,0xc,0xd,0x1F,0x20,0x7f,0xA0,0xFF]:
	mutations["midspace-%   02x"%i] = render_template("Transfer-Encoding:%cchunked"%(i))
	mutations["postspace-%02x"%i] = render_template("Transfer-Encoding%c: chunked"%(i))
	mutations["prespace-%02x"%i] = render_template("%cTransfer-Encoding: chunked"%(i))
	mutations["endspace-%02x"%i] = render_template("Transfer-Encoding: chunked%c"%(i))
	mutations["xprespace-%02x"%i] = render_template("X: X%cTransfer-Encoding: chunked"%(i))
	mutations["endspacex-%02x"%i] = render_template("Transfer-Encoding: chunked%cX: X"%(i))
	mutations["rxprespace-%02x"%i] = render_template("X: X\r%cTransfer-Encoding: chunked"%(i))
	mutations["xnprespace-%02x"%i] = render_template("X: X%c\nTransfer-Encoding: chunked"%(i))
	mutations["endspacerx-%02x"%i] = render_template("Transfer-Encoding: chunked\r%cX: X"%(i))
	mutations["endspacexn-%02x"%i] = render_template("Transfer-Encoding: chunked%c\nX: X"%(i))

There are no input arguments yet on specifying your own customer headers and user-agents. It is recommended to create your own configuration file based on default.py and modify it to your liking.

Smuggler comes with 3 configuration files: default.py (fast), doubles.py (niche, slow), exhaustive.py (very slow) default.py is the fastest because it contains less mutations.

specify configuration files using the -c/--configfile <configfile> command line option

Payloads Directory

Inside the Smuggler directory is the payloads directory. When Smuggler finds a potential CLTE or TECL desync issue, it will automatically dump a binary txt file of the problematic payload in the payloads directory. All payload filenames are annotated with the hostname, desync type and mutation type. Use these payloads to netcat directly to the server or to import into other analysis tools.

Helper Scripts

After you find a desync issue feel free to use my Turbo Intruder desync scripts found Here: https://github.com/defparam/tiscripts DesyncAttack_CLTE.py and DesyncAttack_TECL.py are great scripts to help stage a desync attack

License

These scripts are released under the MIT license. See LICENSE.

Download Smuggler

More articles

1. Hacking Tools Windows 10
2. Hacker Tools Linux
3. Termux Hacking Tools 2019
4. Hacker Tools Linux
5. Kik Hack Tools
6. How To Install Pentest Tools In Ubuntu
7. Pentest Tools Windows
8. Hack Tools
9. Pentest Tools Port Scanner
10. Pentest Tools Open Source
11. Pentest Tools Free
12. Hacker Tools 2019
13. Bluetooth Hacking Tools Kali
14. Hacking Tools Github
15. Pentest Tools Github
16. Hacking Tools For Pc
17. Top Pentest Tools
18. Best Pentesting Tools 2018
19. Pentest Tools For Android
20. Pentest Tools Website Vulnerability
21. How To Make Hacking Tools
22. How To Install Pentest Tools In Ubuntu
23. Computer Hacker
24. Hacker Tools Linux
25. Top Pentest Tools
26. Hacking Tools For Windows 7
27. Hacker Tools 2019
28. Pentest Tools For Ubuntu
29. Pentest Tools Download
30. Hack Tools
31. Nsa Hacker Tools
32. Hack Tools For Windows
33. Hacking Tools Online
34. Hack Tools For Games
35. Hacker Tools Apk Download
36. Hacker Tools 2019
37. Pentest Tools List
38. Kik Hack Tools
39. Hack Tools For Pc
40. Best Hacking Tools 2019
41. Hacking Tools For Windows Free Download
42. Hacker Tools Apk Download
43. Pentest Tools Alternative
44. Hacking Tools Name
45. Top Pentest Tools
46. Hack Tools For Pc
47. Hack Tools Mac
48. Hacking Tools For Windows Free Download
49. Pentest Tools For Ubuntu
50. Hacker Tools Apk Download
51. Hacker Tools Apk
52. Hacker Tools Windows
53. Pentest Reporting Tools
54. Hack Tools Online
55. Nsa Hack Tools Download
56. Hacking Tools For Windows Free Download
57. Hacker Hardware Tools
58. Usb Pentest Tools
59. Pentest Tools Open Source
60. Hacking Tools For Beginners
61. Usb Pentest Tools
62. Hack Tools For Pc
63. Wifi Hacker Tools For Windows
64. Pentest Tools Linux
65. Hack Tools
66. Hacking Tools Windows 10
67. Pentest Tools Subdomain
68. Hacking Tools Windows
69. Hacking Tools Hardware
70. Pentest Tools For Android
71. Android Hack Tools Github
72. Pentest Tools Download
73. Hacking Tools And Software
74. Beginner Hacker Tools
75. Hacking Tools Kit
76. Hacking Tools Pc
77. Pentest Reporting Tools
78. Hacking Tools For Kali Linux
79. Hacking Tools Name
80. How To Make Hacking Tools
81. Hack Tools 2019
82. Tools For Hacker
83. Kik Hack Tools
84. Hacker Search Tools
85. Best Hacking Tools 2020
86. Hacks And Tools
87. Pentest Tools Bluekeep
88. Hacker Tools Windows
89. Hacker Tools Mac
90. Hacker Tools Online
91. Pentest Tools Review
92. Pentest Tools For Android
93. Ethical Hacker Tools
94. Pentest Box Tools Download
95. Hack Tools For Windows
96. Pentest Tools Android
97. Hacking Tools Mac
98. Hack App
99. Pentest Tools For Windows
100. Underground Hacker Sites
101. Hack Tools Mac
102. Hacker Security Tools
103. Hacking Tools Hardware
104. Pentest Tools Framework
105. Hack Tools For Games
106. Nsa Hacker Tools
107. Hacking Tools 2020
108. Hack Tools Github
109. Hack Tools Pc
110. Hacking Tools Mac