Random

.DS_STORE Files

• If you find a .DS_STORE file on a webserver you can reconstruct the directory contents without having to fuzz all the directories

• https://iam0xc4t.medium.com/extract-file-from-ds-store-815a22542da9

• https://github.com/lijiejie/ds_store_exp

• A better alternative I have used in the past

• https://github.com/Keramas/DS_Walk.git

python3 ds_walk.py --url http://10.13.38.11                                                  ✭master 
[!] .ds_store file is present on the webserver.
[+] Enumerating directories based on .ds_server file:
----------------------------
[!] http://10.13.38.11/admin
[!] http://10.13.38.11/dev
[!] http://10.13.38.11/iisstart.htm
[!] http://10.13.38.11/Images
[!] http://10.13.38.11/JS
[!] http://10.13.38.11/META-INF
[!] http://10.13.38.11/New folder
[!] http://10.13.38.11/New folder (2)
[!] http://10.13.38.11/Plugins
[!] http://10.13.38.11/Templates
[!] http://10.13.38.11/Themes
[!] http://10.13.38.11/Uploads
[!] http://10.13.38.11/web.config
[!] http://10.13.38.11/Widgets
----------------------------
[!] http://10.13.38.11/dev/304c0c90fbc6520610abbf378e2339d1
[!] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc
----------------------------
[!] http://10.13.38.11/dev/304c0c90fbc6520610abbf378e2339d1/core
[!] http://10.13.38.11/dev/304c0c90fbc6520610abbf378e2339d1/db
[!] http://10.13.38.11/dev/304c0c90fbc6520610abbf378e2339d1/include
[!] http://10.13.38.11/dev/304c0c90fbc6520610abbf378e2339d1/src
----------------------------
[!] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/core
[!] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/db
[!] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/include
[!] http://10.13.38.11/dev/dca66d38fd916317687e1390a420c3fc/src
----------------------------
[!] http://10.13.38.11/Images/buttons
[!] http://10.13.38.11/Images/icons
[!] http://10.13.38.11/Images/iisstart.png
----------------------------
[!] http://10.13.38.11/JS/custom
----------------------------
[!] http://10.13.38.11/Themes/default
----------------------------
[!] http://10.13.38.11/Widgets/CalendarEvents
[!] http://10.13.38.11/Widgets/Framework
[!] http://10.13.38.11/Widgets/Menu
[!] http://10.13.38.11/Widgets/Notifications
----------------------------
[!] http://10.13.38.11/Widgets/Framework/Layouts
----------------------------
[!] http://10.13.38.11/Widgets/Framework/Layouts/custom
[!] http://10.13.38.11/Widgets/Framework/Layouts/default
----------------------------
[*] Finished traversing. No remaining .ds_store files present.
[*] Cleaning up .ds_store files saved to disk.

• If you are shortname scanning on IIS you can now create a wordlist based upon the .DS_STORE output

Stop Windows VMs from shutting down

• Windows enforces its licensing by shutting down Win Servers every hour. We at Hacknetics implore you to always follow the rules.

• https://digitalitskills.com/how-to-stop-windows-server-auto-shutdown-every-hour-after-license-expire/

Cool heredoc

• Use when you are on a /bin/sh and need to su but dont want to go into a full tty

Bypass a disabled command prompt with /k

Description: 'This command prompt has been disabled by your administrator...' Can usually be seen in environments such as kiosks PCs, a quick hacky work around is to use /k via the windows run box. This will carry out the command and then show the restriction message, allowing for command execution.

Luks On USBs

• https://geekyshacklebolt.wordpress.com/2019/03/06/how-to-encrypt-usb-drives-with-luks/

SSH Key Format Conversions

Install putty-tools:

PPK to OpenSSH (Linux):

OpenSSH to PPK (Windows/Plink):

Google Authenticator 2FA Bypass

If you gain access to a user's home directory containing .google_authenticator, you can bypass 2FA.

File location:

File contents:

Using emergency backup codes:

Generate TOTP codes with oathtool:

NTP Randomness

• Set ntp based on specific server time. Required for kerberos auth, match attacker box to the time of the domain controller

• Restore NTP back to default

Bash In memory exec one liner

Bash Keylogger

SSH Client Strace Keylogger

• Poor mans keylogger for ssh client but it works. Add to the users .bashrc

• remember to source the .bashrc

• source ~/.bashrc

Apache map external drive to webroot

• Create a directory on the external HDD, assuming it is mounted under the /media directory, like so:

• Change the ownership of this directory and all the files under it to be owned by the Apache user www-data like so:

• Create a directory under the web root directory ie /var/www/html/ like so:

• Bind the /media/web_files/ directory to the /var/www/html/external_files/ directory like so:

• All files on the external HDD under the /media/web_files/ directory will be available for Apache under the /var/www/html/external_files/ directory and you can link to them in your web page that resides in /var/www/html/ like so:

Unzip a chunked archive

• you will see files ending in .001, .002 etc etc

• You will need to join them first. You may use the common linux app, cat as in the example below:

  This will concatenate all of your test.zip.001, test.zip.002, etc files into one larger, test.zip file. Once you have that single file, you may run unzip test.zip

How to convert .mkv file into .mp4 file losslessly?

Cool Google Dorks

What is taking up space Linux

• I recently ran out of disk space on my Ubuntu machine, here is a quick way to see what is taking up all that space

Fix x11 graphical error

Fix Date Issue On Ubuntu

• I recently had severe time drift on a machine that is prevented from reaching the internet

• Provide the host internet access for a small time window and fix with a one liner