ratthing
Here are a couple of my favorites:
lsof -- it's like netstat pumped full of steroids and given the realization that thenetwork is a fileFrom the man page: "An open file may be a regular file, a directory, a block special file, a character special file, an executing text reference, a library, a stream or a network file (Internetsocket, NFS file or UNIX domain socket.) A specific file or all the files in a file system may be selected by path."Here's an example of how I used it when working on middleware problems a couple of jobs back: lsof -Pni | grep string returns a list of processes giving COMMAND (process name) PID USER FD (file descriptor) TYPE (IPv4, IPv6) DEVICE SIZE (no size assoc with procs) NODE (TCP, UDP) NAME (port number and state) Great for finding port status (e.g. close_wait) if you are having thread problems from your apps to your db connection pool in a middleware (Weblogic, JBoss, etc) server, or figuring out WTF is hammering the crap out of your app. I first started using it on Solariswhen trying to track down open NFS mounts or other processes preventing unmounts.=RT= arms
JasonD showed me this one:
rm -rf /* i don't know what it did but i can't find any of my stuff now. actually this is my favorite: /etc/init.d/gdm start now i can click buttons and see pretty graphs of my network activitythedarkness
nmap everything
>net stat -lpn ps auwwx cat|grep|cut|sed|tr|tee|sort|uniq|wc paste gawk history <---- where I got this list from expr 115 / 16 locate updatedb which whereis find su -c less yum tar vi man wget rpm service chkconfig iptables te lnettail head dig -t a dig -t mx dig -t ns whois scp ssh php-aphpfubar.phpunrar unzip tar -zxvf tar -jxvf uptime uname -r uname -a cat /etc/*-release ping pwd top dmesg cat /var/log/messages unix2dos dos2unix zgrep zcat ifconfig route -n nslookup host sfdisk fdisk cat /proc/mdstat du . --max-depth=1 -h df -h mount poweroff reboot mdadm mkfs swapoff swapon date rsync svn cpan pearman bash strings od -c md5sum dd basename env set if [ $? == 0 ]; then fi while read crap do done for file in `ls` do done Right, i'm bored now. Cheers, td vsloathe
ypcat.
ypcat passwd | grep [username] > crackme.txt cuts through all the shadowing you can think of. perkiset
Damn, this thread is like "
Linux285." Gonna have to walk through all the ones I don't know and give them a shot.Say, what was that "rm -r -f /*" command again? thedarkness
quote author=perkiset link=topic=593.msg4001#msg4001 date=1193937400 Say, what was that "rm -r -f /*" command again? try that one first ratthing
quote author=vsloathe link=topic=593.msg3991#msg3991 date=1193925807 ypcat. ypcat passwd | grep [username] > crackme.txt cuts through all the shadowing you can think of. You must be used to working in a .edu environment, vsloathe! I haven't seen NIS anywhere since...oh...1999. LOL Here's a quick run-down on "find": find . -iname "*foo*" -exec grep -H "phrase_ur_lookin_4" {} ; Finds all files, ignoring case (-i) with "foo" in the name (including the path) and displays with the filename (-H) lines with "phrase_ur_lookin_4". "-iname" is a GNU find feature, it's not present in the native Solaris(and maybe other OSes) version of find.find . ! -newer "filename_w_timestamp" -exec rm {} ; Find all files which are older (! -newer meaning "NOT newer" than the file "filename_w_timestamp" (doesn't need to be in quotes if there's nothing that needs escapes) and removes (rm) them. Yes, it's recursive. Use "depth" to make it not recurse. Best to test first with: find . ! -newer "foo.file" -exec ls -altd {} ; "-newer" refers to last file modification time. There's also "-anewer" for access time, and "-cnewer" for changed time (tho I don't know the diff between mod time and change time...will have to look that up. UNIX is such a twisty path). Find commands can be logically connected: find . -iname "*somefile*" -or ! -newer "foo.file" Lists all files with name containing "somefile" (case insensitive) of modification time older than "foo.file". find . -name "SOMEfile" -and -newer "foo.file" Lists all file with name containing "SOMEfile" (exact case) and that are newer than "foo.file" I use find a lot 'cause I can't remember paths worth shizzle, and Linuxdoesn't put them in the places Ilearned first--Solaris.Another one I've learned lately:recode -v latin1..utf8 ~/wordpress_db.sql You still have to edit the sql dump and search/replace latin1 with utf8 after the recode before you restore it. Recoding is necessary because the default install of MySQL uses latin1 collation, which causes your db & table collation to be latin_swedish_ci. What dumbass thought that was the right way to build MySQL? =RT= vsloathe
quote author=ratthing link=topic=593.msg4125#msg4125 date=1194545165 quote author=vsloathe link=topic=593.msg3991#msg3991 date=1193925807 ypcat. ypcat passwd | grep [username] > crackme.txt cuts through all the shadowing you can think of. You must be used to working in a .edu environment, vsloathe! I haven't seen NIS anywhere since...oh...1999. LOL Indeed, I used to. That was back in my college days. I worked in the academic sector for a while after that, but I never installed the yellow pages suite on any of my mission critical machines lol. Themachine in question here was an AIX box...man I was god of thatnetwork. They had not garden walled off any of the administrativemachines from the student development environment, and there was a lot of um...sensitive...stuff stored on some of those faculty accounts.ratthing
quote author=vsloathe link=topic=593.msg4132#msg4132 date=1194569771 Indeed, I used to. That was back in my college days. I worked in the academic sector for a while after that, but I never installed the yellow pages suite on any of my mission critical machines lol. Themachine in question here was an AIX box...man I was god of thatnetwork. They had not garden walled off any of the administrativemachines from the student development environment, and there was a lot of um...sensitive...stuff stored on some of those faculty accounts.I have a horror story for you...some fella's I know working at a school in MI back in '01 were putting in Cisco VOIP phones. For folks that don't know, VOIP phones boot off the network to get their configs--they use the same protocol as routers and such--tftp, an insecure protocol. Now here's the thing, due to their school's policy on educational "openness" no firewalls were allowed anywhere within the campusnetwork--they were lucky to have firewalls between them and the outside world. Here's part two of the horror story: Cisco VOIP phones will only boot off of a modified tftp server that runs <>only> on Windows. Part 3: '01 was the first release of the Sasser type worms on Windows.They figured it would take a wrongful death/negligent injury type lawsuit against the school as a result of an emergency during a phone system meltdown to get them a more secure configuration for the whole thing. We commiserated with these two guys with quite a lot of margarita's at that conference. =RT= JasonD
The only command (With various options of course) you'll ever need
/usr/bin/
perl-ethedarkness
|
Thread Categories
Best of The Cache Home | ||
Search The Cache |
- Ajax
- Apache & mod_rewrite
- BlackHat SEO & Web Stuff
- C/++/#, Pascal etc.
- Database Stuff
- General & Non-Technical Discussion
- General programming, learning to code
- Javascript Discussions & Code
- Linux Related
- Mac, iPhone & OS-X Stuff
- Miscellaneous
- MS Windows Related
- PERL & Python Related
- PHP: Questions & Discussion
- PHP: Techniques, Classes & Examples
- Regular Expressions
- Uncategorized Threads