└── linenumv2.sh /linenumv2.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # linuxenum-btr.sh > privesc-enum.txt seklinde kullanalim 3 | # SCRIPTI /var/tmp DIZINI ALTINDA CALISTIRALIM 4 | # EGER SCRIPTI KULLANICINIZIN HOME DIZINI ALTINDA CALISTIRIRSANIZ KENDINIZE 5 | printf '\n=======================================================' 6 | printf '\nTEMEL BILGILER' 7 | printf '\n=======================================================' 8 | printf '\n*******************************************************\n' 9 | printf 'KULLANICI ADI - whoami' 10 | printf '\n*******************************************************\n' 11 | whoami 2>/dev/null 12 | printf '\n*******************************************************\n' 13 | printf 'KULLANICI ID SI VE GRUPLARI - id' 14 | printf '\n*******************************************************\n' 15 | id 2>/dev/null 16 | printf '\n*******************************************************\n' 17 | printf 'HOME DIZINIMIZ - echo $HOME' 18 | printf '\n*******************************************************\n' 19 | echo $HOME 2>/dev/null 20 | printf '\n*******************************************************\n' 21 | printf 'HOME DIZIN ICERIGIMIZ VE ERISIM HAKLARI - ls -ahl ~' 22 | printf '\n*******************************************************\n' 23 | ls -ahl ~ 2>/dev/null 24 | printf '\n*******************************************************\n' 25 | printf 'SUDO HAKLARIMIZ - sudo -l -n shell escape imkani verebilecek 26 | komutlara ozellikle dikkat' 27 | printf '\nCikti içinde !env_reset komutu varsa ve sudo versiyonu uygunsa 28 | cevresel degiskenler vasitasiyla priv esc yapilabilir' 29 | printf '\nsudo privilege escalation metodları: 30 | https://www.securusglobal.com/community/2014/03/17/how-i-got-root-with-sudo/' 31 | printf '\nsudo -l -n komutu ile parola vermeden sudo haklarimizi listelemeye 32 | calisiyoruz' 33 | printf '\nEger sudo -l komutu icin parola verilmesi gerekiyorsa ve biz 34 | baglantimizi parolasini bildigimiz bir kullanici ile gerceklestirmis isek bu 35 | komutu manuel olarak calistirmayi unutmayalim' 36 | printf '\n*******************************************************\n' 37 | sudo -l -n 2>/dev/null | tee sudo-config-enum.txt 38 | printf '\n*******************************************************\n' 39 | printf 'SHELL ESCAPE IMKANI VEREN SUDO HAKLARIMIZ - grep komutu ilgisiz 40 | satirlari da yakalayabiliyor o yuzden scripti okuyunuz - tcpdump makalesi 41 | https://www.stevencampbell.info/2016/04/why-sudo-tcpdump-is-dangerous/' 42 | printf '\n*******************************************************\n' 43 | cat sudo-config-enum.txt 2>/dev/null | grep -i -E 'vi|awk|perl|find|nmap|man|more|less|tcpdump|bash|sh|vim|nc|netcat|python|ruby|lua|irb' 44 | printf '\n*******************************************************\n' 45 | printf 'SUDO VERSIYONU - sudo -V: sudo - sudoedit ile ilgili acikliklari 46 | kullanabiliriz 1.8.14 versiyonu icin bakiniz https://www.exploitdb.com/exploits/37710/ 47 | 1.6.9p21 / 1.7.2p4 için bakiniz https://www.exploitdb.com/exploits/11651/ 48 | digerleri icin mutlaka google dan arama yapiniz' 49 | printf '\n*******************************************************\n' 50 | sudo -V 51 | printf '\n*******************************************************\n' 52 | printf 'REDHAT ICIN SUDO PAKETI VERSIYONU' 53 | printf '\n*******************************************************\n' 54 | rpm -q sudo 2>/dev/null 55 | printf '\n*******************************************************\n' 56 | printf 'SUDOERS DOSYASI ERISIM HAKLARI' 57 | printf '\n*******************************************************\n' 58 | ls -al /etc/sudoers 2>/dev/null 59 | printf '\n*******************************************************\n' 60 | printf 'SUDOERS DOSYASI ICERIGI- GOREBILIYORSAK - cat /etc/sudoers' 61 | printf '\n*******************************************************\n' 62 | cat /etc/sudoers 2>/dev/null 63 | printf '\n*******************************************************\n' 64 | printf 'SISTEM BILGISI - uname -a' 65 | printf '\n*******************************************************\n' 66 | uname -a 2>/dev/null 67 | printf '\n*******************************************************\n' 68 | printf 'KERNEL BILGISI - cat /proc/version' 69 | printf '\n*******************************************************\n' 70 | cat /proc/version 2>/dev/null 71 | printf '\n*******************************************************\n' 72 | printf 'ISLEMCI MIMARI BILGISI - lscpu' 73 | printf '\n*******************************************************\n' 74 | lscpu 2>/dev/null 75 | printf '\n*******************************************************\n' 76 | printf 'ISLETIM SISTEMI BILGISI' 77 | printf '\n*******************************************************\n' 78 | cat /etc/*-release 79 | printf '\n*******************************************************\n' 80 | printf 'SUNUCU ADI - hostname' 81 | printf '\n*******************************************************\n' 82 | hostname 2>/dev/null 83 | printf '\n*******************************************************\n' 84 | printf 'ROOT - YANI ID SI 0 OLAN - KULLANICILARIN LISTESI' 85 | printf '\n*******************************************************\n' 86 | grep -v -E '^#' /etc/passwd | awk -F: '$3 == 0{print $1}' 87 | printf '\n*******************************************************\n' 88 | printf 'SUDO GRUBUNA UYE KULLANICILAR' 89 | printf '\n*******************************************************\n' 90 | for i in $(cat /etc/passwd 2>/dev/null| cut -d':' -f1 2>/dev/null);do id $i;done 2>/dev/null | grep -i "sudo" 91 | printf '\n*******************************************************\n' 92 | printf 'PASSWD DOSYASI - cat /etc/passwd' 93 | printf '\n*******************************************************\n' 94 | cat /etc/passwd 2>/dev/null 95 | printf '\n*******************************************************\n' 96 | printf 'FREEBSD ICIN PASSWD DOSYASI - cat /etc/master.passwd' 97 | printf '\n*******************************************************\n' 98 | cat /etc/master.passwd 2>/dev/null 99 | printf '\n*******************************************************\n' 100 | printf 'KULLANICILARIN GRUP UYELIKLERI - groups bolumune bakiniz' 101 | printf '\n*******************************************************\n' 102 | for i in $(cat /etc/passwd 2>/dev/null| cut -d':' -f1 2>/dev/null);do id $i;done 2>/dev/null 103 | printf '\n*******************************************************\n' 104 | printf 'KULLANICI LISTESI - SHELL UYGULAMASINA GORE SIRALI - cat /etc/passwd 105 | | awk -F: {print $7\011$1} | sort' 106 | printf '\n*******************************************************\n' 107 | cat /etc/passwd | awk -F':' '{print $7"\011"$1}' | sort 108 | printf '\n*******************************************************\n' 109 | printf 'KULLANICI LISTESI - HOME DIZININE GORE SIRALI - cat /etc/passwd | awk 110 | -F: {print $6\011$1} | sort' 111 | printf '\n*******************************************************\n' 112 | cat /etc/passwd | awk -F':' '{print $6"\011"$1}' | sort 113 | printf '\n*******************************************************\n' 114 | printf 'DAHA ONCE LOGON OLMUS KULLANICILAR - HER ZAMAN SAGLIKLI BILGI VERMEYEBILIR - lastlog | grep -v Never' 115 | printf '\n*******************************************************\n' 116 | lastlog | grep -v "Never" 2>/dev/null 117 | printf '\n*******************************************************\n' 118 | printf 'SON KULLANICI AKTIVITELERI - last' 119 | printf '\n*******************************************************\n' 120 | last 2>/dev/null 121 | printf '\n*******************************************************\n' 122 | printf 'GROUP DOSYASI - cat /etc/group - ozellikle sudo grup uyeliklerine 123 | dikkat edelim' 124 | printf '\n*******************************************************\n' 125 | cat /etc/group 2>/dev/null 126 | printf '\n*******************************************************\n' 127 | printf 'SHADOW DOSYASI - GOREBILIYORSAK - cat /etc/shadow' 128 | printf '\n*******************************************************\n' 129 | cat /etc/shadow 2>/dev/null 130 | printf '\n*******************************************************\n' 131 | printf '/ROOT/ DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -ahlR /root/' 132 | printf '\n*******************************************************\n' 133 | ls -ahlR /root/ 2>/dev/null 134 | printf '\n*******************************************************\n' 135 | printf '/HOME/ DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -ahlR /home/' 136 | printf '\n*******************************************************\n' 137 | ls -ahlR /home/ 2>/dev/null 138 | printf '\n*******************************************************\n' 139 | printf 'EGER HOME DIZINLERI /USR/ DIZINI ALTINDA ISE BURADAKI DOSYALAR VE 140 | ERISIM HAKLARI - ls -ahlR /usr/home/' 141 | printf '\n*******************************************************\n' 142 | ls -ahlR /usr/home/ 2>/dev/null 143 | printf '\n*******************************************************\n' 144 | printf '/HOME/ DIZINI ALTINDAKI OKUNABILIR DOSYALARIN LISTESI - find /home/ - 145 | perm -4 -type f -exec ls -al {} \;' 146 | printf '\nNOT: Bu komut manuel inceleme sirasında da hedef dizin adi 147 | degistirilerek kullanilabilir' 148 | printf '\n*******************************************************\n' 149 | find /home/ -perm -4 -type f -exec ls -al {} \; 2>/dev/null 150 | printf '\n*******************************************************\n' 151 | printf 'BAZI HASSAS DOSYALARIN ERISIM HAKLARI - EKLEME YAPILABILIR' 152 | printf '\nNOT: History dosyalari v.d. dosyalar icinde okuma hakkimiz 153 | olanlarin icine manuel olarak goz atilmalidir' 154 | printf '\n*******************************************************\n' 155 | ls -la /etc/passwd 2>/dev/null 156 | ls -la /etc/group 2>/dev/null 157 | ls -la /etc/profile 2>/dev/null 158 | ls -la /etc/shadow 2>/dev/null 159 | ls -la /etc/master.passwd 2>/dev/null 160 | ls -la /etc/sudoers 2>/dev/null 161 | ls -la /etc/crontab 2>/dev/null 162 | ls -la ~/.*_history 2>/dev/null 163 | ls -la /home/*/.*_history 2>/dev/null 164 | ls -la /root/.*_history 2>/dev/null 165 | printf '\n*******************************************************\n' 166 | printf 'KULLANICIMIZIN HISTORY DOSYALARI ICERIKLERI' 167 | printf '\n*******************************************************\n' 168 | cat ~/.*_history 2>/dev/null 169 | printf '\n*******************************************************\n' 170 | printf 'KULLANICIMIZIN HISTORY BILGISI - history KOMUTU CIKTISI' 171 | printf '\n*******************************************************\n' 172 | history 2>/dev/null 173 | printf '\n*******************************************************\n' 174 | printf 'OKUYABILIYORSAK ROOT UN HISTORY DOSYALARI ICERIKLERI' 175 | printf '\n*******************************************************\n' 176 | cat /root/.*_history 2>/dev/null 177 | printf '\n*******************************************************\n' 178 | printf 'OKUYABILDIGIMIZ KULLANICI HISTORY DOSYALARI ICERIKLERI' 179 | printf '\n*******************************************************\n' 180 | cat /home/*/.*_history 2>/dev/null 181 | printf '\n*******************************************************\n' 182 | printf 'TCP SERVISLERIN VE ILGILI PROSESLERIN LISTESI - netstat -antp' 183 | printf '\n*******************************************************\n' 184 | netstat -antp 185 | printf '\n*******************************************************\n' 186 | printf 'UDP SERVISLERIN VE ILGILI PROSESLERIN LISTESI - netstat –anup' 187 | printf '\n*******************************************************\n' 188 | netstat -anup 189 | printf '\n*******************************************************\n' 190 | printf 'ROOT KULLANICISI OLARAK CALISAN PROSESLER' 191 | printf '\n*******************************************************\n' 192 | ps aux | grep root 193 | printf '\n*******************************************************\n' 194 | printf 'TUM PROSESLERIN LISTESI - ps aux - ozellikle MySQL ve Apache prosesleri uzerinden islem yapmak istersek bu proseslerin hangi kullanici haklari ile calistigina dikkat edelim. Bunun disinda calisan prosesler bize baska fikirler verebilir.' 195 | printf '\n*******************************************************\n' 196 | ps aux 197 | printf '\n*******************************************************\n' 198 | printf 'CALISAN PROSESLERIN IMAJLARI VE BUNLARA ERISIM HAKLARI - ps aux | awk 199 | {print $11}|xargs -r ls -la 2>/dev/null |awk !x[$0]++' 200 | printf '\n*******************************************************\n' 201 | ps aux | awk '{print $11}'|xargs -r ls -la 2>/dev/null |awk '!x[$0]++' 202 | printf '\n*******************************************************\n' 203 | printf 'ENVIRONMENT VARIABLE DEGERLERI' 204 | printf '\n*******************************************************\n' 205 | printenv 206 | printf '\n=======================================================' 207 | printf '\nPRATIK YETKI YUKSELTME ALANLARI' 208 | printf '\n=======================================================' 209 | printf '\n*******************************************************\n' 210 | printf 'SAHIBI ROOT OLAN OTHER TARAFINDAN YAZILABILIR SETUID DOSYALAR - find 211 | / -uid 0 -perm -4002 -type f -exec ls -al {} \;' 212 | printf '\n*******************************************************\n' 213 | find / -uid 0 -perm -4002 -type f -exec ls -al {} \; 2>/dev/null 214 | printf '\n*******************************************************\n' 215 | printf 'OTHER TARAFINDAN YAZILABILIR TUM SETUID DOSYALAR - find / -perm -4002-type f -exec ls -al {} \;' 216 | printf '\n*******************************************************\n' 217 | find / -perm -4002 -type f -exec ls -al {} \; 2>/dev/null 218 | printf '\n*******************************************************\n' 219 | printf 'TUM SETUID DOSYALAR - find / -perm -4000 -type f -exec ls -al {} \; 220 | Bu dosyalar arasinda grubumuzun yazma hakki olanlara da dikkat edelim, cunku 221 | bu durum icin ozel bir sorgumuz yok' 222 | printf '\n*******************************************************\n' 223 | find / -perm -4000 -type f -exec ls -al {} \; 2>/dev/null | tee setuid-filesenum.txt 224 | printf '\n*******************************************************\n' 225 | printf 'SHELL ESCAPE IMKANI VEREN SETUID DOSYALAR - False positive satirlari 226 | elle incelemek gereklidir, aradigimiz uygulama isimleri icin scripti 227 | okuyunuz' 228 | printf '\n*******************************************************\n' 229 | cat setuid-files-enum.txt 2>/dev/null | grep -i -E 'vi|awk|perl|find|nmap|man|more|less|tcpdump|bash|sh$|vim|nc$|netcat|python|ruby|lua|irb' | grep -v -E 'chsh|device' 230 | printf '\n*******************************************************\n' 231 | printf 'SAHIBI ROOT OLAN OTHER TARAFINDAN YAZILABILIR SETGID DOSYALAR - find/ -uid 0 -perm -2002 -type f -exec ls -al {} \;' 232 | printf '\n*******************************************************\n' 233 | find / -uid 0 -perm -2002 -type f -exec ls -al {} \; 2>/dev/null 234 | printf '\n*******************************************************\n' 235 | printf 'OTHER TARAFINDAN YAZILABILIR TUM SETGID DOSYALAR - find / -perm -2002 -type f' 236 | printf '\n*******************************************************\n' 237 | find / -perm -2002 -type f -exec ls -al {} \; 2>/dev/null 238 | printf '\n*******************************************************\n' 239 | printf 'SETGID ISARETLI TUM DOSYALAR - find / -perm -2000 -type f -exec ls -al {} \;' 240 | printf '\n*******************************************************\n' 241 | find / -perm -2000 -type f -exec ls -al {} \; 2>/dev/null 242 | printf '\n*******************************************************\n' 243 | printf '/ETC/CRON DIZINLERINDE BULUNAN DOSYALAR VE ERISIM HAKLARI - ls -la /etc/cron*' 244 | printf '\n*******************************************************\n' 245 | ls -la /etc/cron* 2>/dev/null 246 | printf '\n*******************************************************\n' 247 | printf 'OTHER TARAFINDAN YAZILABILIR CRON SCRIPTLERI VE ICERIKLERI - find 248 | /etc/cron* -perm -0002 -exec ls -la {} \; -exec cat {} 2>/dev/null \;' 249 | printf '\n*******************************************************\n' 250 | find /etc/cron* -perm -0002 -exec ls -la {} \; -exec cat {} 2>/dev/null \; 251 | printf '\n*******************************************************\n' 252 | printf '/ETC/CRONTAB DOSYASI ICERIGI - cat /etc/crontab' 253 | printf '\n*******************************************************\n' 254 | cat /etc/crontab 2>/dev/null 255 | printf '\n*******************************************************\n' 256 | printf 'VARSA ROOT VE DIGER KULLANICILARIN CRONTAB DOSYALARI LISTESI - ls -laR /var/spool/cron' 257 | printf '\n*******************************************************\n' 258 | ls -laR /var/spool/cron 2>/dev/null 259 | printf '\n*******************************************************\n' 260 | printf 'VARSA ROOT VE DIGER KULLANICILARIN CRONTAB DOSYALARI ICERIKLERI' 261 | printf '\n*******************************************************\n' 262 | find /var/spool/cron/ -type f -exec tail -n +1 {} + 2>/dev/null 263 | printf '\n*******************************************************\n' 264 | printf 'VARSA /etc/cron.d DIZININDE BULUNAN DOSYALARIN LISTESI - ls -laR 265 | /etc/cron.d' 266 | printf '\n*******************************************************\n' 267 | ls -laR /etc/cron.d 2>/dev/null 268 | printf '\n*******************************************************\n' 269 | printf 'VARSA /etc/cron.d DIZININDE BULUNAN DOSYALARIN ICERIKLERI' 270 | printf '\n*******************************************************\n' 271 | find /etc/cron.d/ -type f -exec tail -n +1 {} + 2>/dev/null 272 | printf '\n*******************************************************\n' 273 | printf '/ETC/ANACRONTAB DOSYASI ICERIGI - cat /etc/anacrontab' 274 | printf '\n*******************************************************\n' 275 | cat /etc/anacrontab 2>/dev/null 276 | printf '\n*******************************************************\n' 277 | printf 'VARSA KULLANICILARIN AKTIF CRON KONFIGURASYONLARI - cat /etc/passwd | 278 | cut -d : -f 1 | xargs -n1 crontab -l -u' 279 | printf '\n*******************************************************\n' 280 | cat /etc/passwd | cut -d ":" -f 1 | xargs -n1 crontab -l -u 2>/dev/null 281 | printf '\n*******************************************************\n' 282 | printf 'MYSQL E ROOT - ROOT ERISIM BILGILERIYLE ERISEBILIYOR MUYUZ -mysqladmin -uroot -proot version' 283 | printf '\n*******************************************************\n' 284 | mysqladmin -uroot -proot version 285 | printf '\n*******************************************************\n' 286 | printf 'MYSQL E BOS PAROLA ILE ROOT OLARAK ERISEBILIYOR MUYUZ - mysqladmin -uroot version' 287 | printf '\n*******************************************************\n' 288 | mysqladmin -uroot version 289 | printf '\n*******************************************************\n' 290 | printf '*** Postgre SQL varsa onun icin de ayrica komutlar calistirilabilir,process listesine gore hareket etmek lazim ***' 291 | printf '\n*******************************************************\n' 292 | printf '\n*******************************************************\n' 293 | printf 'VERSIYON BILGILERI - TOPLUCA' 294 | printf '\n*******************************************************\n' 295 | printf '\nSUDO - VERSIYON - PRIVESC ACIKLIKLARINI KONTROL ET http://www.exploitdb.com/search/?action=search&filter_page=1&filter_description=sudo' 296 | printf '\n..................................\n' 297 | sudo -V | grep version 2>/dev/null 298 | printf '\nMYSQL - VERSIYON' 299 | printf '\n..................................\n' 300 | mysql --version 2>/dev/null 301 | printf '\nPOSTGRESQL - VERSIYON' 302 | printf '\n..................................\n' 303 | psql -V 304 | printf '\nAPACHE - VERSIYON' 305 | printf '\n..................................\n' 306 | apache2 -v 2>/dev/null; apache2ctl -M 2>/dev/null; httpd -v 2>/dev/null; 307 | apachectl -l 2>/dev/null 308 | printf '\nPERL - VERSIYON' 309 | printf '\n..................................\n' 310 | perl -v 2>/dev/null 311 | printf '\nJAVA - VERSIYON' 312 | printf '\n..................................\n' 313 | java -version 2>/dev/null 314 | printf '\nPYTHON - VERSIYON' 315 | printf '\n..................................\n' 316 | python --version 2>/dev/null 317 | printf '\nRUBY - VERSIYON' 318 | printf '\n..................................\n' 319 | ruby -v 2>/dev/null 320 | printf '\n=======================================================' 321 | printf '\nUZUN INCELEME' 322 | printf '\n=======================================================' 323 | printf '\n*******************************************************\n' 324 | printf 'DIZIN VE DOSYA LISTESINI OLUSTURUYORUZ - find / > dirlist-enum.txt' 325 | printf '\n*******************************************************\n' 326 | find / > dirlist-enum.txt 2>/dev/null 327 | printf 'dirlist-enum.txt dosyasi olusturuldu.\n' 328 | printf '\n*******************************************************\n' 329 | printf 'SONU INI ILE BITEN DOSYALARIN LISTESI - grep -i -E ini$ dirlistenum.txt > ini-files-enum.txt' 330 | printf '\nNOT: Uzun suren incelemelerde ini, conf, backup v.b. dosyalarin icerigini manuel olarak inceleyiniz.' 331 | printf '\n*******************************************************\n' 332 | grep -i -E 'ini$' dirlist-enum.txt > ini-files-enum.txt 333 | printf 'ini-files-enum.txt dosyasi olusturuldu.\n' 334 | printf '\n*******************************************************\n' 335 | printf 'SONU CONF, CONFIG VE CNF ILE BITEN DOSYALARIN LISTESI - grep -i -E conf$|config$|cnf$ dirlist-enum.txt > conf-files-enum.txt' 336 | printf '\n*******************************************************\n' 337 | grep -i -E 'conf$|config$|cnf$' dirlist-enum.txt > conf-files-enum.txt 338 | printf 'conf-files-enum.txt dosyasi olusturuldu.\n' 339 | printf '\n*******************************************************\n' 340 | printf 'SONU BACKUP, BCK, BAK, OLD ILE BITEN DOSYALARIN LISTESI - grep -i -E backup$|bck$|bak$|old$ dirlist-enum.txt > backup-files-enum.txt' 341 | printf '\n*******************************************************\n' 342 | grep -i -E 'backup$|bck$|bak$|\.old.*$' dirlist-enum.txt > backup-filesenum.txt 343 | printf 'backup-files-enum.txt dosyasi olusturuldu.\n' 344 | printf '\n*******************************************************\n' 345 | printf 'SONU CAP ILE BITEN DOSYALARIN LISTESI - grep -i -E cap$ dirlistenum.txt > capture-files-enum.txt - dosya tipinden emin olmak icin file komutunu kullanabilirsiniz' 346 | printf '\n*******************************************************\n' 347 | grep -i -E 'cap$' dirlist-enum.txt > capture-files-enum.txt 348 | printf 'capture-files-enum.txt dosyasi olusturuldu.\n' 349 | printf '\n*******************************************************\n' 350 | printf 'SONU .PHP ILE BITEN DOSYALARIN LISTESI - grep -i -E .php$ dirlistenum.txt > php-files-enum.txt' 351 | printf '\n*******************************************************\n' 352 | grep -i -E '\.php$' dirlist-enum.txt > php-files-enum.txt 353 | printf 'php-files-enum.txt dosyasi olusturuldu.\n' 354 | printf '\n*******************************************************\n' 355 | printf 'SONU .PL ILE BITEN DOSYALARIN LISTESI - grep -i -E .pl$ dirlistenum.txt > pl-files-enum.txt' 356 | printf '\n*******************************************************\n' 357 | grep -i -E '\.pl$' dirlist-enum.txt > pl-files-enum.txt 358 | printf 'pl-files-enum.txt dosyasi olusturuldu.\n' 359 | printf '\n*******************************************************\n' 360 | printf 'SONU .SH ILE BITEN DOSYALARIN LISTESI - grep -i -E .sh$ dirlistenum.txt > sh-files-enum.txt' 361 | printf '\n*******************************************************\n' 362 | grep -i -E '\.sh$' dirlist-enum.txt > sh-files-enum.txt 363 | printf 'sh-files-enum.txt dosyasi olusturuldu.\n' 364 | printf '\n*******************************************************\n' 365 | printf 'SONU LOG ILE BITEN DOSYALARIN LISTESI - grep -i -E log$ dirlistenum.txt > log-files-enum.txt' 366 | printf '\n*******************************************************\n' 367 | grep -i -E 'log$' dirlist-enum.txt > log-files-enum.txt 368 | printf 'log-files-enum.txt dosyasi olusturuldu.\n' 369 | printf '\n*******************************************************\n' 370 | printf 'SONU INC ILE BITEN DOSYALARIN LISTESI - grep -i -E log$ dirlistenum.txt > inc-files-enum.txt' 371 | printf '\n*******************************************************\n' 372 | grep -i -E 'inc$' dirlist-enum.txt > inc-files-enum.txt 373 | printf 'inc-files-enum.txt dosyasi olusturuldu.\n' 374 | printf 'SONU MYD ILE BITEN DOSYALARIN LISTESI - grep -i -E myd$ dirlistenum.txt > myd-files-enum.txt' 375 | printf '\n*******************************************************\n' 376 | grep -i -E 'myd$' dirlist-enum.txt > myd-files-enum.txt 377 | printf 'myd-files-enum.txt dosyasi olusturuldu.\n' 378 | printf '\n*******************************************************\n' 379 | printf 'ICINDE SHADOW GECEN DIZIN VEYA DOSYALARIN LISTESI - grep -i -E ini$ dirlist-enum.txt > ini-files-enum.txt' 380 | printf '\n*******************************************************\n' 381 | grep -i -E 'shadow' dirlist-enum.txt | xargs ls -al 2>/dev/null 382 | printf '\n*******************************************************\n' 383 | printf 'ICINDE PASS GECEN DIZIN VEYA DOSYALARIN LISTESI' 384 | printf '\n*******************************************************\n' 385 | grep -i -E 'pass' dirlist-enum.txt | xargs ls -al 2>/dev/null 386 | printf '\n*******************************************************\n' 387 | printf 'ICINDE CRON GECEN DIZIN VEYA DOSYALARIN LISTESI - Bu dosyalara manuel olarak bakilmalidir' 388 | printf '\n*******************************************************\n' 389 | grep -i -E 'cron' dirlist-enum.txt | xargs ls -al 2>/dev/null 390 | printf '\n*******************************************************\n' 391 | printf 'ICINDE HISTORY GECEN DIZIN VEYA DOSYALARIN LISTESI' 392 | printf '\n*******************************************************\n' 393 | grep -i -E 'history' dirlist-enum.txt | xargs ls -al 2>/dev/null 394 | printf '\n*******************************************************\n' 395 | printf 'MY.CNF ADLI DOSYALARIN LISTESI' 396 | printf '\n*******************************************************\n' 397 | grep -i -E 'my\.cnf$' dirlist-enum.txt | xargs -r ls -al 2>/dev/null 398 | printf '\n*******************************************************\n' 399 | printf 'MY.CONF ADLI DOSYALARIN LISTESI' 400 | printf '\n*******************************************************\n' 401 | grep -i -E 'my\.conf$' dirlist-enum.txt | xargs -r ls -al 2>/dev/null 402 | printf '\n*******************************************************\n' 403 | printf '==OZET PASSWORD SATIRLARI==' 404 | printf '\n*******************************************************\n' 405 | printf '\n*******************************************************\n' 406 | printf 'INI DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 407 | printf '\n*******************************************************\n' 408 | cat ini-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 409 | printf '\n*******************************************************\n' 410 | printf 'CONF DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 411 | printf '\n*******************************************************\n' 412 | cat conf-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 413 | printf '\n*******************************************************\n' 414 | printf 'PHP DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 415 | printf '\n*******************************************************\n' 416 | cat php-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 417 | printf '\n*******************************************************\n' 418 | printf 'PERL DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 419 | printf '\n*******************************************************\n' 420 | cat pl-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 421 | printf '\n*******************************************************\n' 422 | printf 'SH DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 423 | printf '\n*******************************************************\n' 424 | cat sh-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 425 | printf '\n*******************************************************\n' 426 | printf 'LOG DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 427 | printf '\n*******************************************************\n' 428 | cat log-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 429 | printf '\n*******************************************************\n' 430 | printf 'INC DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 431 | printf '\n*******************************************************\n' 432 | cat inc-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 433 | printf '\n*******************************************************\n' 434 | printf 'MYD DOSYALARI ICINDE GECEN PASSWORD VE USERNAME SATIRLARI' 435 | printf '\n*******************************************************\n' 436 | cat myd-files-enum.txt | xargs grep -i -E 'pass =|passwd =|pwd =| password =|user =|username =|pass=|passwd=|pwd=|password=|user=|username=|mysql_connect|mysql_select_db' 2>/dev/null 437 | printf '\n*******************************************************\n' 438 | printf '/ETC DIZINI ALTINDA SONU .CONF* ILE BITEN DOSYALARIN LISTESI VE 439 | ERISIM HAKLARI - find /etc/ -maxdepth 4 -name *.conf* -type f -exec ls -la {} 440 | \;' 441 | printf '\nNOT: Belli bir isim yapisindaki dosyalarin erisim haklarini 442 | listelemek icin dirlist-enum.txt dosyasinden filtrelenmis dosya adlarini 443 | kullanabiliriz.' 444 | printf '\nOrnegin: cat ini-files-enum.txt | xargs ls -al komutuyla sonu ini 445 | ile biten dosyalarin erisim haklarinin listelenmesi gibi' 446 | printf '\n*******************************************************\n' 447 | find /etc/ -maxdepth 4 -name *.conf* -type f -exec ls -la {} \; 2>/dev/null 448 | printf '\n*******************************************************\n' 449 | printf 'ICERIK - /var/mail/root' 450 | printf '\n*******************************************************\n' 451 | cat /var/mail/root 2>/dev/null 452 | printf '\n*******************************************************\n' 453 | printf 'ICERIK - /var/spool/mail/root' 454 | printf '\n*******************************************************\n' 455 | cat /var/spool/mail/root 2>/dev/null 456 | printf '\n*******************************************************\n' 457 | printf 'ICERIK - /etc/syslog.conf' 458 | printf '\n*******************************************************\n' 459 | cat /etc/syslog.conf 2>/dev/null 460 | printf '\n*******************************************************\n' 461 | printf 'ICERIK - /etc/chttp.conf' 462 | printf '\n*******************************************************\n' 463 | cat /etc/chttp.conf 2>/dev/null 464 | printf '\n*******************************************************\n' 465 | printf 'ICERIK - /etc/lighttpd.conf' 466 | printf '\n*******************************************************\n' 467 | cat /etc/lighttpd.conf 2>/dev/null 468 | printf '\n*******************************************************\n' 469 | printf 'ICERIK - /etc/cups/cupsd.conf' 470 | printf '\n*******************************************************\n' 471 | cat /etc/cups/cupsd.conf 2>/dev/null 472 | printf '\n*******************************************************\n' 473 | printf 'ICERIK - /etc/inetd.conf' 474 | printf '\n*******************************************************\n' 475 | cat /etc/inetd.conf 2>/dev/null 476 | printf '\n*******************************************************\n' 477 | printf 'ICERIK - /etc/apache2/apache2.conf' 478 | printf '\n*******************************************************\n' 479 | cat /etc/apache2/apache2.conf 2>/dev/null 480 | printf '\n*******************************************************\n' 481 | printf 'ICERIK - /etc/mysql/my.cnf ve /etc/my.cnf' 482 | printf '\n*******************************************************\n' 483 | cat /etc/mysql/my.cnf 2>/dev/null 484 | cat /etc/my.cnf 2>/dev/null 485 | printf '\n*******************************************************\n' 486 | printf 'ICERIK - /etc/my.conf' 487 | printf '\n*******************************************************\n' 488 | cat /etc/my.conf 2>/dev/null 489 | printf '\n*******************************************************\n' 490 | printf 'ICERIK - /etc/httpd/conf/httpd.conf' 491 | printf '\n*******************************************************\n' 492 | cat /etc/httpd/conf/httpd.conf 2>/dev/null 493 | printf '\n*******************************************************\n' 494 | printf 'ICERIK - /opt/lampp/etc/httpd.conf' 495 | printf '\n*******************************************************\n' 496 | cat /opt/lampp/etc/httpd.conf 2>/dev/null 497 | printf '\n*******************************************************\n' 498 | printf 'ICERIK - /var/apache2/config.inc' 499 | printf '\n*******************************************************\n' 500 | cat /var/apache2/config.inc 2>/dev/null 501 | printf '\n*******************************************************\n' 502 | printf 'ICERIK - /var/lib/mysql/mysql/user.MYD' 503 | printf '\n*******************************************************\n' 504 | cat /var/lib/mysql/mysql/user.MYD 2>/dev/null 505 | printf '\n*******************************************************\n' 506 | printf 'ICERIK - /root/anaconda-ks.cfg' 507 | printf '\n*******************************************************\n' 508 | cat /root/anaconda-ks.cfg 2>/dev/null 509 | printf '\n*******************************************************\n' 510 | printf 'KULLANICIMIZA AIT OLMAYAN ANCAK YAZMA HAKKIMIZ OLAN TUM DOSYALARIN 511 | LISTESI VE ERISIM HAKLARI - find / -writable -not -user whoami -type f -not - 512 | path /proc/* -exec ls -al {} \;' 513 | printf '\n*******************************************************\n' 514 | find / -writable -not -user `whoami` -type f -not -path "/proc/*" -exec ls -al {} \; 2>/dev/null 515 | printf '\n*******************************************************\n' 516 | printf 'TUM WORLD WRITABLE DOSYALARIN LISTESI VE ERISIM HAKLARI - find / ! - 517 | path */proc/* -perm -2 -type f -exec ls -al {} \;' 518 | printf '\n*******************************************************\n' 519 | find / ! -path "*/proc/*" -perm -2 -type f -exec ls -al {} \; 2>/dev/null 520 | printf '\n*******************************************************\n' 521 | printf 'HERKESIN YAZABILECEGI DIZINLERIN LISTESI' 522 | printf '\n*******************************************************\n' 523 | find / -type d -not -path "/proc/*" \( -perm -o+w \) -exec ls -ald {} \; 2>/dev/null 524 | printf '\n*******************************************************\n' 525 | printf 'BIZIM YAZABILECEGIMIZ DIZINLERIN LISTESI - find / -writable -type d - 526 | not -path /proc/* -exec ls -al {} \;' 527 | printf '\nManuel olarak script lerimizi ve ciktilarini yerlestirebilecegimiz 528 | bir dizin bulmak icin de kullanilabilir' 529 | printf '\n*******************************************************\n' 530 | find / -writable -type d -not -path "/proc/*" -exec ls -ald {} \; 2>/dev/null 531 | printf '\n*******************************************************\n' 532 | printf 'KULLANICIMIZA AIT DIZINLERIN LISTESI - find / -user whoami -type d - not -path /proc/* -exec ls -al {} \;' 533 | printf '\n*******************************************************\n' 534 | find / -user `whoami` -type d -not -path "/proc/*" -exec ls -ald {} \; 2>/dev/null 535 | printf '\n*******************************************************\n' 536 | printf 'SSH ANAHTAR VE ANAHTAR DIZINLERININ LISTESI - find / -name id_dsa* -o 537 | -name id_rsa* -o -name known_hosts -o -name authorized_hosts -o -name 538 | authorized_keys: Ozel ve acik anahtar kavramlari ile bunlarin SSH da nasil 539 | kullanıldigi ile ilgili on bilgi edinmenizde fayda var' 540 | printf '\n*******************************************************\n' 541 | find / -name "id_dsa*" -o -name "id_rsa*" -o -name "known_hosts" -o -name "authorized_hosts" -o -name "authorized_keys" 2>/dev/null 542 | printf '\n*******************************************************\n' 543 | printf 'SSH SERVISINE ROOT KULLANICISI OLARAK BAGLANABILIR MIYIZ - grep 544 | PermitRootLogin /etc/ssh/sshd_config 2>/dev/null | grep -v | awk {print 545 | $2}: Gecerli degerler yes, without-password, forced-commands-only, veya no 546 | dur. without-password private key ile erisilebilir anlamina gelir. forcedcommands-only 547 | yapilabilecek islemleri kisitlar ve private key ile 548 | gelinmelidir.' 549 | printf '\n*******************************************************\n' 550 | grep "PermitRootLogin " /etc/ssh/sshd_config 2>/dev/null | grep -v '\#' | awk '{print $2}' 551 | printf '\n*******************************************************\n' 552 | printf 'SSH KONFIGURASYON DIZINI ERISIM HAKLARIMIZ - ls -la /etc/ssh/' 553 | printf '\nBu baglamda root un home dizinindeki authorized keys dizinine 554 | yazabiliyorsak asagidaki linklerden faydalanarak sirasiyla key uretebilir ve 555 | yerlestirebiliriz' 556 | printf '\nhttp://www.thegeekstuff.com/2008/11/3-steps-to-perform-ssh-loginwithout-password-using-ssh-keygen-ssh-copy-id/' 557 | printf '\nhttp://www.rebol.com/docs/ssh-auto-login.html' 558 | printf '\n*******************************************************\n' 559 | ls -la /etc/ssh/ 2>/dev/null 560 | printf '\n*******************************************************\n' 561 | printf 'SHELL UYGULAMALARININ LISTESI - cat /etc/shells' 562 | printf '\n*******************************************************\n' 563 | cat /etc/shells | xargs ls -al 2>/dev/null 564 | printf '\n*******************************************************\n' 565 | printf 'KULLANICIMIZIN PATH CEVRESEL DEGISKENI - echo $PATH' 566 | printf '\n*******************************************************\n' 567 | echo $PATH 568 | printf '\n*******************************************************\n' 569 | printf 'PAROLA POLITIKASI, PAROLA HASH ALGORITMASI V.D. BILGILER - cat 570 | /etc/login.defs' 571 | printf '\n*******************************************************\n' 572 | cat /etc/login.defs 573 | printf '\n*******************************************************\n' 574 | printf 'APACHE PROCESS ININ HANGI KULLANICI OLARAK KONFIGURE EDILDIGI - cat 575 | /etc/apache2/envvars 2>/dev/null |grep -i user\|group |awk {sub(/.*\export 576 | /,)}1 Gercek kullanici bilgisine ps aux ciktisindan erisebiliriz' 577 | printf '\n*******************************************************\n' 578 | cat /etc/apache2/envvars 2>/dev/null |grep -i 'user\|group' |awk '{sub(/.*\export /,"")}1' 579 | printf '\n*******************************************************\n' 580 | printf 'GOREBILDIGIMIZ TUM HOME DIZINLERI ALTINDA VARSA RHOSTS DOSYALARI - 581 | find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;' 582 | printf '\n*******************************************************\n' 583 | find /home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 584 | printf '\n*******************************************************\n' 585 | printf 'EGER HOME DIZINLERI /USR/ DIZINI ALTINDA ISE GOREBILDIGIMIZ HOME 586 | DIZINLERI ALTINDA VARSA RHOSTS DOSYALARI - find /usr/home -iname *.rhosts - 587 | exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \;' 588 | printf '\n*******************************************************\n' 589 | find /usr/home -iname *.rhosts -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 590 | printf '\n*******************************************************\n' 591 | printf 'HOSTS.EQUIV DOSYASININ ERISIM HAKKI VE GOREBILIYORSAK ICERIGI - find 592 | /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null \; -exec cat {} 593 | 2>/dev/null \;' 594 | printf '\n*******************************************************\n' 595 | find /etc -iname hosts.equiv -exec ls -la {} 2>/dev/null \; -exec cat {} 2>/dev/null \; 596 | printf '\n*******************************************************\n' 597 | printf 'EXPORTS DOSYASININ ERISIM HAKLARI - ls -la /etc/exports' 598 | printf '\n*******************************************************\n' 599 | ls -la /etc/exports 2>/dev/null 600 | printf '\n*******************************************************\n' 601 | printf 'OKUYABILIYORSAK EXPORTS DOSYASININ ICERIGI - cat /etc/exports' 602 | printf '\n*******************************************************\n' 603 | cat /etc/exports 2>/dev/null 604 | printf '\n*******************************************************\n' 605 | printf 'VARSA /VAR/MAIL DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - ls -la 606 | /var/mail - Bu dosyalara manuel olarak bakmak gerekebilir' 607 | printf '\n*******************************************************\n' 608 | ls -la /var/mail 2>/dev/null 609 | printf '\n*******************************************************\n' 610 | printf 'VARSA /VAR/SPOOL/MAIL DIZINI ALTINDAKI DOSYALAR VE ERISIM HAKLARI - 611 | ls -la /var/spool/mail - Bu dosyalara manuel olarak bakmak gerekebilir' 612 | printf '\n*******************************************************\n' 613 | ls -la /var/spool/mail 2>/dev/null 614 | printf '\n*******************************************************\n' 615 | printf 'VARSA VE OKUYABILIYORSAK ROOT UN MAIL KUTUSUNUN ILK BOLUMU - head 616 | /var/mail/root' 617 | printf '\n*******************************************************\n' 618 | head /var/mail/root 2>/dev/null 619 | printf '\n*******************************************************\n' 620 | printf 'VARSA VE OKUYABILIYORSAK ROOT UN MAIL KUTUSUNUN ILK BOLUMU - head 621 | /var/spool/mail/root' 622 | printf '\n*******************************************************\n' 623 | head /var/spool/mail/root 2>/dev/null 624 | printf '\n*******************************************************\n' 625 | printf 'INETD DOSYASININ ICERIGI - cat /etc/inetd.conf - otomatik baslatilan 626 | ag servisleri icin' 627 | printf '\n*******************************************************\n' 628 | cat /etc/inetd.conf 2>/dev/null 629 | printf '\n*******************************************************\n' 630 | printf 'TCP WRAPPER UYGULAYAN SISTEMLER ICIN XINETD DOSYASININ ICERIGI - cat 631 | /etc/xinetd.conf' 632 | printf '\n*******************************************************\n' 633 | cat /etc/xinetd.conf 2>/dev/null 634 | printf '\n*******************************************************\n' 635 | printf 'INIT.D DIZINI ALTINDAKI SCRIPTLER VE ERISIM IZINLERI - ls -la 636 | /etc/init.d - linux uzerine kurulmus servisler hakkinda fikir verir, buradaki 637 | scriptlerin hepsi calismiyor olabilir. Bu dosyalar icinde grep ile kelime 638 | aranabilir' 639 | printf '\n*******************************************************\n' 640 | ls -la /etc/init.d 2>/dev/null 641 | printf '\n*******************************************************\n' 642 | printf 'DUSUK BIR IHTIMAL AMA INIT SCRIPTLERI ICINDE BIR PAROLA OLABILIR MI' 643 | printf '\n*******************************************************\n' 644 | ls /etc/init.d 2>/dev/null| xargs grep -i -E 'pass =|passwd =|pwd =| password =|pass=|passwd=|pwd=|password=' 2>/dev/null 645 | printf '\n*******************************************************\n' 646 | printf 'ROOT KULLANICISINA AIT OLMAYAN ANCAK INIT.D DIZINI ALTINDA BULUNAN 647 | DOSYALARIN LISTESI - find /etc/init.d/ \! -uid 0 -type f 2>/dev/null |xargs - 648 | r ls -la 2>/dev/null' 649 | printf '\n*******************************************************\n' 650 | find /etc/init.d/ \! -uid 0 -type f 2>/dev/null |xargs -r ls -la 2>/dev/null 651 | printf '\n*******************************************************\n' 652 | printf 'INIT SCRIPTLERI RC.D DIZINLERI ALTINDA BULUNAN SISTEMLER ICIN INIT 653 | SCRIPTLERI LISTESI VE ERISIM HAKLARI - ls -la /etc/rc.d/init.d' 654 | printf '\n*******************************************************\n' 655 | ls -la /etc/rc.d/init.d 2>/dev/null 656 | printf '\n*******************************************************\n' 657 | printf 'ROOT KULLANICISINA AIT OLMAYAN ANCAK RC.D/INIT.D DIZINI ALTINDA 658 | BULUNAN DOSYALARIN LISTESI - find /etc/rc.d/init.d \! -uid 0 -type f 659 | 2>/dev/null |xargs -r ls -la 2>/dev/null' 660 | printf '\n*******************************************************\n' 661 | find /etc/rc.d/init.d \! -uid 0 -type f 2>/dev/null |xargs -r ls -la 2>/dev/null 662 | printf '\n*******************************************************\n' 663 | printf 'MOUNT KONFIGURASYONU - cat /etc/fstab *** ONEMLI - REISERFS GIBI 664 | SIRADISI FILE SYSTEM GORURSENIZ EXPLOIT ETMEYI DENEYIN' 665 | printf '\n*******************************************************\n' 666 | cat /etc/fstab 2>/dev/null 667 | printf '\n=======================================================' 668 | printf '\nEK BILGI' 669 | printf '\n=======================================================' 670 | printf '\n*******************************************************\n' 671 | printf 'TUM AG ARAYUZLERININ LISTESI - /sbin/ifconfig -a' 672 | printf '\n*******************************************************\n' 673 | /sbin/ifconfig -a 674 | printf '\n*******************************************************\n' 675 | printf 'SUNUCUDA TANIMLI ROUTE BILGILERI - route' 676 | printf '\n*******************************************************\n' 677 | /sbin/route 2>/dev/null 678 | printf '\n*******************************************************\n' 679 | printf 'MOUNT EDILMIS PARTITION LAR - mount' 680 | printf '\n*******************************************************\n' 681 | mount 2>/dev/null 682 | printf '\n*******************************************************\n' 683 | printf 'MOUNT EDILMIS PARTITION LAR VE KULLANIM ORANLARI - df -h' 684 | printf '\n*******************************************************\n' 685 | df -h 2>/dev/null 686 | printf '\n*******************************************************\n' 687 | printf 'DOSYA TRANSFER ARACLARIMIZ NELER' 688 | printf '\nNOT: Path cevresel degiskenimiz yeterli degilse which komutlari var 689 | oldugu halde dosya transfer araclarini bulamayabilir, bu bolumdeki ciktilari 690 | bu acidan degerlendirmelisiniz.' 691 | printf '\n*******************************************************\n' 692 | which nc 693 | which netcat 694 | which wget 695 | which tftp 696 | which ftp 697 | printf '\n*******************************************************\n' 698 | printf 'KURULU PAKETLER VE VERSIYONLARI' 699 | printf '\n*******************************************************\n' 700 | if grep -q -E -i 'ubuntu|debian' /proc/version; 701 | then 702 | dpkg -l 2>/dev/null 703 | else 704 | rpm -qa 2>/dev/null 705 | fi 706 | printf '\n*******************************************************\n' 707 | printf 'WEB UYGULAMA DIZINLERI VE DOSYALARIN LISTESI - EKLEME YAPILABILIR' 708 | printf 'NOT: Bu dizinlere manuel olarak goz atilmalidir' 709 | printf '\n*******************************************************\n' 710 | ls -alhR /var/www/ 2>/dev/null 711 | ls -alhR /srv/www/htdocs/ 2>/dev/null 712 | ls -alhR /usr/local/www/apache22/data/ 2>/dev/null 713 | ls -alhR /opt/lampp/htdocs/ 2>/dev/null 714 | printf '\n*******************************************************\n' 715 | printf '==DETAYLI PASSWORD VE ROOT KELIMELERI GECEN SATIRLAR==' 716 | printf '\n*******************************************************\n' 717 | printf '\n*******************************************************\n' 718 | printf 'INI DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 719 | SATIRLAR - cat ini-files-enum.txt | xargs grep -E pass|pwd|root' 720 | printf '\nNOT: grep ile aranan kelimelerin gectigi satirlar yerine sadece bu 721 | kelimelerin gectigi dosyalari gormek istiyorsaniz grep -l komutunu 722 | kullanabilirsiniz' 723 | printf '\nNOT: Manuel olarak belli kelimeleri belli dosyalar icinde aramak 724 | icin su komut kullanilabilir, arama terimlerini tek tirnak icine almayi 725 | unutmayiniz: find / -name *.conf* -type f -exec grep -Hn password|root {} \; 726 | 2>/dev/null ' 727 | printf '\n*******************************************************\n' 728 | cat ini-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 729 | printf '\n*******************************************************\n' 730 | printf 'CONF DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 731 | SATIRLAR - cat conf-files-enum.txt | xargs grep -E pass|pwd|root' 732 | printf '\n*******************************************************\n' 733 | cat conf-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 734 | printf '\n*******************************************************\n' 735 | printf 'PHP DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 736 | SATIRLAR - cat php-files-enum.txt | xargs grep -E pass|pwd|rootr' 737 | printf '\n*******************************************************\n' 738 | cat php-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 739 | printf '\n*******************************************************\n' 740 | printf 'PL DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 741 | SATIRLAR - cat pl-files-enum.txt | xargs grep -E pass|pwd|root' 742 | printf '\n*******************************************************\n' 743 | cat pl-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 744 | printf '\n*******************************************************\n' 745 | printf 'SH DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 746 | SATIRLAR - cat sh-files-enum.txt | xargs grep -E pass|pwd|root' 747 | printf '\n*******************************************************\n' 748 | cat sh-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 749 | printf '\n*******************************************************\n' 750 | printf 'LOG DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 751 | SATIRLAR - cat log-files-enum.txt | xargs grep -E pass|pwd|root' 752 | printf '\n*******************************************************\n' 753 | cat log-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 754 | printf '\n*******************************************************\n' 755 | printf 'INC DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 756 | SATIRLAR - cat inc-files-enum.txt | xargs grep -E pass|pwd|root' 757 | printf '\n*******************************************************\n' 758 | cat inc-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 759 | printf '\n*******************************************************\n' 760 | printf 'MYD DOSYALARI ICINDE PASS, PWD, ROOT VE ADMIN KELIMELERI GECEN 761 | SATIRLAR - cat myd-files-enum.txt | xargs grep -E pass|pwd|root' 762 | printf '\n*******************************************************\n' 763 | cat myd-files-enum.txt | xargs grep -i -E 'pass|pwd|root|admin' 2>/dev/null | grep '=' 764 | printf '\n*******************************************************\n' 765 | printf '/root/ DIZINI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI' 766 | printf '\n*******************************************************\n' 767 | find /root/ -type f -exec tail -n +1 {} + > rootfiles-enum.txt 2>/dev/null 768 | printf '\n*******************************************************\n' 769 | printf '/home/ DIZINI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI - 770 | ***ONEMLI*** EGER SCRIPTI HOME DIZINI ALTINDA CALISTIRIRSANIZ KENDINIZE DOS 771 | YAPMIS OLURSUNUZ CUNKU SCRIPT KENDI YAZDIKLARINI TEKRAR OKUYUP TEKRAR YAZAR 772 | VE DISKI DOLDURURSUNUZ' 773 | printf '\n*******************************************************\n' 774 | find /home/ -type f -exec tail -n +1 {} + > homefiles-enum.txt 2>/dev/null 775 | printf '\n*******************************************************\n' 776 | printf '/etc/cron* DIZINLERI ALTINDA OKUYABILDIGIMIZ DOSYALARIN ICERIKLERI' 777 | printf '\n*******************************************************\n' 778 | find /etc/cron* -type f -exec tail -n +1 {} + > etccronfiles-enum.txt 2>/dev/null 779 | printf '\n=======================================================' 780 | printf '\nSCRIPT TAMAMLANDI' 781 | printf '\n=======================================================' 782 | printf '\nBULDUGUNUZ PAROLALARI ROOT KULLANICISINA VE SISTEM UZERINDE TANIMLI 783 | DIGER KULLANICILARA SU YAPARAK DENEMEYI UNUTMAYIN\n' 784 | 785 | --------------------------------------------------------------------------------