About
Hello, I'm pwnwriter, and this is a frontend for my compilation of random notes gathered throughout the year. Here, you'll discover a diverse array of notes spanning topics such as Cybersecurity, shell scripting, rust, and much more, all available under the MIT license. These notes are straightforward, nothing but raw insights into various subjects.
Links
Website : pwnwriter.xyz
Github : @pwnwriter
Twitter : @pwnwriter
Ko-fi : @pwnwriter
Links
Allow rust-analyzer to run on single file for completion
Create a rust-project.json
in your directory
{
"sysroot_src": "path/to/the/library",
"crates": [
{
"root_module": "main.rs",
"edition": "2021",
"deps": []
}
]
}
Here, i manually defined rustup
home. By default it's ~/.rustup
export RUSTUP_HOME="${XDG_DATA_HOME:-$HOME/.local/share}/rustup"
Define crates
deps inside a single file.
//! ```cargo //! [dependencies] //! clap = { version = "4.2", features = ["derive"] } //! ``` extern crate clap; use clap::Parser; #[derive(Parser, Debug)] #[clap(version)] struct Args { #[arg(short, long, default_value = "PwnWriter")] pub name: String, } fn main() { let args = Args::parse(); println!("{}", args.name); }
Iterators
extern crate anyhow; use anyhow::Result; fn main() -> Result<()> { let ports = vec![1, 3, 4]; let urls = vec![ "https://github.com", "https://metislinux.org", "https://kisslinux.org", ]; let urls_with_ports: Vec<String> = urls .iter() .zip(&ports) .map(|(url, &port)| format!("{}:{}", url, port)) .collect(); for url in urls_with_ports { println!("{}", url); } Ok(()) }
Standard Input Using Cursor
Sometimes, you may not have access to concatenate
a file and pipe it into your
code for testing. In such situations, you can utilize the Cursor
module.
use std::io::{Cursor, BufRead, BufReader}; fn main() { let cursor = Cursor::new("Hey\npwned\n".to_string()); let buffered_reader = BufReader::new(cursor); for line in buffered_reader.lines() { println!("{}", line.unwrap()); } }
How to Install Nix on any Linux VPS
Nix is a versatile package manager, programming language, and even a complete Linux distribution. It stands out with its focus on reproducibility and declarative configuration.
Download and Run the Installer
We'll be using determinate system's nix installer
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- --install
You should have nix installed by now.
nix --version
Let's install a pkg tmux
nix profile install nixpkgs#tmux
we can even install package for temp shell
nix-shell -p git
Installing Home Manager
Finally, we'll use Home Manager, a tool designed to manage the user environment (e.g., dotfiles) in a declarative way using Nix. We'll start by adding the minimal configuration needed to get Home Manager up and running.
First, create a dotfiles directory if you don't have one already (the name of the directory does not matter). Use git init (or your favorite GUI) to initialize a Git repository in the folder. Add the following two files:
mkdir dotfiles; cd dotfiles; git init
{
description = "Your description here";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { nixpkgs, home-manager, ... }: {
homeConfigurations = {
<Yourname> = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
modules = [
./modules
{
home.username = "username";
home.stateVersion = "23.11";
home.homeDirectory = "/home/username";
}
];
};
};
};
}
Place the above file as flake.nix
.
Now the directory tree should look like this
This flake initiales all the modules from modules
directory.
For example to configure git
, it goes something like this
{ pkgs, ... }:
let
name = "username";
email = "main";
in
{
programs.git = {
enable = true;
userName = name;
userEmail = email;
};
}
Now we'll need to source it inside modules,
Like lua
's init.lua' we have default.nix
in nix
.
We'll now import out git.nix
using modules/default.nix
file and it goes something like this.
{ config, ... }:
let
modules = [
./git.nix
];
in
{
imports = modules;
xdg.dataHome = "${config.home.homeDirectory}/.local/share";
programs.home-manager.enable = true;
}
We can now build our config using following.
nix run github:nix-community/home-manager -- switch --flake .#your_name
It should generate your config like below.
Setting Up Google Authentication for SSH on a Linux Server
Step 1: Install Google Authenticator
-
Update your package list:
sudo apt update
-
Install the Google Authenticator package:
sudo apt install libpam-google-authenticator
Step 2: Configure Google Authenticator for Your User
-
Run the Google Authenticator setup:
google-authenticator
-
Answer the prompts:
- "Do you want authentication tokens to be time-based (y/n)?": Type
y
and press Enter. - Backup Codes: Write down the emergency scratch codes provided and store them in a safe place.
- "Do you want me to update your "/home/username/.google_authenticator" file?": Type
y
and press Enter. - "Do you want to disallow multiple uses of the same authentication token? (y/n)": Type
y
and press Enter. - "By default, tokens are good for 30 seconds. Do you want to increase the time skew window to 4 minutes? (y/n)": Type
n
and press Enter. - "Do you want to enable rate-limiting protection? (y/n)": Type
y
and press Enter.
- "Do you want authentication tokens to be time-based (y/n)?": Type
-
Scan the QR code: Use the Google Authenticator app on your phone to scan the QR code displayed on your terminal.
Step 3: Configure SSH to Use Google Authenticator
-
Edit the SSH configuration file:
sudo vim /etc/pam.d/sshd
-
Add the following line at the end of the file:
auth required pam_google_authenticator.so nullok
-
Edit the SSH daemon configuration file:
sudo vim /etc/ssh/sshd_config
-
Find and modify the following lines:
-
Ensure
ChallengeResponseAuthentication
is set toyes
:ChallengeResponseAuthentication yes
-
Ensure
UsePAM
is set toyes
:UsePAM yes
-
(Optional) If you want to require both Google Authenticator and your password, add or modify the line:
AuthenticationMethods publickey,password publickey,keyboard-interactive
-
Step 4: Restart the SSH Service
-
Restart the SSH service to apply the changes:
sudo systemctl restart sshd
Step 5: Test the Configuration
-
Open a new SSH session to your server.
-
Log in with your username and password.
-
When prompted, enter the verification code from your Google Authenticator app.
Installing an SSL Certificate on a Domain Using Certbot manually
1. Install Certbot
If Certbot is not already installed, you can install it using the following commands:
For Debian/Ubuntu:
sudo apt update
sudo apt install certbot
2. Obtain the SSL Certificate
export DOMAIN=<your domain>
certbot certonly --manual -d *.$DOMAIN -d $DOMAIN --agree-tos --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096
3. Certbot will provide instructions on how to create a DNS TXT record to verify your domain ownership. The output will look something like this:
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Before continuing, verify the record is deployed.
After creating the DNS TXT record, wait for the changes to propagate. This can
take a few minutes. You can verify the DNS record by using a tool like
DNSChecker
to ensure it has been properly set.
4. Setup ssl
Your new SSL certificates will be stored in the /etc/letsencrypt/live/$DOMAIN/ directory. You will find the following files:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
root /var/www/html;
index index.html index.htm;
}
}
Mount a directory on RAM.
Mount a directory completely on RAM. Everything will be wiped out on reboot.
mount -o size=<x>G -t tmpfs none <dir_name>
Explanation
size=<x>G
: Sets the directory size in RAM (replace
-t tmpfs
: Specifies tmpfs as the RAM-based filesystem.
none
: Represents the virtual directory in RAM, not tied to any physical device.
<dir_name>
: Path to the directory where you'll access the RAM directory.
Create SSH Keys
ssh-keygen -t rsa -b 4096 -C "example@example.com"
Generate a new SSH key using RSA encryption with a bit size of 4096 and attach an email address as a label.
Start SSH Agent
eval $(ssh-agent -s)
initialize ssh keys.
Add Generated Key to SSH Agent
ssh-add "~/.ssh/ssh_file_name"
Add newly generated SSH key to the SSH agent.
Some useful commands for enumerating *nix os
Commands | Explanation |
---|---|
uname -a | Print all available system information |
uname -r | Kernel release |
uname -n | System hostname |
hostname | As above |
uname -m | Linux kernel architecture (32 or 64 bit) |
cat /proc/version | Kernel information |
cat /etc/*-release | Distribution information |
cat /etc/issue | As above |
cat /proc/cpuinfo | CPU information |
df -a | File system information |
Users & Groups:
Commands | Explanation |
---|---|
cat /etc/passwd | List all users on the system |
cat /etc/group | List all groups on the system |
cat /etc/shadow | Show user hashes – Privileged command |
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1} | List all super user accounts |
finger | Users currently logged in |
pinky | As above |
users | As above |
who -a | As above |
w | Who is currently logged in and what they’re doing |
last | Listing of last logged on users |
lastlog | Information on when all users last logged in |
lastlog –u %username% | Information on when the specified user last logged in |
User & Privilege Information:
Commands | Explanation |
---|---|
whoami | Current username |
id | Current user information |
cat /etc/sudoers | Who’s allowed to do what as root – Privileged command |
sudo -l | Can the current user perform anything as root |
Environmental Information:
Commands | Explanation |
---|---|
env | Display environmental variables |
set | As above |
echo $PATH | Path information |
history | Displays command history of current user |
pwd | Print working directory, i.e. ‘where am I’ |
cat /etc/profile | Display default system variables |
Interesting Files:
Commands | Explanation |
---|---|
find / -perm -4000 -type f 2>/dev/null | Find SUID files |
find / -uid 0 -perm -4000 -type f 2>/dev/null | Find SUID files owned by root |
Common Shell Escape Sequences:
Commands | Explanation |
---|---|
:!bash | vi, vim |
:set shell=/bin/bash :shell | vi, vim |
!bash | man, more, less |
find / -exec /usr/bin/awk 'BEGIN {system("/bin/bash")}' \; | find |
awk 'BEGIN {system("/bin/bash")}' | awk |
--interactive | nmap |
perl -e 'exec "/bin/bash";' | Perl |
Random scripts
Record with internal sound using wf-recorder
wf-recorder \
-aalsa_input.pci-0000_03_00.6.analog-stereo \
-aalsa_output.pci-0000_03_00.6.analog-stereo.monitor \
-f recording.mkv