Techpository

Getting in test
start a new screen session with session name 	screen -S <name>
list running sessions/screens 	screen -ls
attach to a running session 	screen -x
attach to session name 	screen -r <name>
the “ultimate attach” 	screen -dRR (Attaches to a screen session. If the session is attached elsewhere, detaches that other display. If no session exists, creates one. If multiple sessions exist, uses the first one.)
Escape key

All screen commands are prefixed by an escape key, by default C-a (that's Control-a, sometimes written ^a). To send a literal C-a to the programs in screen, use C-a a. This is useful when working with screen within screen. For example C-a a n will move screen to a new window on the screen within screen.
Getting out
detach 	C-a d
detach and logout (quick exit) 	C-a D D
exit screen 	C-a \ Exit all of the programs in screen. (not recommended)
force-exit screen 	C-a C-\ (not recommended)
getting out of the screen session 	exit
Window Management
create new window 	C-a c
change to last-visited active window 	C-a C-a (commonly used to flip-flop between two windows)
change to window by number 	C-a <number> (only for windows 0 to 9)
change to window by number or name 	C-a ' <number or title>
change to next window in list 	C-a n or C-a <space>
change to previous window in list 	C-a p or C-a <backspace>
see window list 	C-a " (allows you to select a window to change to)
show window bar 	C-a w (if you don't have window bar)
close current window 	Close all applications in the current window (including shell)
kill current window 	C-a k (not recommended)
kill all windows 	C-a \ (not recommended)
rename current window 	C-a A
Split screen
split display horizontally 	C-a S
split display vertically 	C-a | or C-a V (for the vanilla vertical screen patch)
jump to next display region 	C-a tab
remove current region 	C-a X
remove all regions but the current one 	C-a Q
Clipboard and Navigation
freely navigate buffer 	C-a [ or C-a <esc>
toggle selection to copy 	space
paste 	C-a ]
Help
See help 	C-a ? (lists keybindings)

The man page is the complete reference.
Scripting

To any session name,
send a command to a named session 	screen -S <name> -X <command>
create a new window and run ping example.com 	screen -S <name> -X screen ping example.com
stuff characters into the input buffer
using bash to expand a newline character
(from here) 	

screen -S <name> [-p <page>] -X stuff $'quit\r'

A full example:

# run bash within screen
screen -AmdS bash_shell bash
# run top within that bash session
screen -S bash_shell -p 0 -X stuff $'top\r'
 
# ... some time later
 
# stuff 'q' to tell top to quit
screen -S bash_shell -X stuff 'q'
# stuff 'exit\n' to exit bash session
screen -S bash_shell -X stuff $'exit\r'

Misc
redraw window 	C-a C-l
monitor window for activity 	C-a M
monitor window for silence 	C-a _
enter digraph (for producing non-ASCII characters) 	C-a C-v
lock (password protect) session 	C-a x
enter screen command 	C-a :
enable logging in the screen session 	C-a H
Scrollback-buffer

In copy mode, one can navigate the scrollback buffer in various ways:
half page up 	C-u 		half page down 	C-d
back 	C-b 		forward 	C-f
cursor left/down/up/right 	h/j/k/l 

Other Examples:
screen -AmdS bash_shell bash ; screen -S bash_shell -p 0 -X stuff $'yum update -y\r' ; screen -S bash_shell -p 0 -X stuff $'exit\r'
screen -AmdS bash_shell bash ; screen -S bash_shell -p 0 -X stuff $'yum update -y\r' ; screen -S bash_shell -p 0 -X stuff $'reboot\r'

1. Usefull for when you don’t have nmap and need to find a missing host. Pings all addresses from 10.1.1.1 to 10.1.1.254, modify for your subnet. Timeout set to 1 sec for speed, if running over a slow connection you should raise that to avoid missing replies. This will clean up the junk, leaving just the IP address:

for i in {1..254}; do ping -c 1 -W 1 10.1.1.$i | grep ‘from’ | cut -d’ ‘ -f 4 | tr -d ‘:’; done Show Sample Output

2. Waits for all pings to complete and returns ip with mac address

(prefix=”10.59.21″ && for i in seq 254; do (sleep 0.5 && ping -c1 -w1 $prefix.$i &> /dev/null && arp -n | awk ‘ /’$prefix’.’$i’ / { print $1 ” ” $3 } ‘) & done; wait)

4. This version combines the best of the other suggestions and adds these features: 1. It scans a /16 subnet 2. It is very fast by running the ping commands in the background, running them in parallel. 3. Does not use the “-W” option as that’s not available in older ping versions (I needed this for OS X 10.5)

prefix=”169.254″ && for i in {0..254}; do echo $prefix.$i/8; for j in {1..254}; do sh -c “ping -m 1 -c 1 -t 1 $prefix.$i.$j | grep \”icmp\” &” ; done; done

5. Not really an easier solution. But an example using && for (if last command returned 0). You can use || for (if last command returned other than 0).

prefix=”10.0.0″ && for i in seq 25; do ping -c 1 $prefix.$i &> /dev/null && echo “Answer from: $prefix.$i” ; done

Basic Nmap scanning examples, often used at the first stage of enumeration.
Command Description

nmap -sP 10.0.0.0/24

Ping scans the network, listing machines that respond to ping.

nmap -p 1-65535 -sV -sS -T4 target

Full TCP port scan using with service version detection – usually my first scan, I find T4 more accurate than T5 and still “pretty quick”.

nmap -v -sS -A -T4 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + traceroute and scripts against target services.

nmap -v -sS -A -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + traceroute and scripts against target services.

nmap -v -sV -O -sS -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection.

nmap -v -p 1-65535 -sV -O -sS -T4 target

Prints verbose output, runs stealth syn scan, T4 timing, OS and version detection + full port range scan.

nmap -v -p 1-65535 -sV -O -sS -T5 target

Prints verbose output, runs stealth syn scan, T5 timing, OS and version detection + full port range scan.
Agressive scan timings are faster, but could yeild inaccurate results!

T5 uses very aggressive scan timings and could lead to missed ports, T4 is a better compromise if you need fast results.
Nmap scan from file
Command Description

nmap -iL ip-addresses.txt

Scans a list of IP addresses, you can add options before / after.
Nmap output formats
Command Description

nmap -sV -p 139,445 -oG grep-output.txt 10.0.1.0/24

Outputs “grepable” output to a file, in this example Netbios servers.

E.g, The output file could be grepped for “Open”.

nmap -sS -sV -T5 10.0.1.99 –webxml -oX –
| xsltproc –output file.html –

Export nmap output to HTML report.
Nmap Netbios Examples
Command Description

nmap -sV -v -p 139,445 10.0.0.1/24

Find all Netbios servers on subnet

nmap -sU –script nbstat.nse -p 137 target

Nmap display Netbios name

nmap –script-args=unsafe=1 –script
smb-check-vulns.nse -p 445 target

Nmap check if Netbios servers are vulnerable to MS08-067

rpm -qa | grep yum
yum reinstall yum-utils-1.1.31-45.el7 – change to appropriate version number
package-cleanup –cleandupes
Once this is complete we shouldn’t see any more duplicates on the system.
package-cleanup –duped

If Satellite is not seeing a report from the server use the following command from the host to try and force a sync
puppet agent -tv

---

If you run into a lock issue where “puppet agent -tv” will not work, try the following:

systemctl stop puppet

rm /var/lib/puppet/state/agent_catalog_run.lock

systemctl start puppet

ps aux | grep puppet
root 26701 42.0 0.3 248764 41080 ? Ssl 10:14 0:01 /usr/bin/ruby /usr/bin/puppet agent –no-daemonize
root 26711 51.0 0.4 351092 56660 ? Sl 10:14 0:01 puppet agent: applying configuration

A couple of minutes later the “puppet agent: applying configuration” job completed. I was able to rerun “puppet agent -tv”.