Speed up with VBoxManage

If you use Virtualbox, you can speed up your daily workflow with VBoxManage. This guide show some basic commands.

Precondition

Commands

# show version
$ VBoxManage --version

# show help
$ VBoxManage --help

# list all VM's
$ VBoxManage list vms

# list only running VM's
$ VBoxManage list runningvms

# show VM information
$ VBoxManage showvminfo <uuid|vmname>

# start VM (GUI)
$ VBoxManage startvm <uuid|vmname>

# start VM (Headless)
$ VBoxManage startvm <uuid|vmname> --type headless

# pause VM
$ VBoxManage controlvm <uuid|vmname> pause

# resume VM
$ VBoxManage controlvm <uuid|vmname> resume

# shutdown VM
$ VBoxManage controlvm <uuid|vmname> poweroff

There ‘s more! If you are familiar with basic commands, read the help or user manual!

Command line SQLite recipes

As a software developer or tester you get in touch with SQLite? Here are a few recipes that make your work easier.

Backup SQLite

Create a copy of the entire database

# change directory (where Database is located)
$ cd /path/to/folder

# start full dump of entire database
$ sqlite3 myDatabase.db .dump > myFullBackup.sql

Create copy of a specific table

# change directory (where Database is located)
$ cd /path/to/folder

# dump only specific table
$ sqlite3 myDatabase.db ".dump myTable" > mySpecificBackup.sql

Create copy of specific table as CSV or HTML

# change directory (where Database is located)
$ cd /path/to/folder

# cvs without header
$ sqlite3 -csv myDatabase.db "SELECT * FROM myTable;" > mySpecificBackup.csv

# csv with header
$ sqlite3 -header -csv myDatabase.db "SELECT * FROM myTable;" > mySpecificBackup.csv

# html without header
$ sqlite3 -html myDatabase.db "SELECT * FROM myTable;" > mySpecificBackup.html

# html with header
$ sqlite3 -header -html myDatabase.db "SELECT * FROM myTable;" > mySpecificBackup.html

Create SQLite database

# change directory (where Database should located)
$ cd /path/to/folder

# restore from dump
$ sqlite3 myNewDatabase.db < myCreateFile.sql

Select query from Terminal

# change directory (where Database is located)
$ cd /path/to/folder

# simple output
$ sqlite3 myDatabase.db "SELECT * FROM myTable;"

# with header
$ sqlite3 -header myDatabase.db "SELECT * FROM myTable;"

# with header and column
$ sqlite3 -header -column myDatabase.db "SELECT * FROM myTable;"

# select as command line
$ sqlite3 -line myDatabase.db "SELECT * FROM myTable;"

#select as html
$ sqlite3 -html myDatabase.db "SELECT * FROM myTable;"

Merge sqlite tables with same schema

Imagine there are two databases (db_1.db and db_2.db) with tables (myTable) in same schema. Now we merge the content of table “myTable” from database “db_2.db” into “db_1.db”.

# change to directory where databases are located
$ cd /path/to/folder

# start sqlite commands
$ sqlite db_1.db

# run all needed commands
sqlite> ATTACH 'db_2.db' AS toMerge;
sqlite> BEGIN;
sqlite> INSERT INTO myTable SELECT * FROM toMerge.myTable;
sqlite> COMMIT;
sqlite> .quit

Interrogating the Whois servers

Whois servers hold information about domain names, IP addresses and other relevant information. In a penetration test, you might need this information. With the Whois protocol you can simply query this data.

# syntax
$ whois <IP|Domain>

# example
$ whois example.com
$ whois 74.122.208.31

Fast PHP server

Since PHP 4.x, there is a CLI SAPI web server. As a tester you simply go to the folder and start the server.

Example

# change to directory where server should start
$ cd /path/to/folder

# start server with specific port
$ php -S localhost:8100

Now start your browser and insert the URL “localhost:8100”. With “Ctrl+c” you can stop the server.

Extended

# explicit document root
$ cd /path/to/folder
$ php -S localhost:8100 -t foo/bar/

# specific configuration
$ cd /path/to/folder
$ php -S localhost:8100 -c php.ini

Layer 2 discovery on same subnet

A little tip for penetration testers to scan their own network with arping (Layer 2 discovery).

Preparation

We need arping. Therefor we can use ports to install them.

# install arping via ports
$ sudo port install arping

Example

# Syntax
$ sudo arping -c <number> <target>

# Example
$ sudo arping -c 4 192.168.0.1

Usage

Now we use ARP (Address Resolution Protocol) to discover.

#!/usr/bin/env bash

# define shell options
set -e
set -u

# define magic variables
declare -r FILE_NAME=$(basename "$0")
declare -r -i NO_ARGS=84
declare -r -i BAD_ARGS=85

# usage function
function fc_usage() {
  printf "Usage: %s -i <interface>" "$FILE_NAME"
}

# error function
function fc_no_args() {
  printf "Error: no arguments supplied\n"
  exit "$NO_ARGS"
}

# check script arguments
if [ "$#" -eq 0 ]; then
  fc_no_args
fi

while getopts "i:" OPTION; do
  case "$OPTION" in
    i)
      INTERFACE="$OPTARG";;
    *)
      fc_usage
      exit "$BAD_ARGS";;
  esac
done


PREFIX=$(ifconfig "$INTERFACE" | grep 'inet' | cut -d ' ' -f2 | sed -n 2p | cut -d '.' -f 1-3)

for addr in $(seq 1 254); do
  arping -c 1 "$PREFIX"."$addr" | grep "bytes from" | cut -d " " -f 5 | cut -d "(" -f 2 | cut -d ")" -f 1 &
done

– Softwaretester –

knowledge is power

Bash

Speed up with VBoxManage

Command line SQLite recipes

Interrogating the Whois servers

Fast PHP server

Layer 2 discovery on same subnet