Fox'Say!
Fox'Say!13mo ago

What are these Linux Commands doing?

python ../../tools/Loki/loki.py -p ., So what this says is: 1. Go up 2 directories 2. Navigate from that location to tools > then to Loki 3. Open loki.py Also: What exactly does -p and . mean? I was trying the man python command, but it said "no manual entry for Python." (I'm probably going to look for a Linux command cheat sheet later.) Original Message question/reply from @DirtyJ (thanks): https://discord.com/channels/543652415870730240/580312632171692032/1128474626872316025
No description
7 Replies
Cyber Forum
Cyber Forum13mo ago
Post created!
🔎 This post has been indexed in our web forum and will be seen by search engines so other users can find it outside Discord 🕵️ Your user profile is private by default and won't be visible to users outside Discord, if you want to be visible in the web forum you can add the "Public Profile" role in <id:customize> ✅ You can mark a message as the answer for your post with Right click -> Apps -> Mark Solution (if you don't see the option, try refreshing Discord with Ctrl + R)
From An unknown user
DirtyJ
DirtyJ13mo ago
-p will be one of Loki's arguments: https://github.com/Neo23x0/Loki 
usage: loki.py [-h] [-p path] [-s kilobyte] [-l log-file] [-r remote-loghost]
               [-t remote-syslog-port] [-a alert-level] [-w warning-level]
               [-n notice-level] [--allhds] [--alldrives] [--printall]
               [--allreasons] [--noprocscan] [--nofilescan] [--vulnchecks]
               [--nolevcheck] [--scriptanalysis] [--rootkit] [--noindicator]
               [--dontwait] [--intense] [--csv] [--onlyrelevant] [--nolog]
               [--update] [--debug] [--maxworkingset MAXWORKINGSET]
               [--syslogtcp] [--logfolder log-folder] [--nopesieve]
               [--pesieveshellc] [--nolisten]
               [--excludeprocess EXCLUDEPROCESS] [--force]
usage: loki.py [-h] [-p path] [-s kilobyte] [-l log-file] [-r remote-loghost]
               [-t remote-syslog-port] [-a alert-level] [-w warning-level]
               [-n notice-level] [--allhds] [--alldrives] [--printall]
               [--allreasons] [--noprocscan] [--nofilescan] [--vulnchecks]
               [--nolevcheck] [--scriptanalysis] [--rootkit] [--noindicator]
               [--dontwait] [--intense] [--csv] [--onlyrelevant] [--nolog]
               [--update] [--debug] [--maxworkingset MAXWORKINGSET]
               [--syslogtcp] [--logfolder log-folder] [--nopesieve]
               [--pesieveshellc] [--nolisten]
               [--excludeprocess EXCLUDEPROCESS] [--force]
. indicates the current directory (if you do ls -al you'll always see . and .. for current directory and one above):
GitHub
GitHub - Neo23x0/Loki: Loki - Simple IOC and YARA Scanner
Loki - Simple IOC and YARA Scanner. Contribute to Neo23x0/Loki development by creating an account on GitHub.
No description
DirtyJ
DirtyJ13mo ago
So basically -p . in that context tells loki.py to use the current directory as the path to scan
Fox'Say!
Fox'Say!13mo ago
Thanks, that helps a lot. I found a guide. I'm still learning Linux and they touched on a few of the commands, but I don't think the course taught me how to use & string together all the commands you need to get the answers...which would explain why this was weirdly difficult. https://medium.com/@haircutfish/tryhackme-yara-room-d279ccb5cbb3#:~:text=Based%20on%20the%20output%2C%20what%20string%20within%20the%20Yara%20rule%20did%20it%20match%20on%3F
Medium
TryHackMe Yara Room
Learn the applications and language that is Yara for everything threat intelligence, forensics, and threat hunting!
Fox'Say!
Fox'Say!13mo ago
Can I ask if, at a glance, you know what 1ndex.php is? Is that the same thing as the directory index, which I think all Linux directories have? If that's correct, I thought Yara calls went yara **<rulename>**.yar **<filename_being_scanned>**. yara 1ndex.php file2/file2.yar - call from inside file2 directory. Do I have the syntax backwards? And if I do, how does yara know where 1index.php is? Maybe it just runs by default in the current folder? https://medium.com/@haircutfish/tryhackme-yara-room-d279ccb5cbb3#:~:text=Answer%3A%20yara%201ndex.php%20file2/file2.yar
Medium
TryHackMe Yara Room
Learn the applications and language that is Yara for everything threat intelligence, forensics, and threat hunting!
Wagon
Wagon13mo ago
1ndex.php would be a PHP script of some kind. As far as your understanding of syntax, you are correct <rulename>**.yar **<filename_being_scanned>** is the format, meaning the command would be yara file2.yar file2/1ndex.php For some reason, the answer is swapped to yara 1ndex.php file2/file2.yar, I am unsure why though.
Fox'Say!
Fox'Say!13mo ago
Thank you, I spent so long trying to figure that out. It was just wrong 🙄
More Posts
Will factory resetting my pc remove spyware/malware?Hi, so my computer was recently hacked, where the hacker got access to all my files, passwords, and HELP my pc is stuck in restart and it’s keep restarting itselfHELP I TRIED TO RESTART MY PC BUT ITS STUCK IN RESTART AND LOADING OVER AND OVER AGAINFan IssuesBefore I go out spending money, I would like to double check with you all that this is not supposed Forum Bot TestbababooeyFake pictures?/False profile?/Hacked?Hello, I'm not one to post on a public form. But, I'm in a tough spot to say the least. So I'll jusAnyone know anything about networksCan anyone help me with an add on for application netlimiter 4?Need help for running a ZAP scan for APIs.I'm trying to configure the postman with ZAP so I can capture the API request and then scan them, buNeed help enabling user bot commandsHey everyone!, I have created my first discord bot using python and the bot does show it connects iWindows 10 recovery media@everyone srry for ping but may someone help me, I have 3f0 boot error, and I got no other laptops, Problem with multi-handler on Evil-Droidhello, when i launch my listening, my terminal goes black i didn't see what i'm righting or the resu