Contents
- Linux Network Commands
- Linux System Info Commands
- Linux File Commands
- Linux Utility Commands
- Linux “Cover Your Tracks” Commands
- Linux Misc Commands
- Linux Files
- Google Dorking
- Linux Scripting
- IPv4
- IPv6
- tcpdump
- bash
- mysql backup
- iptables
- Cisco Commands
- GitHub Repositories
- External Links
Linux Network Commands
watch ss --tcp # network connections
netstat -ant # tcp connections -anu=udp
netstat -tulpn # connections with PIDs
lsof -i # established connections
ifconfig eth0 ip/cidr # set ip and netmask
ifconfig eth0:1 ip/cidr # set virtual interface
route add default gw gw_ip # set gateway
export MAC=XX:XX:XX:XX:XX # change mac address
dig -x ip # domain lookup for ip
host ip # domain lookup for ip
dig @ ip domain -t AXFR # dns cone xfer
host -i domain namesvr # dns cone xfer
tcpkill host ip and port port # block ip:port
/var/log/messages \| grep DHCP # list dhcp assignments
ping # send an ICMP ECHO_REQUEST to network hosts
traceroute # print the route packets trace to a network host
ip # show/manipulate routing, devices, policy routing, and tunnels
netstat # print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
wget # non-interactive network downloader
ssh # secure shell, OpenSSH client (remote login program)
dig # dns lookup utility
nslookup # query internet name servers interactively
route # view and change the route table
whois # internet domain name and network number directory service
curl # make any http request you want
httpie # like curl but easier ("http get")
tc # on a Linux router: slow down your brother's internet (and much more)
scp # copy files over a ssh connection
rsync # copy only changed files (works over ssh)
ngrep # grep for your network
tcpdump # show me all packets on port 80
wireshark # look at the packets in a GUI
tshark # command line super powerful packet analysis
tcpflow # capture and assemble tcp streams
ifconfig # what is my ip address
arp # see your arp table
mitmproxy # spy on ssl connections your programs are making
pof # identify OS of hosts connecting to you
openvpn # a vpn
wireguard # a newer vpn
nc # netcat! make tcp connections manually
socat # proxy a tcp socket to a Unix domain socket + lots more
telnet # like ssh but insecure
ftp/sftp # copy files, sftp does it over ssh
iptables # setup firewalls and NAT
nftables # new version of iptables
hping3 # construct any tcp packet you want
tcptraceroute # use tcp packets instead of ICMP to traceroute
openssh # do literally anything with ssl certifications
ethtool # manage physical ethernet connections + network cards
iw/iwconfig # manage wireless network settings
sysctl # configure Linux kernel's network stack
stunnel # make a ssl proxy for an insecure server
Linux System Info Commands
id # current username
w # logged on users
who -a # user information
last -a # last users logged on
ps -ef # process listing (top)
df -h # disk usage (free)
uname -a # kernel version/cpu info
mount # mounted file systems
getent passwd # show list of users
kill <pid> # kills process with pid
cat /etc/issue # show OS info
cat /etc/release # show OS version info
cat /proc/version # show kernel info
nbtstat -A <ip> # get hostname for ip
PATH=$PATH:/home/mypath # add PATH to variable
Linux File Commands
diff file1 file2 # compare files
rm -rf dir # force delete of dir
shred -f -u file # overwrite/delete file
touch -r ref file file # matches ref_file timestamp
touch -t YYYYMMDDHHSS file # set file timestamp
sudo fdisk -1 # list connected drives
mount /dev/sda0 /mnt/usbkey # mount USB key
md5sum -t file # compute md5 hash
echo -n "str" \| md5sum # generate md5 hash
sha1sum file # SHA1 hash of file
sort -u # sort/show unique lines
grep -c "str" file # count lines w/ "str"
tar cf file.tar files # create .tar from files
tar xf file.tar # extract .tar
tar czf file.tar.gz files # create .tar.gz
tar xzf file.tar.gz # extract .tar.gz
tar cjf file.tar.bz2 files # create .tar.bz2
tar xjf file.tar.bz2 # extract .tar.bz2
gzip file # compress/rename file
gzip -d file.gz # decompress file.gz
upx -9 -o out.exe orig.exe # upx packs orig.exe
zip -r zipname.zip \Directory\ # create zip
dd skip=1000 count=2000 bs=8 if=inputfile of=outputfile # cut block 1K-3K from file
split -b 9K \ file prefix # split file into 9K chunks
awk 'sub("$"."\r")' unix.txt win.txt # win compatible txt file
find -i -name file -type *.pdf # find pdf files
find / -perm -4000 -o -perm -2000 -exec ls - ldb {} \; # search for setuid files
dos2unix file # convert to nix format
file file # determine file type/info
chattr (+/-)i file # set/unset immutable bit
mount # mount a file system
unmount # unmount a files system
fsck # check and repair a file system
fdisk # manipulate disk partition table
mkfs # create a file system
dd # convert and copy a file
genisoimage (mkisofs) # create an iso 9660 image file
wodim (cdrecord) # write data to optical storage media
md5sum # calculate an md5 checksum
lshw # list hardware
lsblk # lists block devices
lsusb # lists usb devices
lsof # lists opened files
lspci # lists pci devices
lsmod # program to show the status of modules in the Linux kernel
rmmod # simple program to remove a module from the Linux kernel
insmod # simple program to insert a module into the Linux kernel
modprobe # program to add and remove modules from the Linux kernel
locate # find files by name
find # search for files in a directory hierarchy
xargs # build and execute command lines from standard input
touch # change file times
stat # display file or file system status
tar # tape archiving utility
zip # package and compress files
gzip # compress files
gunzip # un-compress files
bzip2 # a block sorting file compressor
bunzip2 # a block sorting file un-compressor
cat # concatenate files and print on the standard output
sort # sort lines of text files
uniq # report or omit repeated lines
cut # remove sections from each line of files
paste # merge lines of files
join # join lines of two files on a common field
comm # compare two sorted files line by line
diff # compare files line by line
patch # apply a diff file to an original
tr # translate or delete characters
sed # stream editor for filtering and transforming text
aspell # interactive spellchecker
nl # number lines
fold # wrap each line to a specified length
fmt # a simple text formatter
pr # prepare text for printing
printf # format and print data
groff # a document formatting system
Linux Utility Commands
rdesktop ip # remote desktop to ip
scp /tmp/file [email protected]:/tmp/file # put file
scp user@remoteip:/tmp/file /tmp/file # get file
rmuser unarne # remove user
script -a outfile # record shell : ctrl-D stops
apropos subject # find related command
! num # executes line # in history
sudo adduser thor # add user
sudo passwd thor # change user password
usermod thor --shell /bin/bash # change user's shell
usermod -l ironman thor # change user's name
su -l thor # login as another user
sudo userdel thor # delete user
sudo groupadd infinity # add user to a group
groups # check what groups you're member of
sudo usermod -aG infinity thor # add user to a group
sudo usermod -G infinity thor # -G removes the user from every other group
sudo usermod -aG infinity thor # -aG appends another group to the user
sudo groupdel infinity # delete group
Linux “Cover Your Tracks” Commands
echo "" > /var/log/auth.log # clear auth.log file
echo "" > ~/.bash_history # clear current user bash history
rm ~/.bash_history -rf # delete .bash_history file
history -c # clear current session history
export HISTFILESIZE=0 # set history max lines to 0
export HISTSIZE=0 # set histroy max commands to 0
unset HISTFILE # disable history logging (need to logout to take effect)
kill -9 $$ # kills current session
ln /dev/null -/.bash_historj -sf # permanently send all bash history commands to /dev/null
Linux Misc Commands
unset HISTFILE # disable history logging
ssh user@ip arecord - \| aplay - # record remote mic
gee -o outfile myfile.c # compile C,C++
init 6 # reboot (0 = shutdown)
cat /etc/*syslog*.conf \| grep -v "#" # list of log files
grep 'href=' file \| cut -d"/" -f3 \| grep url \| sort -u # strip links in url.com
dd if=/dev/urandom of=outputfile bs=314528 count=100 # make random 3MB file
; # with ";", the second command will run even if the first one fails.
&& # with "&&", the second command won't run if the first one fails.
& # normally, when you execute a long-running command, the command line will wait for that command to finish before it allows you to enter another one. putting "&" after a command prevents this from happening, and lets you execute a new command while an older one is still going.
openssl sha1 file.txt
openssl sha256 file.txt
openssl sha512 file.txt
openssl rand -base64 12
openssl aes-256-cbc -e -salt -in <file> -out <outfile>
openssl aes-256-cbc -d -salt -in <file> -out <outfile>
Linux Files
/etc/shadow # local users hashes
/etc/passwd # local users
/etc/group # local groups
/etc/rc.d # startup services
/etc/init.d # service
/etc/hosts # known hostnames and ips
/etc/HOSTNAME # full hostname with domain
/etc/network/interfaces # network configuration
/etc/profile # system environment variables
/etc/apt/sources.list # Ubuntu source list
/etc/resolv.conf # nameserver configuration
/home/user/.bash_history # bash history (also /root/)
/usr/share/wireshark/rnanuf # vendor-mac lookup
~/.ssh/ # ssh keystore
/var/log # system log files (most Linux)
/var/adm # system log files (Unix)
/var/spool/cron # list cron files
/var/log/apache/access.log # apache connection log
/etc/fstab # static file system info
Google Dorking
allintext # searches for occurrences of all the keywords given.
intext # searches for the occurrences of keywords all at once or one at a time.
inurl # searches for a url matching one of the keywords.
allinurl # searches for a url matching all the keywords in the query.
intitle # searches for occurrences of keywords in title all or one.
allintitle # searches for occurrences of keywords all at a time.
site # specifically searches that particular site and lists all the results for that site.
filetype # searches for a particular filetype mentioned in the query.
link # searches for external links to pages.
numrange # used to locate specific numbers in your searches.
date # search only a range of months
related # list web pages that are "similar" to a specified web page.
phonebook # display all, residential, business phone listings
cache # shows the version of the web page that Google has in its cache.
before/after # used to search within a particular date range.
allinanchor/inanchor # this shows sites which have the keyterms in links pointing to them, in order of the most links.
allinpostauthor/inpostauthor # exclusive to blog search, this one picks out blog posts that are written by specific individuals.
Linux Scripting
Ping sweep
#!/bin/bash
for i in {1..254}; do (ping -c 192.168.1.$i | grep "64 b" &); done
Port sweep
#!/bin/bash
for ip in {1..254};
do for port in {22,80,443,3306,3389};
do (echo >/dev/tcp/10.10.10.$ip/$port) >& /dev/null \
&& echo "10.10.10.$ip:$port is open";
done;
done
Automated domain name resolve bash scripting
#!/bin/bash
echo "Entering Class C Range: i.e. 192.168.3"
read range
for ip in {1..254..1}; do
host $range.$ip | grep "name pointer" | cut -d "" -f5
done
Fork Bomb (creates processes until system crashes)
:(){ :|:& };:
DNS resolver lookup
for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip dns.txt; done;
IPv4
Classful IP ranges
A - 0.0.0.0 - 127.255.255.255
B - 128.0.0.0 - 191.255.255.255
C - 192.0.0.0 - 223.255.255.255
D - 224.0.0.0 - 239.255.255.255
E - 240.0.0.0 - 255.255.255.255
Reserved IP ranges
10.0.0.0 - 10.255.255.255
127.0.0.0 - 127.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255
Subnetting
/31 - 255.255.255.254 - 1 Host
/30 - 255.255.255.252 - 2 Hosts
/29 - 255.255.255.248 - 6 Hosts
/28 - 255.255.255.240 - 14 Hosts
/27 - 255.255.255.224 - 30 Hosts
/26 - 255.255.255.192 - 62 Hosts
/25 - 255.255.255.128 - 126 Hosts
/24 - 255.255.255.0 - 254 Hosts
/23 - 255.255.254.0 - 510 Hosts
/22 - 255.255.252.0 - 1022 Hosts
/21 - 255.255.248.0 - 2046 Hosts
/20 - 255.255.240.0 - 4094 Hosts
/19 - 255.255.224.0 - 8190 Hosts
/18 - 255.255.192.0 - 16382 Hosts
/17 - 255.255.128.0 - 32766 Hosts
/16 - 255.255.0.0 - 65534 Hosts
/15 - 255.254.0.0 - 131070 Hosts
/14 - 255.252.0.0 - 262142 Hosts
/13 - 255.248.0.0 - 524286 Hosts
/12 - 255.240.0.0 - 1048574 Hosts
/11 - 255.224.0.0 - 2097150 Hosts
/10 - 255.192.0.0 - 4194302 Hosts
/9 - 255.128.0.0 - 8388606 Hosts
/8 - 255.0.0.0 - 16777214 Hosts
IPv6
Broadcast addresses
ff02::1 - link-local nodes
ff05::1 - site-local nodes
ff01::2 - node-local routers
ff02::2 - link-local routers
ff05::2 - site-local routers
Interface addresses
fe80:: - link-local
2001:: - routable
::a.b.c.d - IPv4 compatible IPv6
::ffff:a.b.c.d - IPv4 mapped IPv6
THC IPv6 toolkit
Remote Network DoS:
rsumrf6 eth# remote ipv6
tcpdump
Capture packets on eth0 in ASCII and HEX and write to file
tcpdump -i eth0 -XX -w out.pcap
Capture HTTP traffic to 2.2.2.2
tcpdump -i eth0 port 80 dst 2.2.2.2
Show connections to a specific IP
tcpdump -i eth0 -tttt dst 192.168.1.22 and not net 192.168.1.0/24
Print all ping responses
tcpdump -i eth0 'icmp[icmptype] == icmp-echoreply'
Capture 50 DNS packets and print timestamp
tcpdump -i eth0 -c 50 -tttt 'udp and port 53'
bash
#!/bin/bash
# val1 -eq val2 Returns true if the values are equal
# val1 -ne val2 Returns true if the values are not equal
# val1 -gt val2 Returns true if val1 is greater than val2
# val1 -ge val2 Returns true if val1 is greater than or equal to val2
# val1 -lt val2 Returns true if val1 is less than val2
# val1 -le val2 Returns true if val1 is less than or equal to val2
# -a FILE True if file exists.
# -b FILE True if file is block special.
# -c FILE True if file is character special.
# -d FILE True if file is a directory.
# -e FILE True if file exists.
# -f FILE True if file exists and is a regular file.
# -g FILE True if file is set-group-id.
# -h FILE True if file is a symbolic link.
# -L FILE True if file is a symbolic link.
# -k FILE True if file has its sticky bit set.
# -p FILE True if file is a named pipe.
# -r FILE True if file is readable by you.
# -s FILE True if file exists and is not empty.
# -S FILE True if file is a socket.
# -t FD True if FD is opened on a terminal.
# -u FILE True if the file is set-user-id.
# -w FILE True if the file is writable by you.
# -x FILE True if the file is executable by you.
# -O FILE True if the file is effectively owned by you.
# -G FILE True if the file is effectively owned by your group.
# -N FILE True if the file has been modified since it was last read.
# ECHO COMMAND
echo "Hello World!"
# VARIABLES
echo "My name is $NAME"
echo "My name is ${NAME}"
# USER INPUT
read -p "Enter your name: " NAME
echo "Hello $NAME, nice to meet you!"
read -p "Do you want to install nginx [y/n]: " GET_NGINX
# IF-ELSE
if [ "$NAME" == "Brad" ]; then
echo "Your name is Brad"
elif [ "$NAME" == "Jack" ]; then
echo "Your name is Jack"
else
echo "Your name is not Brad or Jack"
fi
# IF-ELSE
if { [ ! -f "$(type -P nginx)" ] && [ $GET_NGINX == 'y' ]; }; then
echo "Install nginx."
fi
# COMPARISON
NUM1=31
NUM2=5
if [ "$NUM1" -gt "$NUM2" ]; then
echo "$NUM1 is greater than $NUM2"
else
echo "$NUM1 is less than $NUM2"
fi
# FILE CONDITIONS
FILE="test.txt"
if [ -e "$FILE" ]; then
echo "$FILE exists"
else
echo "$FILE does NOT exist"
fi
# CASE STATEMENT
read -p "Are you 21 or over? Y/N " ANSWER
case "$ANSWER" in
[yY] | [yY][eE][sS])
echo "You can have a beer :)"
;;
[nN] | [nN][oO])
echo "Sorry, no drinking"
;;
*)
echo "Please enter y/yes or n/no"
;;
esac
# SIMPLE FOR LOOP
NAMES="Brad Kevin Alice Mark"
for NAME in $NAMES
do
echo "Hello $NAME"
done
# FOR LOOP TO RENAME FILES
FILES=$(ls *.txt)
NEW="new"
for FILE in $FILES
do
echo "Renaming $FILE to new-$FILE"
mv $FILE $NEW-$FILE
done
# WHILE LOOP - READ THROUGH A FILE LINE BY LINE
LINE=1
while read -r CURRENT_LINE
do
echo "$LINE: $CURRENT_LINE"
((LINE++))
done < "./new-1.txt"
# FUNCTION
function sayHello() {
echo "Hello World"
}
sayHello
# FUNCTION WITH PARAMS
function greet() {
echo "Hello, I am $1 and I am $2"
}
greet "Brad" "36"
# CREATE FOLDER AND WRITE TO A FILE
mkdir hello
touch "hello/world.txt"
echo "Hello World" >> "hello/world.txt"
echo "Created hello/world.txt"
mysql backup
#!/bin/bash
# crontab -e
# * 0 * * * exec `/bin/bash /home/backup_mysql.sh`
YEAR=`date +%Y`; MONTH=`date +%m`; DAY=`date +%d`; HOUR=`date +%H`;
mkdir -p /backup/$YEAR/$MONTH/$DAY/$HOUR
mysqldump -uroot -proot database_name > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql
mysqldump -uroot -proot database_name | gzip > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql.gz
iptables
Reference:
# -F for flush
iptables -F
# -L for list
iptables -L
iptables -L --line-numbers
# -D for delete
iptables -D INPUT 1
# ACCEPT or DROP every connection
iptables --policy INPUT ACCEPT
iptables --policy INPUT DROP
# -I for insert [adds the rule to the top]
# -A for append [adds the rule to the bottom]
# -s for source
# -j for jump
iptables -I INPUT -s 10.0.0.1 -j DROP
iptables -I INPUT -s 10.0.0.1/24 -j DROP
# -p for protocol
# --dport for destination port
iptables -I INPUT -p tcp --dport 80 -j DROP
iptables -I INPUT -p tcp --dport 80 0s 10.0.0.1 -j ACCEPT
# iptables rules are ephemeral, which means they need to be manually saved for them to persist after a reboot.
sudo /sbin/iptables-save
Sample Script:
#!/bin/bash
# Flush
sudo iptables -P INPUT ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -F
sudo iptables -X
# Set default policies
# Allow outgoing traffic and disallow any passthroughs
sudo iptables -P INPUT DROP
sudo iptables -P OUTPUT ACCEPT
sudo iptables -P FORWARD DROP
# Allow traffic on the loopback interface
sudo iptables -A INPUT -i lo -j ACCEPT
# Allow outbound traffic, previously initiated and accepted exchanges bypass rule checking
sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
sudo iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Allow SSH, HTTP, HTTPS
sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT
# Ratelimit SSH for attack protection
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 3600 --hitcount 4 -j DROP
sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT
# Allow ping
sudo iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
# Drop all other traffic
sudo iptables -A INPUT -j DROP
# Print the activated rules
sudo iptables -nvL
sudo ss -tupln
# Save
sudo apt install iptables-persistent
dpkg-reconfigure iptables-persistent
Cisco Commands
R1>enable
R1#configure terminal
R1(config)#interface fa0/0
R1(config)#no shutdown
R1(config)#ip address 1.1.1.1 255.255.255.0
R1(config)#line vty 0 4
R1(config)#end
R1#show session
R1#show version
R1#dir file systems
R1#dir all-filesystems
R1#dir /all
R1#show running-config
R1#show startup-config
R1#show ip interface brief
R1#show interface e0
R1#show ip route
R1#show access-lists
R1#terminal length 0
R1#copy running-config startup-config
R1#copy running-config tftp
GitHub Repositories {% github-repositories %}
External Links
- Common Ports
- Protocol Numbers
- ip Command
- iptables
- BGP
- EIGRP
- First Hop Redundancy
- IEEE 802.11 WLAN
- IEEE 802.1X
- IPsec
- IPv4 Multicast
- IPv6
- IS-IS
- OSPF
- PPP
- RIP
- Spanning Tree
- Wireshark Display Filters
- Scapy
- TCPDUMP
- Frame Mode MPLS
- IOS Zone-Based Firewall
- NAT
- QoS
- VLANs
- VOIP Basics
- Cisco IOS Versions
- Physical Terminations