Contents
- Linux Network Commands
- Linux System Info Commands
- Linux File Commands
- Linux Utility Commands
- Linux "Cover Your Tracks" Commands
- Linux Misc Commands
- Linux Files
- Google Dorking
- Linux Scripting
- IPv4
- IPv6
- tcpdump
- bash
- mysql backup
- iptables
- Cisco Commands
- GitHub Repositories
- External Links
Linux Network Commands
watch ss --tcp # network connections
netstat -ant # tcp connections -anu=udp
netstat -tulpn # connections with PIDs
lsof -i # established connections
ifconfig eth0 ip/cidr # set ip and netmask
ifconfig eth0:1 ip/cidr # set virtual interface
route add default gw gw_ip # set gateway
export MAC=XX:XX:XX:XX:XX # change mac address
dig -x ip # domain lookup for ip
host ip # domain lookup for ip
dig @ ip domain -t AXFR # dns cone xfer
host -i domain namesvr # dns cone xfer
tcpkill host ip and port port # block ip:port
/var/log/messages \| grep DHCP # list dhcp assignments
ping # send an ICMP ECHO_REQUEST to network hosts
traceroute # print the route packets trace to a network host
ip # show/manipulate routing, devices, policy routing, and tunnels
netstat # print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships
wget # non-interactive network downloader
ssh # secure shell, OpenSSH client (remote login program)
dig # dns lookup utility
nslookup # query internet name servers interactively
route # view and change the route table
whois # internet domain name and network number directory service
curl # make any http request you want
httpie # like curl but easier ("http get")
tc # on a Linux router: slow down your brother's internet (and much more)
scp # copy files over a ssh connection
rsync # copy only changed files (works over ssh)
ngrep # grep for your network
tcpdump # show me all packets on port 80
wireshark # look at the packets in a GUI
tshark # command line super powerful packet analysis
tcpflow # capture and assemble tcp streams
ifconfig # what is my ip address
arp # see your arp table
mitmproxy # spy on ssl connections your programs are making
pof # identify OS of hosts connecting to you
openvpn # a vpn
wireguard # a newer vpn
nc # netcat! make tcp connections manually
socat # proxy a tcp socket to a Unix domain socket + lots more
telnet # like ssh but insecure
ftp/sftp # copy files, sftp does it over ssh
iptables # setup firewalls and NAT
nftables # new version of iptables
hping3 # construct any tcp packet you want
tcptraceroute # use tcp packets instead of ICMP to traceroute
openssh # do literally anything with ssl certifications
ethtool # manage physical ethernet connections + network cards
iw/iwconfig # manage wireless network settings
sysctl # configure Linux kernel's network stack
stunnel # make a ssl proxy for an insecure server
Linux System Info Commands
id # current username w # logged on users who -a # user information last -a # last users logged on ps -ef # process listing (top) df -h # disk usage (free) uname -a # kernel version/cpu info mount # mounted file systems getent passwd # show list of users kill <pid> # kills process with pid cat /etc/issue # show OS info cat /etc/release # show OS version info cat /proc/version # show kernel info nbtstat -A <ip> # get hostname for ip PATH=$PATH:/home/mypath # add PATH to variable
Linux File Commands
diff file1 file2 # compare files
rm -rf dir # force delete of dir
shred -f -u file # overwrite/delete file
touch -r ref file file # matches ref_file timestamp
touch -t YYYYMMDDHHSS file # set file timestamp
sudo fdisk -1 # list connected drives
mount /dev/sda0 /mnt/usbkey # mount USB key
md5sum -t file # compute md5 hash
echo -n "str" \| md5sum # generate md5 hash
sha1sum file # SHA1 hash of file
sort -u # sort/show unique lines
grep -c "str" file # count lines w/ "str"
tar cf file.tar files # create .tar from files
tar xf file.tar # extract .tar
tar czf file.tar.gz files # create .tar.gz
tar xzf file.tar.gz # extract .tar.gz
tar cjf file.tar.bz2 files # create .tar.bz2
tar xjf file.tar.bz2 # extract .tar.bz2
gzip file # compress/rename file
gzip -d file.gz # decompress file.gz
upx -9 -o out.exe orig.exe # upx packs orig.exe
zip -r zipname.zip \Directory\ # create zip
dd skip=1000 count=2000 bs=8 if=inputfile of=outputfile # cut block 1K-3K from file
split -b 9K \ file prefix # split file into 9K chunks
awk 'sub("$"."\r")' unix.txt win.txt # win compatible txt file
find -i -name file -type *.pdf # find pdf files
find / -perm -4000 -o -perm -2000 -exec ls - ldb {} \; # search for setuid files
dos2unix file # convert to nix format
file file # determine file type/info
chattr (+/-)i file # set/unset immutable bit
mount # mount a file system
unmount # unmount a files system
fsck # check and repair a file system
fdisk # manipulate disk partition table
mkfs # create a file system
dd # convert and copy a file
genisoimage (mkisofs) # create an iso 9660 image file
wodim (cdrecord) # write data to optical storage media
md5sum # calculate an md5 checksum
lshw # list hardware
lsblk # lists block devices
lsusb # lists usb devices
lsof # lists opened files
lspci # lists pci devices
lsmod # program to show the status of modules in the Linux kernel
rmmod # simple program to remove a module from the Linux kernel
insmod # simple program to insert a module into the Linux kernel
modprobe # program to add and remove modules from the Linux kernel
locate # find files by name
find # search for files in a directory hierarchy
xargs # build and execute command lines from standard input
touch # change file times
stat # display file or file system status
tar # tape archiving utility
zip # package and compress files
gzip # compress files
gunzip # un-compress files
bzip2 # a block sorting file compressor
bunzip2 # a block sorting file un-compressor
cat # concatenate files and print on the standard output
sort # sort lines of text files
uniq # report or omit repeated lines
cut # remove sections from each line of files
paste # merge lines of files
join # join lines of two files on a common field
comm # compare two sorted files line by line
diff # compare files line by line
patch # apply a diff file to an original
tr # translate or delete characters
sed # stream editor for filtering and transforming text
aspell # interactive spellchecker
nl # number lines
fold # wrap each line to a specified length
fmt # a simple text formatter
pr # prepare text for printing
printf # format and print data
groff # a document formatting system
Linux Utility Commands
rdesktop ip # remote desktop to ip scp /tmp/file user@x.x.x.x:/tmp/file # put file scp user@remoteip:/tmp/file /tmp/file # get file rmuser unarne # remove user script -a outfile # record shell : ctrl-D stops apropos subject # find related command ! num # executes line # in history sudo adduser thor # add user sudo passwd thor # change user password usermod thor --shell /bin/bash # change user's shell usermod -l ironman thor # change user's name su -l thor # login as another user sudo userdel thor # delete user sudo groupadd infinity # add user to a group groups # check what groups you're member of sudo usermod -aG infinity thor # add user to a group sudo usermod -G infinity thor # -G removes the user from every other group sudo usermod -aG infinity thor # -aG appends another group to the user sudo groupdel infinity # delete group
Linux "Cover Your Tracks" Commands
echo "" > /var/log/auth.log # clear auth.log file echo "" > ~/.bash_history # clear current user bash history rm ~/.bash_history -rf # delete .bash_history file history -c # clear current session history export HISTFILESIZE=0 # set history max lines to 0 export HISTSIZE=0 # set histroy max commands to 0 unset HISTFILE # disable history logging (need to logout to take effect) kill -9 $$ # kills current session ln /dev/null -/.bash_historj -sf # permanently send all bash history commands to /dev/null
Linux Misc Commands
unset HISTFILE # disable history logging ssh user@ip arecord - \| aplay - # record remote mic gee -o outfile myfile.c # compile C,C++ init 6 # reboot (0 = shutdown) cat /etc/*syslog*.conf \| grep -v "#" # list of log files grep 'href=' file \| cut -d"/" -f3 \| grep url \| sort -u # strip links in url.com dd if=/dev/urandom of=outputfile bs=314528 count=100 # make random 3MB file ; # with ";", the second command will run even if the first one fails. && # with "&&", the second command won't run if the first one fails. & # normally, when you execute a long-running command, the command line will wait for that command to finish before it allows you to enter another one. putting "&" after a command prevents this from happening, and lets you execute a new command while an older one is still going. openssl sha1 file.txt openssl sha256 file.txt openssl sha512 file.txt openssl rand -base64 12 openssl aes-256-cbc -e -salt -in <file> -out <outfile> openssl aes-256-cbc -d -salt -in <file> -out <outfile>
Linux Files
/etc/shadow # local users hashes /etc/passwd # local users /etc/group # local groups /etc/rc.d # startup services /etc/init.d # service /etc/hosts # known hostnames and ips /etc/HOSTNAME # full hostname with domain /etc/network/interfaces # network configuration /etc/profile # system environment variables /etc/apt/sources.list # Ubuntu source list /etc/resolv.conf # nameserver configuration /home/user/.bash_history # bash history (also /root/) /usr/share/wireshark/rnanuf # vendor-mac lookup ~/.ssh/ # ssh keystore /var/log # system log files (most Linux) /var/adm # system log files (Unix) /var/spool/cron # list cron files /var/log/apache/access.log # apache connection log /etc/fstab # static file system info
Google Dorking
allintext # searches for occurrences of all the keywords given. intext # searches for the occurrences of keywords all at once or one at a time. inurl # searches for a url matching one of the keywords. allinurl # searches for a url matching all the keywords in the query. intitle # searches for occurrences of keywords in title all or one. allintitle # searches for occurrences of keywords all at a time. site # specifically searches that particular site and lists all the results for that site. filetype # searches for a particular filetype mentioned in the query. link # searches for external links to pages. numrange # used to locate specific numbers in your searches. date # search only a range of months related # list web pages that are "similar" to a specified web page. phonebook # display all, residential, business phone listings cache # shows the version of the web page that Google has in its cache. before/after # used to search within a particular date range. allinanchor/inanchor # this shows sites which have the keyterms in links pointing to them, in order of the most links. allinpostauthor/inpostauthor # exclusive to blog search, this one picks out blog posts that are written by specific individuals.
Linux Scripting
Ping sweep
#!/bin/bash
for i in {1..254}; do (ping -c 192.168.1.$i | grep "64 b" &); done
Port sweep
#!/bin/bash
for ip in {1..254};
do for port in {22,80,443,3306,3389};
do (echo >/dev/tcp/10.10.10.$ip/$port) >& /dev/null \
&& echo "10.10.10.$ip:$port is open";
done;
done
Automated domain name resolve bash scripting
#!/bin/bash
echo "Entering Class C Range: i.e. 192.168.3"
read range
for ip in {1..254..1}; do
host $range.$ip | grep "name pointer" | cut -d "" -f5
done
Fork Bomb (creates processes until system crashes)
:(){ :|:& };:
DNS resolver lookup
for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip dns.txt; done;
IPv4
Classful IP ranges
A - 0.0.0.0 - 127.255.255.255 B - 128.0.0.0 - 191.255.255.255 C - 192.0.0.0 - 223.255.255.255 D - 224.0.0.0 - 239.255.255.255 E - 240.0.0.0 - 255.255.255.255
Reserved IP ranges
10.0.0.0 - 10.255.255.255 127.0.0.0 - 127.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Subnetting
/31 - 255.255.255.254 - 1 Host /30 - 255.255.255.252 - 2 Hosts /29 - 255.255.255.248 - 6 Hosts /28 - 255.255.255.240 - 14 Hosts /27 - 255.255.255.224 - 30 Hosts /26 - 255.255.255.192 - 62 Hosts /25 - 255.255.255.128 - 126 Hosts /24 - 255.255.255.0 - 254 Hosts /23 - 255.255.254.0 - 510 Hosts /22 - 255.255.252.0 - 1022 Hosts /21 - 255.255.248.0 - 2046 Hosts /20 - 255.255.240.0 - 4094 Hosts /19 - 255.255.224.0 - 8190 Hosts /18 - 255.255.192.0 - 16382 Hosts /17 - 255.255.128.0 - 32766 Hosts /16 - 255.255.0.0 - 65534 Hosts /15 - 255.254.0.0 - 131070 Hosts /14 - 255.252.0.0 - 262142 Hosts /13 - 255.248.0.0 - 524286 Hosts /12 - 255.240.0.0 - 1048574 Hosts /11 - 255.224.0.0 - 2097150 Hosts /10 - 255.192.0.0 - 4194302 Hosts /9 - 255.128.0.0 - 8388606 Hosts /8 - 255.0.0.0 - 16777214 Hosts
IPv6
Broadcast addresses
ff02::1 - link-local nodes ff05::1 - site-local nodes ff01::2 - node-local routers ff02::2 - link-local routers ff05::2 - site-local routers
Interface addresses
fe80:: - link-local 2001:: - routable ::a.b.c.d - IPv4 compatible IPv6 ::ffff:a.b.c.d - IPv4 mapped IPv6
THC IPv6 toolkit
Remote Network DoS: rsumrf6 eth# remote ipv6
tcpdump
Capture packets on eth0 in ASCII and HEX and write to file
tcpdump -i eth0 -XX -w out.pcap
Capture HTTP traffic to 2.2.2.2
tcpdump -i eth0 port 80 dst 2.2.2.2
Show connections to a specific IP
tcpdump -i eth0 -tttt dst 192.168.1.22 and not net 192.168.1.0/24
Print all ping responses
tcpdump -i eth0 'icmp[icmptype] == icmp-echoreply'
Capture 50 DNS packets and print timestamp
tcpdump -i eth0 -c 50 -tttt 'udp and port 53'
bash
#!/bin/bash
# val1 -eq val2 Returns true if the values are equal
# val1 -ne val2 Returns true if the values are not equal
# val1 -gt val2 Returns true if val1 is greater than val2
# val1 -ge val2 Returns true if val1 is greater than or equal to val2
# val1 -lt val2 Returns true if val1 is less than val2
# val1 -le val2 Returns true if val1 is less than or equal to val2
# -a FILE True if file exists.
# -b FILE True if file is block special.
# -c FILE True if file is character special.
# -d FILE True if file is a directory.
# -e FILE True if file exists.
# -f FILE True if file exists and is a regular file.
# -g FILE True if file is set-group-id.
# -h FILE True if file is a symbolic link.
# -L FILE True if file is a symbolic link.
# -k FILE True if file has its sticky bit set.
# -p FILE True if file is a named pipe.
# -r FILE True if file is readable by you.
# -s FILE True if file exists and is not empty.
# -S FILE True if file is a socket.
# -t FD True if FD is opened on a terminal.
# -u FILE True if the file is set-user-id.
# -w FILE True if the file is writable by you.
# -x FILE True if the file is executable by you.
# -O FILE True if the file is effectively owned by you.
# -G FILE True if the file is effectively owned by your group.
# -N FILE True if the file has been modified since it was last read.
# ECHO COMMAND
echo "Hello World!"
# VARIABLES
echo "My name is $NAME"
echo "My name is ${NAME}"
# USER INPUT
read -p "Enter your name: " NAME
echo "Hello $NAME, nice to meet you!"
read -p "Do you want to install nginx [y/n]: " GET_NGINX
# IF-ELSE
if [ "$NAME" == "Brad" ]; then
echo "Your name is Brad"
elif [ "$NAME" == "Jack" ]; then
echo "Your name is Jack"
else
echo "Your name is not Brad or Jack"
fi
# IF-ELSE
if { [ ! -f "$(type -P nginx)" ] && [ $GET_NGINX == 'y' ]; }; then
echo "Install nginx."
fi
# COMPARISON
NUM1=31
NUM2=5
if [ "$NUM1" -gt "$NUM2" ]; then
echo "$NUM1 is greater than $NUM2"
else
echo "$NUM1 is less than $NUM2"
fi
# FILE CONDITIONS
FILE="test.txt"
if [ -e "$FILE" ]; then
echo "$FILE exists"
else
echo "$FILE does NOT exist"
fi
# CASE STATEMENT
read -p "Are you 21 or over? Y/N " ANSWER
case "$ANSWER" in
[yY] | [yY][eE][sS])
echo "You can have a beer :)"
;;
[nN] | [nN][oO])
echo "Sorry, no drinking"
;;
*)
echo "Please enter y/yes or n/no"
;;
esac
# SIMPLE FOR LOOP
NAMES="Brad Kevin Alice Mark"
for NAME in $NAMES
do
echo "Hello $NAME"
done
# FOR LOOP TO RENAME FILES
FILES=$(ls *.txt)
NEW="new"
for FILE in $FILES
do
echo "Renaming $FILE to new-$FILE"
mv $FILE $NEW-$FILE
done
# WHILE LOOP - READ THROUGH A FILE LINE BY LINE
LINE=1
while read -r CURRENT_LINE
do
echo "$LINE: $CURRENT_LINE"
((LINE++))
done < "./new-1.txt"
# FUNCTION
function sayHello() {
echo "Hello World"
}
sayHello
# FUNCTION WITH PARAMS
function greet() {
echo "Hello, I am $1 and I am $2"
}
greet "Brad" "36"
# CREATE FOLDER AND WRITE TO A FILE
mkdir hello
touch "hello/world.txt"
echo "Hello World" >> "hello/world.txt"
echo "Created hello/world.txt"
mysql backup
#!/bin/bash # crontab -e # * 0 * * * exec `/bin/bash /home/backup_mysql.sh` YEAR=`date +%Y`; MONTH=`date +%m`; DAY=`date +%d`; HOUR=`date +%H`; mkdir -p /backup/$YEAR/$MONTH/$DAY/$HOUR mysqldump -uroot -proot database_name > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql mysqldump -uroot -proot database_name | gzip > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql.gz
iptables
Reference:
# -F for flush iptables -F # -L for list iptables -L iptables -L --line-numbers # -D for delete iptables -D INPUT 1 # ACCEPT or DROP every connection iptables --policy INPUT ACCEPT iptables --policy INPUT DROP # -I for insert [adds the rule to the top] # -A for append [adds the rule to the bottom] # -s for source # -j for jump iptables -I INPUT -s 10.0.0.1 -j DROP iptables -I INPUT -s 10.0.0.1/24 -j DROP # -p for protocol # --dport for destination port iptables -I INPUT -p tcp --dport 80 -j DROP iptables -I INPUT -p tcp --dport 80 0s 10.0.0.1 -j ACCEPT # iptables rules are ephemeral, which means they need to be manually saved for them to persist after a reboot. sudo /sbin/iptables-save
Sample Script:
#!/bin/bash # Flush sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -X # Set default policies # Allow outgoing traffic and disallow any passthroughs sudo iptables -P INPUT DROP sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD DROP # Allow traffic on the loopback interface sudo iptables -A INPUT -i lo -j ACCEPT # Allow outbound traffic, previously initiated and accepted exchanges bypass rule checking sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Allow SSH, HTTP, HTTPS sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Ratelimit SSH for attack protection sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 3600 --hitcount 4 -j DROP sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT # Allow ping sudo iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Drop all other traffic sudo iptables -A INPUT -j DROP # Print the activated rules sudo iptables -nvL sudo ss -tupln # Save sudo apt install iptables-persistent dpkg-reconfigure iptables-persistent
Cisco Commands
R1>enable R1#configure terminal R1(config)#interface fa0/0 R1(config)#no shutdown R1(config)#ip address 1.1.1.1 255.255.255.0 R1(config)#line vty 0 4 R1(config)#end R1#show session R1#show version R1#dir file systems R1#dir all-filesystems R1#dir /all R1#show running-config R1#show startup-config R1#show ip interface brief R1#show interface e0 R1#show ip route R1#show access-lists R1#terminal length 0 R1#copy running-config startup-config R1#copy running-config tftp