Contents
- Linux Network Commands
- Linux System Info Commands
- Linux File Commands
- Linux Utility Commands
- Linux "Cover Your Tracks" Commands
- Linux Misc Commands
- Linux Files
- Google Dorking
- Linux Scripting
- IPv4
- IPv6
- tcpdump
- bash
- mysql backup
- iptables
- Cisco Commands
- GitHub Repositories
- External Links
Linux Network Commands
watch ss --tcp # network connections netstat -ant # tcp connections -anu=udp netstat -tulpn # connections with PIDs lsof -i # established connections ifconfig eth0 ip/cidr # set ip and netmask ifconfig eth0:1 ip/cidr # set virtual interface route add default gw gw_ip # set gateway export MAC=XX:XX:XX:XX:XX # change mac address dig -x ip # domain lookup for ip host ip # domain lookup for ip dig @ ip domain -t AXFR # dns cone xfer host -i domain namesvr # dns cone xfer tcpkill host ip and port port # block ip:port /var/log/messages \| grep DHCP # list dhcp assignments ping # send an ICMP ECHO_REQUEST to network hosts traceroute # print the route packets trace to a network host ip # show/manipulate routing, devices, policy routing, and tunnels netstat # print network connections, routing tables, interface statistics, masquerade connections, and multicast memberships wget # non-interactive network downloader ssh # secure shell, OpenSSH client (remote login program) dig # dns lookup utility nslookup # query internet name servers interactively route # view and change the route table whois # internet domain name and network number directory service curl # make any http request you want httpie # like curl but easier ("http get") tc # on a Linux router: slow down your brother's internet (and much more) scp # copy files over a ssh connection rsync # copy only changed files (works over ssh) ngrep # grep for your network tcpdump # show me all packets on port 80 wireshark # look at the packets in a GUI tshark # command line super powerful packet analysis tcpflow # capture and assemble tcp streams ifconfig # what is my ip address arp # see your arp table mitmproxy # spy on ssl connections your programs are making pof # identify OS of hosts connecting to you openvpn # a vpn wireguard # a newer vpn nc # netcat! make tcp connections manually socat # proxy a tcp socket to a Unix domain socket + lots more telnet # like ssh but insecure ftp/sftp # copy files, sftp does it over ssh iptables # setup firewalls and NAT nftables # new version of iptables hping3 # construct any tcp packet you want tcptraceroute # use tcp packets instead of ICMP to traceroute openssh # do literally anything with ssl certifications ethtool # manage physical ethernet connections + network cards iw/iwconfig # manage wireless network settings sysctl # configure Linux kernel's network stack stunnel # make a ssl proxy for an insecure server
Linux System Info Commands
id # current username w # logged on users who -a # user information last -a # last users logged on ps -ef # process listing (top) df -h # disk usage (free) uname -a # kernel version/cpu info mount # mounted file systems getent passwd # show list of users kill <pid> # kills process with pid cat /etc/issue # show OS info cat /etc/release # show OS version info cat /proc/version # show kernel info nbtstat -A <ip> # get hostname for ip PATH=$PATH:/home/mypath # add PATH to variable
Linux File Commands
diff file1 file2 # compare files rm -rf dir # force delete of dir shred -f -u file # overwrite/delete file touch -r ref file file # matches ref_file timestamp touch -t YYYYMMDDHHSS file # set file timestamp sudo fdisk -1 # list connected drives mount /dev/sda0 /mnt/usbkey # mount USB key md5sum -t file # compute md5 hash echo -n "str" \| md5sum # generate md5 hash sha1sum file # SHA1 hash of file sort -u # sort/show unique lines grep -c "str" file # count lines w/ "str" tar cf file.tar files # create .tar from files tar xf file.tar # extract .tar tar czf file.tar.gz files # create .tar.gz tar xzf file.tar.gz # extract .tar.gz tar cjf file.tar.bz2 files # create .tar.bz2 tar xjf file.tar.bz2 # extract .tar.bz2 gzip file # compress/rename file gzip -d file.gz # decompress file.gz upx -9 -o out.exe orig.exe # upx packs orig.exe zip -r zipname.zip \Directory\ # create zip dd skip=1000 count=2000 bs=8 if=inputfile of=outputfile # cut block 1K-3K from file split -b 9K \ file prefix # split file into 9K chunks awk 'sub("$"."\r")' unix.txt win.txt # win compatible txt file find -i -name file -type *.pdf # find pdf files find / -perm -4000 -o -perm -2000 -exec ls - ldb {} \; # search for setuid files dos2unix file # convert to nix format file file # determine file type/info chattr (+/-)i file # set/unset immutable bit mount # mount a file system unmount # unmount a files system fsck # check and repair a file system fdisk # manipulate disk partition table mkfs # create a file system dd # convert and copy a file genisoimage (mkisofs) # create an iso 9660 image file wodim (cdrecord) # write data to optical storage media md5sum # calculate an md5 checksum lshw # list hardware lsblk # lists block devices lsusb # lists usb devices lsof # lists opened files lspci # lists pci devices lsmod # program to show the status of modules in the Linux kernel rmmod # simple program to remove a module from the Linux kernel insmod # simple program to insert a module into the Linux kernel modprobe # program to add and remove modules from the Linux kernel locate # find files by name find # search for files in a directory hierarchy xargs # build and execute command lines from standard input touch # change file times stat # display file or file system status tar # tape archiving utility zip # package and compress files gzip # compress files gunzip # un-compress files bzip2 # a block sorting file compressor bunzip2 # a block sorting file un-compressor cat # concatenate files and print on the standard output sort # sort lines of text files uniq # report or omit repeated lines cut # remove sections from each line of files paste # merge lines of files join # join lines of two files on a common field comm # compare two sorted files line by line diff # compare files line by line patch # apply a diff file to an original tr # translate or delete characters sed # stream editor for filtering and transforming text aspell # interactive spellchecker nl # number lines fold # wrap each line to a specified length fmt # a simple text formatter pr # prepare text for printing printf # format and print data groff # a document formatting system
Linux Utility Commands
rdesktop ip # remote desktop to ip scp /tmp/file user@x.x.x.x:/tmp/file # put file scp user@remoteip:/tmp/file /tmp/file # get file rmuser unarne # remove user script -a outfile # record shell : ctrl-D stops apropos subject # find related command ! num # executes line # in history sudo adduser thor # add user sudo passwd thor # change user password usermod thor --shell /bin/bash # change user's shell usermod -l ironman thor # change user's name su -l thor # login as another user sudo userdel thor # delete user sudo groupadd infinity # add user to a group groups # check what groups you're member of sudo usermod -aG infinity thor # add user to a group sudo usermod -G infinity thor # -G removes the user from every other group sudo usermod -aG infinity thor # -aG appends another group to the user sudo groupdel infinity # delete group
Linux "Cover Your Tracks" Commands
echo "" > /var/log/auth.log # clear auth.log file echo "" > ~/.bash_history # clear current user bash history rm ~/.bash_history -rf # delete .bash_history file history -c # clear current session history export HISTFILESIZE=0 # set history max lines to 0 export HISTSIZE=0 # set histroy max commands to 0 unset HISTFILE # disable history logging (need to logout to take effect) kill -9 $$ # kills current session ln /dev/null -/.bash_historj -sf # permanently send all bash history commands to /dev/null
Linux Misc Commands
unset HISTFILE # disable history logging ssh user@ip arecord - \| aplay - # record remote mic gee -o outfile myfile.c # compile C,C++ init 6 # reboot (0 = shutdown) cat /etc/*syslog*.conf \| grep -v "#" # list of log files grep 'href=' file \| cut -d"/" -f3 \| grep url \| sort -u # strip links in url.com dd if=/dev/urandom of=outputfile bs=314528 count=100 # make random 3MB file ; # with ";", the second command will run even if the first one fails. && # with "&&", the second command won't run if the first one fails. & # normally, when you execute a long-running command, the command line will wait for that command to finish before it allows you to enter another one. putting "&" after a command prevents this from happening, and lets you execute a new command while an older one is still going. openssl sha1 file.txt openssl sha256 file.txt openssl sha512 file.txt openssl rand -base64 12 openssl aes-256-cbc -e -salt -in <file> -out <outfile> openssl aes-256-cbc -d -salt -in <file> -out <outfile>
Linux Files
/etc/shadow # local users hashes /etc/passwd # local users /etc/group # local groups /etc/rc.d # startup services /etc/init.d # service /etc/hosts # known hostnames and ips /etc/HOSTNAME # full hostname with domain /etc/network/interfaces # network configuration /etc/profile # system environment variables /etc/apt/sources.list # Ubuntu source list /etc/resolv.conf # nameserver configuration /home/user/.bash_history # bash history (also /root/) /usr/share/wireshark/rnanuf # vendor-mac lookup ~/.ssh/ # ssh keystore /var/log # system log files (most Linux) /var/adm # system log files (Unix) /var/spool/cron # list cron files /var/log/apache/access.log # apache connection log /etc/fstab # static file system info
Google Dorking
allintext # searches for occurrences of all the keywords given. intext # searches for the occurrences of keywords all at once or one at a time. inurl # searches for a url matching one of the keywords. allinurl # searches for a url matching all the keywords in the query. intitle # searches for occurrences of keywords in title all or one. allintitle # searches for occurrences of keywords all at a time. site # specifically searches that particular site and lists all the results for that site. filetype # searches for a particular filetype mentioned in the query. link # searches for external links to pages. numrange # used to locate specific numbers in your searches. date # search only a range of months related # list web pages that are "similar" to a specified web page. phonebook # display all, residential, business phone listings cache # shows the version of the web page that Google has in its cache. before/after # used to search within a particular date range. allinanchor/inanchor # this shows sites which have the keyterms in links pointing to them, in order of the most links. allinpostauthor/inpostauthor # exclusive to blog search, this one picks out blog posts that are written by specific individuals.
Linux Scripting
Ping sweep
#!/bin/bash for i in {1..254}; do (ping -c 192.168.1.$i | grep "64 b" &); done
Port sweep
#!/bin/bash for ip in {1..254}; do for port in {22,80,443,3306,3389}; do (echo >/dev/tcp/10.10.10.$ip/$port) >& /dev/null \ && echo "10.10.10.$ip:$port is open"; done; done
Automated domain name resolve bash scripting
#!/bin/bash echo "Entering Class C Range: i.e. 192.168.3" read range for ip in {1..254..1}; do host $range.$ip | grep "name pointer" | cut -d "" -f5 done
Fork Bomb (creates processes until system crashes)
:(){ :|:& };:
DNS resolver lookup
for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip dns.txt; done;
IPv4
Classful IP ranges
A - 0.0.0.0 - 127.255.255.255 B - 128.0.0.0 - 191.255.255.255 C - 192.0.0.0 - 223.255.255.255 D - 224.0.0.0 - 239.255.255.255 E - 240.0.0.0 - 255.255.255.255
Reserved IP ranges
10.0.0.0 - 10.255.255.255 127.0.0.0 - 127.255.255.255 172.16.0.0 - 172.31.255.255 192.168.0.0 - 192.168.255.255
Subnetting
/31 - 255.255.255.254 - 1 Host /30 - 255.255.255.252 - 2 Hosts /29 - 255.255.255.248 - 6 Hosts /28 - 255.255.255.240 - 14 Hosts /27 - 255.255.255.224 - 30 Hosts /26 - 255.255.255.192 - 62 Hosts /25 - 255.255.255.128 - 126 Hosts /24 - 255.255.255.0 - 254 Hosts /23 - 255.255.254.0 - 510 Hosts /22 - 255.255.252.0 - 1022 Hosts /21 - 255.255.248.0 - 2046 Hosts /20 - 255.255.240.0 - 4094 Hosts /19 - 255.255.224.0 - 8190 Hosts /18 - 255.255.192.0 - 16382 Hosts /17 - 255.255.128.0 - 32766 Hosts /16 - 255.255.0.0 - 65534 Hosts /15 - 255.254.0.0 - 131070 Hosts /14 - 255.252.0.0 - 262142 Hosts /13 - 255.248.0.0 - 524286 Hosts /12 - 255.240.0.0 - 1048574 Hosts /11 - 255.224.0.0 - 2097150 Hosts /10 - 255.192.0.0 - 4194302 Hosts /9 - 255.128.0.0 - 8388606 Hosts /8 - 255.0.0.0 - 16777214 Hosts
IPv6
Broadcast addresses
ff02::1 - link-local nodes ff05::1 - site-local nodes ff01::2 - node-local routers ff02::2 - link-local routers ff05::2 - site-local routers
Interface addresses
fe80:: - link-local 2001:: - routable ::a.b.c.d - IPv4 compatible IPv6 ::ffff:a.b.c.d - IPv4 mapped IPv6
THC IPv6 toolkit
Remote Network DoS: rsumrf6 eth# remote ipv6
tcpdump
Capture packets on eth0 in ASCII and HEX and write to file
tcpdump -i eth0 -XX -w out.pcap
Capture HTTP traffic to 2.2.2.2
tcpdump -i eth0 port 80 dst 2.2.2.2
Show connections to a specific IP
tcpdump -i eth0 -tttt dst 192.168.1.22 and not net 192.168.1.0/24
Print all ping responses
tcpdump -i eth0 'icmp[icmptype] == icmp-echoreply'
Capture 50 DNS packets and print timestamp
tcpdump -i eth0 -c 50 -tttt 'udp and port 53'
bash
#!/bin/bash # val1 -eq val2 Returns true if the values are equal # val1 -ne val2 Returns true if the values are not equal # val1 -gt val2 Returns true if val1 is greater than val2 # val1 -ge val2 Returns true if val1 is greater than or equal to val2 # val1 -lt val2 Returns true if val1 is less than val2 # val1 -le val2 Returns true if val1 is less than or equal to val2 # -a FILE True if file exists. # -b FILE True if file is block special. # -c FILE True if file is character special. # -d FILE True if file is a directory. # -e FILE True if file exists. # -f FILE True if file exists and is a regular file. # -g FILE True if file is set-group-id. # -h FILE True if file is a symbolic link. # -L FILE True if file is a symbolic link. # -k FILE True if file has its sticky bit set. # -p FILE True if file is a named pipe. # -r FILE True if file is readable by you. # -s FILE True if file exists and is not empty. # -S FILE True if file is a socket. # -t FD True if FD is opened on a terminal. # -u FILE True if the file is set-user-id. # -w FILE True if the file is writable by you. # -x FILE True if the file is executable by you. # -O FILE True if the file is effectively owned by you. # -G FILE True if the file is effectively owned by your group. # -N FILE True if the file has been modified since it was last read. # ECHO COMMAND echo "Hello World!" # VARIABLES echo "My name is $NAME" echo "My name is ${NAME}" # USER INPUT read -p "Enter your name: " NAME echo "Hello $NAME, nice to meet you!" read -p "Do you want to install nginx [y/n]: " GET_NGINX # IF-ELSE if [ "$NAME" == "Brad" ]; then echo "Your name is Brad" elif [ "$NAME" == "Jack" ]; then echo "Your name is Jack" else echo "Your name is not Brad or Jack" fi # IF-ELSE if { [ ! -f "$(type -P nginx)" ] && [ $GET_NGINX == 'y' ]; }; then echo "Install nginx." fi # COMPARISON NUM1=31 NUM2=5 if [ "$NUM1" -gt "$NUM2" ]; then echo "$NUM1 is greater than $NUM2" else echo "$NUM1 is less than $NUM2" fi # FILE CONDITIONS FILE="test.txt" if [ -e "$FILE" ]; then echo "$FILE exists" else echo "$FILE does NOT exist" fi # CASE STATEMENT read -p "Are you 21 or over? Y/N " ANSWER case "$ANSWER" in [yY] | [yY][eE][sS]) echo "You can have a beer :)" ;; [nN] | [nN][oO]) echo "Sorry, no drinking" ;; *) echo "Please enter y/yes or n/no" ;; esac # SIMPLE FOR LOOP NAMES="Brad Kevin Alice Mark" for NAME in $NAMES do echo "Hello $NAME" done # FOR LOOP TO RENAME FILES FILES=$(ls *.txt) NEW="new" for FILE in $FILES do echo "Renaming $FILE to new-$FILE" mv $FILE $NEW-$FILE done # WHILE LOOP - READ THROUGH A FILE LINE BY LINE LINE=1 while read -r CURRENT_LINE do echo "$LINE: $CURRENT_LINE" ((LINE++)) done < "./new-1.txt" # FUNCTION function sayHello() { echo "Hello World" } sayHello # FUNCTION WITH PARAMS function greet() { echo "Hello, I am $1 and I am $2" } greet "Brad" "36" # CREATE FOLDER AND WRITE TO A FILE mkdir hello touch "hello/world.txt" echo "Hello World" >> "hello/world.txt" echo "Created hello/world.txt"
mysql backup
#!/bin/bash # crontab -e # * 0 * * * exec `/bin/bash /home/backup_mysql.sh` YEAR=`date +%Y`; MONTH=`date +%m`; DAY=`date +%d`; HOUR=`date +%H`; mkdir -p /backup/$YEAR/$MONTH/$DAY/$HOUR mysqldump -uroot -proot database_name > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql mysqldump -uroot -proot database_name | gzip > /backup/$YEAR/$MONTH/$DAY/$HOUR/backup.sql.gz
iptables
Reference:
# -F for flush iptables -F # -L for list iptables -L iptables -L --line-numbers # -D for delete iptables -D INPUT 1 # ACCEPT or DROP every connection iptables --policy INPUT ACCEPT iptables --policy INPUT DROP # -I for insert [adds the rule to the top] # -A for append [adds the rule to the bottom] # -s for source # -j for jump iptables -I INPUT -s 10.0.0.1 -j DROP iptables -I INPUT -s 10.0.0.1/24 -j DROP # -p for protocol # --dport for destination port iptables -I INPUT -p tcp --dport 80 -j DROP iptables -I INPUT -p tcp --dport 80 0s 10.0.0.1 -j ACCEPT # iptables rules are ephemeral, which means they need to be manually saved for them to persist after a reboot. sudo /sbin/iptables-save
Sample Script:
#!/bin/bash # Flush sudo iptables -P INPUT ACCEPT sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD ACCEPT sudo iptables -F sudo iptables -X # Set default policies # Allow outgoing traffic and disallow any passthroughs sudo iptables -P INPUT DROP sudo iptables -P OUTPUT ACCEPT sudo iptables -P FORWARD DROP # Allow traffic on the loopback interface sudo iptables -A INPUT -i lo -j ACCEPT # Allow outbound traffic, previously initiated and accepted exchanges bypass rule checking sudo iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT sudo iptables -A OUTPUT -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Allow SSH, HTTP, HTTPS sudo iptables -A INPUT -p tcp --dport 22 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT # Ratelimit SSH for attack protection sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 3600 --hitcount 4 -j DROP sudo iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j ACCEPT # Allow ping sudo iptables -A INPUT -p icmp --icmp-type 8 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT # Drop all other traffic sudo iptables -A INPUT -j DROP # Print the activated rules sudo iptables -nvL sudo ss -tupln # Save sudo apt install iptables-persistent dpkg-reconfigure iptables-persistent
Cisco Commands
R1>enable R1#configure terminal R1(config)#interface fa0/0 R1(config)#no shutdown R1(config)#ip address 1.1.1.1 255.255.255.0 R1(config)#line vty 0 4 R1(config)#end R1#show session R1#show version R1#dir file systems R1#dir all-filesystems R1#dir /all R1#show running-config R1#show startup-config R1#show ip interface brief R1#show interface e0 R1#show ip route R1#show access-lists R1#terminal length 0 R1#copy running-config startup-config R1#copy running-config tftp