OS Information
cat /etc/*-release
OS Version
cat /etc/issue
Kernel Version
uname -a
Another Way to List passwd
getent passwd
Current Username/Privs
id
Logged On Users
User Info
who -a
Last logged in user
last -a
Add User
useradd -m user
Change current user password
passwd
Remove User
rmuser username
Find Valid Users
grep -vE "nologin|false" /etc/passwd
Sudoers
cat /etc/sudoers
Add User to Sudoers
sudo adduser <username> sudo
Sudo as other user
sudo -u otheruser bash
Network Connection
ss
TCP/UDP Connection
netstat -punta
List of Open Files/Connections
lsof -i
List interfaces
ip link
Arp Table
arp
Routing Table
route
Domain Lookup
dig -x <ip-address>
Domain Lookup
host <ip-address>
Domain SRV Lookup
host -t SRV _service _tcp.url.com
Find DHCP Assignments
/var/log/messages | grep DHCP
SSH through a HTTP Proxy Tunnel
ssh cobb@127.0.0.1 -o "ProxyCommand=nc.openbsd -X connect -x 10.10.10.67:3128 %h %p"
List Processes
ps -efww | ps -aef | ps aux
Kill Process
kill <pid>
Installed Packages (Debian)
dpkg -l
Installed Packages (Redhat/CENTOS)
rpm -qa
List Services
cat /etc/services
Find pdf files
find -i -name file -type '.pdf
Determine File Type
file <file>
Search Recursively for File Content
grep -R 'thing'
Search for File Name
find . -iname '*config*'
Find Root SUID Binaries
find / -xdev -user root \( -perm -4000 \) 2>/dev/null
Check User Home Directories
ls -lahR /home/
List Cron Jobs
ls -al /etc/cron*
Access Windows SMB Share
smb:// ip /share
SMB Connect
smbclient -L \\RALPH -I 10.11.1.3
Dislay Path to Executable---which nc
Passwd File
cat /etc/passwd
Shadow File (password hashes)
cat /etc/shadow
Trash Bin
/home/your_username/.local/share/Trash
Updates the Local Database
updatedb
Update $PATH Variable
PATH=$PATH:/home/mypath
Download WebPage
wget http:// url -0 url.txt -o /dev/null
Remote Desktop
rdesktop 10.10.10.12
SCP Put File
scp /tmp/file user@x.x.x.x:/tmp/file
SCP Get File
scp user@ remoteip :/tmp/file /tmp/file
Command History
history <user>
Compile C Program
gcc -o outfile myfile.c
Interactive PTY Shell
python -c 'import pty; pty.spawn("/bin/sh")'
Cron Log
cat /var/log/cron
Redirect STERR to STOUT
command 2>&1
Unzip an Archive
unzip scripts.zip
Unpack a Tarball
tar xvzf tarball.tar.gz
Pack a Tar Archive
tar cvf tarball.tar files/*
LinPEAS
<a href="https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS">https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS</a>
Find inode number of files in current directory (inodes are 4 bytes)
ls -i .
Find inode number of current directory
ls -id .
Read an inode
icat /dev/sdb1 <inode-number> | xxd | head
Input a file, block size, skip blocks, count for # blocks
dd if=/dev/mapper/VulnOSv2--vg-root bs=4096 skip=4718592 count=32767 > /images/bg144.raw
Find Ascii strings with decimal offset
strings -a -t d
Mount an NFS Share (requires nfsutils)
mount -t nfs 192.168.0.1:/home/karl nfs
Change Timestamps (use current time)
touch -t
Stop Logggin to .bash_history
unset HISTFILE
Zero Messages Log
echo > /var/log/messages
strace sniffing
Start a Service at Boot (newer)
systemctl enable apache2
Start a Service at Boot (older)
update-rc.d enable apache2
Every Minute
* * * * * command
Every 3 Minutes
*/3 * * * * command
Every Hour at 30min
30 * * * * command
Every Day at 1AM
0 1 * * * command
Every Wednesday (first three letters of day)
0 0 * * WED command
Every Saturday and Sunday
0 0 * * 6,0
Every Week
0 0 * * 0 command
Every Month
0 0 1 * * command
Every 6 Months
0 0 1 */6 * command
Every Year
0 0 1 1 * command
Failed to start DB troubleshooting