Hooper Labs

Linux Enumeration


OS Information

	cat /etc/*-release

OS Version

	cat /etc/issue

Kernel Version

	uname -a 


Another Way to List passwd

	getent passwd  

Current Username/Privs


Logged On Users

User Info

	who -a

Last logged in user

	last -a

Add User

	useradd -m user

Change current user password


Remove User

	rmuser username

Find Valid Users

	grep -vE "nologin|false" /etc/passwd


	cat /etc/sudoers

Add User to Sudoers

	sudo adduser <username> sudo 

Sudo as other user

	sudo -u otheruser bash


Network Connection


TCP/UDP Connection

	netstat -punta

List of Open Files/Connections

	lsof -i 

List interfaces

	ip link

Arp Table


Routing Table


Domain Lookup

	dig -x <ip-address>  

Domain Lookup

	host <ip-address>

Domain SRV Lookup

	host -t SRV _service _tcp.url.com

Find DHCP Assignments

	/var/log/messages | grep DHCP 

SSH through a HTTP Proxy Tunnel

	ssh cobb@ -o "ProxyCommand=nc.openbsd -X connect -x %h %p"

Processes, services, drivers

List Processes

	ps -efww | ps -aef | ps aux

Kill Process

	kill <pid>

Installed Packages (Debian)

	dpkg -l 

Installed Packages (Redhat/CENTOS)

	rpm -qa 

List Services

	cat /etc/services 


Find pdf files

	find -i -name file -type '.pdf

Determine File Type

	file <file>

Search Recursively for File Content

	grep -R 'thing'

Search for File Name

	find . -iname '*config*'

Find Root SUID Binaries

	find / -xdev -user root \( -perm -4000 \)  2>/dev/null

Check User Home Directories

	ls -lahR /home/

List Cron Jobs

	ls -al /etc/cron*

Access Windows SMB Share

	smb:// ip /share

SMB Connect

	smbclient -L \\RALPH -I 

Dislay Path to Executable---which nc

Passwd File

	cat /etc/passwd 

Shadow File (password hashes)

	cat /etc/shadow 

Trash Bin


Updates the Local Database



Update $PATH Variable


Download WebPage

	wget http:// url -0 url.txt -o /dev/null

Remote Desktop


SCP Put File

	scp /tmp/file user@x.x.x.x:/tmp/file 

SCP Get File

	scp user@ remoteip :/tmp/file /tmp/file

Command History

	history <user>

Compile C Program

	gcc -o outfile myfile.c 

Interactive PTY Shell

	python -c 'import pty; pty.spawn("/bin/sh")' 

Cron Log

	cat /var/log/cron

Redirect STERR to STOUT

	command 2>&1

Unzip an Archive

	unzip scripts.zip 

Unpack a Tarball

	tar xvzf tarball.tar.gz

Pack a Tar Archive

	tar cvf tarball.tar files/*

Privesc Scripts


	<a href="https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS">https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS</a>


Find inode number of files in current directory (inodes are 4 bytes)

	ls -i .

Find inode number of current directory

	ls -id .

Read an inode

	icat /dev/sdb1 <inode-number> | xxd | head

Input a file, block size, skip blocks, count for # blocks

	dd if=/dev/mapper/VulnOSv2--vg-root bs=4096 skip=4718592 count=32767 > /images/bg144.raw

Find Ascii strings with decimal offset

	strings -a -t d

Mount an NFS Share (requires nfsutils)

	mount -t nfs nfs


Change Timestamps (use current time)

	touch -t

Stop Logggin to .bash_history


Zero Messages Log

	echo > /var/log/messages

strace sniffing

System Administration

Start a Service at Boot (newer)

	systemctl enable apache2

Start a Service at Boot (older)

	update-rc.d enable apache2

Crontab Examples (https://crontab.guru/examples.html)

Every Minute

	* * * * * command

Every 3 Minutes

	*/3 * * * * command

Every Hour at 30min

	30 * * * * command

Every Day at 1AM

	0 1 * * * command

Every Wednesday (first three letters of day)

	0 0 * * WED command

Every Saturday and Sunday

	0 0 * * 6,0

Every Week

	0 0 * * 0 command

Every Month

	0 0 1 * * command

Every 6 Months

	0 0 1 */6 * command

Every Year

	0 0 1 1 * command


Failed to start DB troubleshooting