F5 DUMP‎ > ‎

Usefull Linux Commands

posted 30 Jan 2018, 12:41 by Donald Ross
netstat -tulpnShow Linux network ports with process ID’s (PIDs)
watch ss -stpluWatch TCP, UDP open ports in real time with socket summary.
lsof -iShow established connections.
macchanger -m MACADDR INTRChange MAC address on KALI Linux.
ifconfig eth0 IP address in Linux.
ifconfig eth0:1 IP address to existing network interface in Linux.
ifconfig eth0 hw ether MACADDRChange MAC address in Linux using ifconfig.
ifconfig eth0 mtu 1500Change MTU size Linux using ifconfig, change 1500 to your desired MTU.
dig -x Dig reverse lookup on an IP address.
host Reverse lookup on an IP address, in case dig is not installed.
dig @ domain.com -t AXFRPerform a DNS zone transfer using dig.
host -l domain.com nameserverPerform a DNS zone transfer using host.
nbtstat -A x.x.x.xGet hostname for IP address.
ip addr add dev eth0Adds a hidden IP address to Linux, does not show up when performing an ifconfig.
tcpkill -9 host google.comBlocks access to google.com from the host machine.
echo "1" > /proc/sys/net/ipv4/ip_forwardEnables IP forwarding, turns Linux box into a router – handy for routing traffic through a box.
echo "" > /etc/resolv.confUse Google DNS.

System Information Commands

Useful for local enumeration.

whoamiShows currently logged in user on Linux.
idShows currently logged in user and groups for the user.
lastShows last logged in users.
mountShow mounted drives.
df -hShows disk usage in human readable output.
echo "user:passwd" | chpasswdReset password in one line.
getent passwdList users on Linux.
strings /usr/local/bin/blahShows contents of none text files, e.g. whats in a binary.
uname -arShows running kernel version.
PATH=$PATH:/my/new-pathAdd a new PATH, handy for local FS manipulation.
historyShow bash history, commands the user has entered previously

cat /etc/debian_versionShows Debian version number.
cat /etc/*-releaseShows Ubuntu version number.
dpkg -lList all installed packages on Debian / .deb based Linux distro.

Linux User Management

useradd new-userCreates a new Linux user.
passwd usernameReset Linux user password, enter just passwd if you are root.
deluser usernameRemove a Linux user.

Linux Decompression Commands

How to extract various archives (tar, zip, gzip, bzip2 etc) on Linux and some other tricks for searching inside of archives etc.

unzip archive.zipExtracts zip file on Linux.
zipgrep *.txt archive.zipSearch inside a .zip archive.
tar xf archive.tarExtract tar file Linux.
tar xvzf archive.tar.gzExtract a tar.gz file Linux.
tar xjf archive.tar.bz2Extract a tar.bz2 file Linux.
tar ztvf file.tar.gz | grep blahSearch inside a tar.gz file.
gzip -d archive.gzExtract a gzip file Linux.
zcat archive.gzRead a gz file Linux without decompressing.
zless archive.gzSame function as the less command for .gz archives.
zgrep 'blah' /var/log/maillog*.gzSearch inside .gz archives on Linux, search inside of compressed log files.
vim file.txt.gzUse vim to read .txt.gz files (my personal favorite).
upx -9 -o output.exe input.exeUPX compress .exe file Linux.

Linux Compression Commands

zip -r file.zip /dir/*Creates a .zip file on Linux.
tar cf archive.tar filesCreates a tar file on Linux.
tar czf archive.tar.gz filesCreates a tar.gz file on Linux.
tar cjf archive.tar.bz2 filesCreates a tar.bz2 file on Linux.
gzip fileCreates a file.gz file on Linux.

Linux File Commands

df -h blahDisplay size of file / dir Linux.
diff file1 file2Compare / Show differences between two files on Linux.
md5sum fileGenerate MD5SUM Linux.
md5sum -c blah.iso.md5Check file against MD5SUM on Linux, assuming both file and .md5 are in the same dir.
file blahFind out the type of file on Linux, also displays if file is 32 or 64 bit.
dos2unixConvert Windows line endings to Unix / Linux.
base64 < input-file > output-fileBase64 encodes input file and outputs a Base64 encoded file called output-file.
base64 -d < input-file > output-fileBase64 decodes input file and outputs a Base64 decoded file called output-file.
touch -r ref-file new-fileCreates a new file using the timestamp data from the reference file, drop the -r to simply create a file.
rm -rfRemove files and directories without prompting for confirmation.

Samba Commands

Connect to a Samba share from Linux.

$ smbmount //server/share /mnt/win -o user=username,password=password1
$ smbclient -U user \\\\server\\share
$ mount -t cifs -o username=user,password=password //x.x.x.x/share /mnt/share

Breaking Out of Limited Shells

Credit to G0tmi1k for these (or wherever he stole them from!).

The Python trick:

python -c 'import pty;pty.spawn("/bin/bash")'
echo os.system('/bin/bash')
/bin/sh -i

Misc Commands

init 6Reboot Linux from the command line.
gcc -o output.c input.cCompile C code.
gcc -m32 -o output.c input.cCross compile C code, compile 32 bit binary on 64 bit Linux.
unset HISTORYFILEDisable bash history logging.
rdesktop X.X.X.XConnect to RDP server from Linux.
kill -9 $$Kill current session.
chown user:group blahChange owner of file or dir.
chown -R user:group blahChange owner of file or dir and all underlying files / dirs – recersive chown.
chmod 600 fileChange file / dir permissions, see [Linux File System Permissons](#linux-file-system-permissions) for details.

Clear bash history:

      $ ssh user@X.X.X.X | cat /dev/null > ~/.bash_history

Linux File System Permissions

777rwxrwxrwx No restriction, global WRX any user can do anything.
755rwxr-xr-x Owner has full access, others can read and execute the file.
700rwx------ Owner has full access, no one else has access.
666rw-rw-rw- All users can read and write but not execute.
644rw-r--r-- Owner can read and write, everyone else can read.
600rw------- Owner can read and write, everyone else has no access.

// also know as “slash” or the root.
/binCommon programs, shared by the system, the system administrator and the users.
/bootBoot files, boot loader (grub), kernels, vmlinuz
/devContains references to system devices, files with special properties.
/etcImportant system config files.
/homeHome directories for system users.
/libLibrary files, includes files for all kinds of programs needed by the system and the users.
/lost+foundFiles that were saved during failures are here.
/mntStandard mount point for external file systems.
/mediaMount point for external file systems (on some distros).
/netStandard mount point for entire remote file systems – nfs.
/optTypically contains extra and third party software.
/procA virtual file system containing information about system resources.
/rootroot users home dir.
/sbinPrograms for use by the system and the system administrator.
/tmpTemporary space for use by the system, cleaned upon reboot.
/usrPrograms, libraries, documentation etc. for all user-related programs.
/varStorage for all variable files and temporary files created by users, such as log files, mail queue, print spooler. Web servers, Databases etc.

Linux Interesting Files / Dir’s

Places that are worth a look if you are attempting to privilege escalate / perform post exploitation.

/etc/passwdContains local Linux users.
/etc/shadowContains local account password hashes.
/etc/groupContains local account groups.
/etc/init.d/Contains service init script – worth a look to see whats installed.
/etc/hostnameSystem hostname.
/etc/network/interfacesNetwork interfaces.
/etc/resolv.confSystem DNS servers.
/etc/profileSystem environment variables.
~/.ssh/SSH keys.
~/.bash_historyUsers bash history log.
/var/log/Linux system log files are typically stored here.
/var/adm/UNIX system log files are typically stored here.


Apache access log file typical path.
/etc/fstabFile system mounts.