Bash

PreviousVBScript: Wget clone NextBurp Suite

Last updated 3 years ago

Bash

find

find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null

Writable files

find / -writable

sudo

List commands, current user can run as root

sudo -l

-> Run the command as a user other than the default target user (usually root).

sudo -u <user> <command>

-> Useful in scenarios like this:

User <user1> may run the following commands on bashed:
    (<user2> : <user2>) NOPASSWD: ALL

Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).

su - <user>

file

Get information about file

file <file>

wc

Count chars

wc -c

Count lines

wc -l

rlwrap

A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command.

rlwrap <cmd>

Permissions

Define permissions new files get on creation, opposite (mask) to chmod permissions

umask

authbind

bind sockets to privileged ports (<1024) without being root

authbind <command>

base64

Linux

File

Encode base64 -w 0 <file> > <base64file> Decode base64 -d <base64file> > <file>

String

Encode echo -n <string> | base64 Decode echo <base64string> | base64 -d

Windows

File

Encode certutil -encode <file> tmp.b64 && findstr /v /c:- tmp.b64 > <base64file> Decode certutil -decode <base64file> <file>

grep

Print x-lines Before match Print x-lines After match Ignore-case

grep -i -A5 -B5 <string> <filename>

<cmd> | grep -A5 -B5 "text"

Recursive

grep -R "text" .

grep -oP '\d{1,5}/open' nmap_results.gnmap |  > ports

watch

Run command every second

watch -n 1 '<command>'

sed

Trim whitespaces

sed 's/ //g'

Remove newlines

sed -z 's/\n//g' <file>

cut

Split string by delimiter, extract field 2

echo "some,strings" | cut -d "," -f 2 // outputs "strings"

Split file by colon

cut -d ":" -f 1 /etc/passwd

cron

List user's crontab

crontab -l

sort unique

sort -u

File size

du -hs <file>

ascii table

man ascii

ltrace / strace

Trace library calls of a given program.

ltrace ./<programm>

Alternative

strace ./<programm>

gcc

Use -m32 or -m64 to make the architecture explicit

gcc <file>.c -o <file>

Compile for old 32bit kernel (2.6.9)

gcc -o 1397 1397.c -m32 -Wl,--hash-style=both

Specific files

.tar.gz

-c		create
-x		extract
-f		file (must be last flag)
-v		verbose
-z		gzip

Create archive

tar -zcvf

Extract archive

tar -zxvf

.7z

Extract

7z x <archive.7z>

7z l <file>

.vhd

guestmount --add <vhd-file> --inspector --ro -v /mnt/vhd

.scf

Images with hidden content

binwalk

Tool for searching binary images for embedded files and executable code

binwalk -Me <image-file>

PreviousVBScript: Wget clone NextBurp Suite

Last updated 3 years ago

find

find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null

Writable files

find / -writable

sudo

List commands, current user can run as root

sudo -l

-> Run the command as a user other than the default target user (usually root).

sudo -u <user> <command>

-> Useful in scenarios like this:

User <user1> may run the following commands on bashed:
    (<user2> : <user2>) NOPASSWD: ALL

Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).

su - <user>

file

Get information about file

file <file>

wc

Count chars

wc -c

Count lines

wc -l

rlwrap

A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command.

rlwrap <cmd>

Permissions

Define permissions new files get on creation, opposite (mask) to chmod permissions

umask

authbind

bind sockets to privileged ports (<1024) without being root

authbind <command>

base64

Linux

File

Encode base64 -w 0 <file> > <base64file> Decode base64 -d <base64file> > <file>

String

Encode echo -n <string> | base64 Decode echo <base64string> | base64 -d

Windows

File

Encode certutil -encode <file> tmp.b64 && findstr /v /c:- tmp.b64 > <base64file> Decode certutil -decode <base64file> <file>

grep

Print x-lines Before match Print x-lines After match Ignore-case

grep -i -A5 -B5 <string> <filename>

<cmd> | grep -A5 -B5 "text"

Recursive

grep -R "text" .

grep -oP '\d{1,5}/open' nmap_results.gnmap |  > ports

watch

Run command every second

watch -n 1 '<command>'

sed

Trim whitespaces

sed 's/ //g'

Remove newlines

sed -z 's/\n//g' <file>

cut

Split string by delimiter, extract field 2

echo "some,strings" | cut -d "," -f 2 // outputs "strings"

Split file by colon

cut -d ":" -f 1 /etc/passwd

cron

List user's crontab

crontab -l

sort unique

sort -u

File size

du -hs <file>

ascii table

man ascii

ltrace / strace

Trace library calls of a given program.

ltrace ./<programm>

Alternative

strace ./<programm>

gcc

Use -m32 or -m64 to make the architecture explicit

gcc <file>.c -o <file>

Compile for old 32bit kernel (2.6.9)

gcc -o 1397 1397.c -m32 -Wl,--hash-style=both

Specific files

.tar.gz

-c		create
-x		extract
-f		file (must be last flag)
-v		verbose
-z		gzip

Create archive

tar -zcvf

Extract archive

tar -zxvf

.7z

Extract

7z x <archive.7z>

7z l <file>

.vhd

guestmount --add <vhd-file> --inspector --ro -v /mnt/vhd

.scf

Place scf file in windows share to gather hashes

Images with hidden content

binwalk

Tool for searching binary images for embedded files and executable code

binwalk -Me <image-file>

Related

find

sudo

file

wc

rlwrap

Permissions

authbind

base64

Linux

File

String

Windows

File

grep

watch

sed

cut

cron

sort unique

File size

ascii table

ltrace / strace

gcc

Specific files

.tar.gz

.7z

.vhd

.scf

Images with hidden content

binwalk

Related

find

sudo

file

wc

rlwrap

Permissions

authbind

base64

Linux

File

String

Windows

File

grep

watch

sed

cut

cron

sort unique

File size

ascii table

ltrace / strace

gcc

Specific files

.tar.gz

.7z

.vhd

.scf

Images with hidden content

binwalk