# Bash ## Related [Process monitoring](https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/enumeration/06-process-monitoring) ## find ```bash find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null ``` Writable files ```bash find / -writable ``` ## sudo List commands, current user can run as root ```bash sudo -l ``` -> [GTFOBins](https://gtfobins.github.io)\ Run the command as a user other than the default target user (usually root). ```bash sudo -u ``` -> Useful in scenarios like this: ``` User may run the following commands on bashed: ( : ) NOPASSWD: ALL ``` Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user). ```bash su - ``` ## file Get information about file ```bash file ``` ## wc Count chars ```bash wc -c ``` Count lines ```bash wc -l ``` ## rlwrap A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command. ```bash rlwrap ``` ## Permissions Define permissions new files get on creation, opposite (mask) to chmod permissions ```bash umask ``` ## authbind bind sockets to privileged ports (<1024) without being root ```bash authbind ``` ## base64 [Base64 Encode or Decode on the command line without installing extra tools on Linux, Windows or macOS | Igor Kromin](https://www.igorkromin.net/index.php/2017/04/26/base64-encode-or-decode-on-the-command-line-without-installing-extra-tools-on-linux-windows-or-macos/) ### Linux #### File Encode `base64 -w 0 > `\ Decode `base64 -d > ` #### String Encode `echo -n | base64`\ Decode `echo | base64 -d` ### Windows #### File Encode `certutil -encode tmp.b64 && findstr /v /c:- tmp.b64 > `\ Decode `certutil -decode ` ## grep Print x-lines **B**efore match\ Print x-lines **A**fter match\ Ignore-case ```bash grep -i -A5 -B5 ``` ```bash | grep -A5 -B5 "text" ``` Recursive ```bash grep -R "text" . ``` ```bash grep -oP '\d{1,5}/open' nmap_results.gnmap | > ports ``` ## watch Run command every second ```bash watch -n 1 '' ``` ## sed Trim whitespaces ```bash sed 's/ //g' ``` Remove newlines ```bash sed -z 's/\n//g' ``` ## cut Split string by delimiter, extract field 2 ```bash echo "some,strings" | cut -d "," -f 2 // outputs "strings" ``` Split file by colon ```bash cut -d ":" -f 1 /etc/passwd ``` ## cron List user's crontab ```bash crontab -l ``` ## sort unique ```bash sort -u ``` ## File size ```bash du -hs ``` ## ascii table ```bash man ascii ``` ## ltrace / strace Trace library calls of a given program. ```bash ltrace ./ ``` Alternative ```bash strace ./ ``` ## gcc Use `-m32` or `-m64` to make the architecture explicit ```bash gcc .c -o ``` Compile for old 32bit kernel (2.6.9) ```bash gcc -o 1397 1397.c -m32 -Wl,--hash-style=both ``` ## Specific files ### .tar.gz ``` -c create -x extract -f file (must be last flag) -v verbose -z gzip ``` Create archive ```bash tar -zcvf ``` Extract archive ```bash tar -zxvf ``` ### .7z Extract ```bash 7z x ``` ```bash 7z l ``` ### .vhd ```bash guestmount --add --inspector --ro -v /mnt/vhd ``` ### .scf \ Place scf file in windows share to gather hashes ### Images with hidden content #### binwalk Tool for searching binary images for embedded files and executable code ```bash binwalk -Me ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://d4rk1337.gitbook.io/the-pentesters-cheat-sheet/misc/bash.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.