Bash

Related

find

1
find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null
Copied!
Writable files
1
find / -writable
Copied!

sudo

List commands, current user can run as root
1
sudo -l
Copied!
-> GTFOBins Run the command as a user other than the default target user (usually root).
1
sudo -u <user> <command>
Copied!
-> Useful in scenarios like this:
1
User <user1> may run the following commands on bashed:
2
(<user2> : <user2>) NOPASSWD: ALL
Copied!
Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).
1
su - <user>
Copied!

file

Get information about file
1
file <file>
Copied!

wc

Count chars
1
wc -c
Copied!
Count lines
1
wc -l
Copied!

rlwrap

A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command.
1
rlwrap <cmd>
Copied!

Permissions

Define permissions new files get on creation, opposite (mask) to chmod permissions
1
umask
Copied!

authbind

bind sockets to privileged ports (<1024) without being root
1
authbind <command>
Copied!

base64

Linux

File

Encode base64 -w 0 <file> > <base64file> Decode base64 -d <base64file> > <file>

String

Encode echo -n <string> | base64 Decode echo <base64string> | base64 -d

Windows

File

Encode certutil -encode <file> tmp.b64 && findstr /v /c:- tmp.b64 > <base64file> Decode certutil -decode <base64file> <file>

grep

Print x-lines Before match Print x-lines After match Ignore-case
1
grep -i -A5 -B5 <string> <filename>
Copied!
1
<cmd> | grep -A5 -B5 "text"
Copied!
Recursive
1
grep -R "text" .
Copied!
1
grep -oP '\d{1,5}/open' nmap_results.gnmap | > ports
Copied!

watch

Run command every second
1
watch -n 1 '<command>'
Copied!

sed

Trim whitespaces
1
sed 's/ //g'
Copied!
Remove newlines
1
sed -z 's/\n//g' <file>
Copied!

cut

Split string by delimiter, extract field 2
1
echo "some,strings" | cut -d "," -f 2 // outputs "strings"
Copied!
Split file by colon
1
cut -d ":" -f 1 /etc/passwd
Copied!

cron

List user's crontab
1
crontab -l
Copied!

sort unique

1
sort -u
Copied!

File size

1
du -hs <file>
Copied!

ascii table

1
man ascii
Copied!

ltrace / strace

Trace library calls of a given program.
1
ltrace ./<programm>
Copied!
Alternative
1
strace ./<programm>
Copied!

gcc

Use -m32 or -m64 to make the architecture explicit
1
gcc <file>.c -o <file>
Copied!
Compile for old 32bit kernel (2.6.9)
1
gcc -o 1397 1397.c -m32 -Wl,--hash-style=both
Copied!

Specific files

.tar.gz

1
-c create
2
-x extract
3
-f file (must be last flag)
4
-v verbose
5
-z gzip
Copied!
Create archive
1
tar -zcvf
Copied!
Extract archive
1
tar -zxvf
Copied!

.7z

Extract
1
7z x <archive.7z>
Copied!
1
7z l <file>
Copied!

.vhd

1
guestmount --add <vhd-file> --inspector --ro -v /mnt/vhd
Copied!

.scf

https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/ Place scf file in windows share to gather hashes

Images with hidden content

binwalk

Tool for searching binary images for embedded files and executable code
1
binwalk -Me <image-file>
Copied!