Bash

find

find / -maxdepth 5 -name *.php -type f -exec grep -Hn password {} \; 2>/dev/null

Writable files

find / -writable

sudo

List commands, current user can run as root

sudo -l

-> GTFOBins Run the command as a user other than the default target user (usually root).

sudo -u <user> <command>

-> Useful in scenarios like this:

User <user1> may run the following commands on bashed:
    (<user2> : <user2>) NOPASSWD: ALL

Asks the system to start a new login session for the specified user. The system will require the password for the user "username" (even if its the same as the current user).

su - <user>

file

Get information about file

file <file>

wc

Count chars

wc -c

Count lines

wc -l

rlwrap

A 'readline wrapper', a small utility that uses the GNU readline library to allow the editing of keyboard input for any command.

rlwrap <cmd>

Permissions

Define permissions new files get on creation, opposite (mask) to chmod permissions

umask

authbind

bind sockets to privileged ports (<1024) without being root

authbind <command>

base64

Base64 Encode or Decode on the command line without installing extra tools on Linux, Windows or macOS | Igor Kromin

Linux

File

Encode base64 -w 0 <file> > <base64file> Decode base64 -d <base64file> > <file>

String

Encode echo -n <string> | base64 Decode echo <base64string> | base64 -d

Windows

File

Encode certutil -encode <file> tmp.b64 && findstr /v /c:- tmp.b64 > <base64file> Decode certutil -decode <base64file> <file>

grep

Print x-lines Before match Print x-lines After match Ignore-case

grep -i -A5 -B5 <string> <filename>

<cmd> | grep -A5 -B5 "text"

Recursive

grep -R "text" .

grep -oP '\d{1,5}/open' nmap_results.gnmap |  > ports

watch

Run command every second

watch -n 1 '<command>'

sed

Trim whitespaces

sed 's/ //g'

Remove newlines

sed -z 's/\n//g' <file>

cut

Split string by delimiter, extract field 2

echo "some,strings" | cut -d "," -f 2 // outputs "strings"

Split file by colon

cut -d ":" -f 1 /etc/passwd

cron

List user's crontab

crontab -l

sort unique

sort -u

File size

du -hs <file>

ascii table

man ascii

ltrace / strace

Trace library calls of a given program.

ltrace ./<programm>

Alternative

strace ./<programm>

gcc

Use -m32 or -m64 to make the architecture explicit

gcc <file>.c -o <file>

Compile for old 32bit kernel (2.6.9)

gcc -o 1397 1397.c -m32 -Wl,--hash-style=both

Specific files

.tar.gz

-c		create
-x		extract
-f		file (must be last flag)
-v		verbose
-z		gzip

Create archive

tar -zcvf

Extract archive

tar -zxvf

.7z

Extract

7z x <archive.7z>

7z l <file>

.vhd

guestmount --add <vhd-file> --inspector --ro -v /mnt/vhd

.scf

https://1337red.wordpress.com/using-a-scf-file-to-gather-hashes/ Place scf file in windows share to gather hashes

Images with hidden content

binwalk

Tool for searching binary images for embedded files and executable code

binwalk -Me <image-file>

PreviousVBScript: Wget clone NextBurp Suite

Last updated 3 years ago

Related

find

sudo

file

wc

rlwrap

Permissions

authbind

base64

Linux

File

String

Windows

File

grep

watch

sed

cut

cron

sort unique

File size

ascii table

ltrace / strace

gcc

Specific files

.tar.gz

.7z

.vhd

.scf

Images with hidden content

binwalk