\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{karaliking} \pdfinfo{ /Title (command-line-kung-fu-commands.pdf) /Creator (Cheatography) /Author (karaliking) /Subject (Command Line Kung Fu Commands Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{93B372} \definecolor{LightBackground}{HTML}{F8FAF6} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Command Line Kung Fu Commands Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{karaliking} via \textcolor{DarkBackground}{\uline{cheatography.com/25231/cs/6623/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}karaliking \\ \uline{cheatography.com/karaliking} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Published 2nd February, 2016.\\ Updated 12th May, 2016.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{tabularx}{17.67cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{17.67cm}}{\bf\textcolor{white}{Disclaimer \& Notes}} \tn \SetRowColor{white} \mymulticolumn{1}{x{17.67cm}}{I am not the author of this content. I simply, or not so simply, pulled out the commands and paraphrased from the discussions of the authors of Command Line Kung Fu. Every episode should be linked. \newline % Row Count 4 (+ 4) In some cases, I may have updated their commands if I noticed they were outdated. \newline % Row Count 6 (+ 2) I plan on continuing to add all episodes. Let me know what my errors are. \newline % Row Count 8 (+ 2) C:\textbackslash{}\textgreater{} Windows \newline % Row Count 9 (+ 1) PS C:\textbackslash{}\textgreater{} Windows Powershell \newline % Row Count 10 (+ 1) \# Unix \newline % Row Count 11 (+ 1) \$ OS X% Row Count 12 (+ 1) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10}} \tn % Row 0 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/02/convert-dos-to-unix.html"\}\}{\bf{Episode \#1}}\{\{/link\}\}\{\{nl\}\}{\bf{Convert Dos To UNIX}} & `\# dos2unix file.txt`\{\{nl\}\}\{\{nl\}\}`\{\{nobreak\}\}\# sed 's/\textbackslash{}r\$//' file.txt \textgreater{}newfile.txt`\{\{nl\}\}\{\{nl\}\} & & \tn % Row Count 13 (+ 13) % Row 1 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/02/episode-2-looking-at-config-of-built-in.html"\}\}{\bf{Episode \#2}}\{\{/link\}\}\{\{nl\}\}{\bf{ Looking at the Config of Built-In Firewall}} & `C:\textbackslash{}\textgreater{} netsh firewall show \seqsplit{portopening`} \{\{nl\}\}~`\textasciicircum{}{\emph{show all ports allowed}}\textasciicircum{}` \{\{nl\}\}`C:\textbackslash{}\textgreater{} netsh firewall show config` \{\{nl\}\}~`\textasciicircum{}{\emph{show all config options}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} netsh firewall show \seqsplit{allowedprogram`} \{\{nl\}\}~`\textasciicircum{}{\emph{show all programs allowed}}\textasciicircum{}` \{\{nl\}\}`\{\{nobreak\}\}\# for type in nat mangle filter raw; do iptables -t \$type -nL; done` \{\{nl\}\}~`\textasciicircum{}{\emph{list all iptables rules in all chains}}\textasciicircum{}` & \tn % Row Count 36 (+ 23) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 2 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/02/episode-3-watching-file-count-in.html"\}\}{\bf{Episode \#3}}\{\{/link\}\}\{\{nl\}\}{\bf{ Watching the File Count in a Directory}} & `C:\textbackslash{}\textgreater{} for /L \%i in (1,0,2) do @dir /b /a | find /c /v "" \& ping -n 6 127.0.0.1\textgreater{}nul` \{\{nl\}\} \{\{nl\}\}`\# watch -n 5 'ls | wc -l'` \{\{nl\}\} \{\{nl\}\} & & \tn % Row Count 17 (+ 17) % Row 3 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/02/episode-4-listing-files-and-their-sizes.html"\}\}{\bf{Episode \#4}}\{\{/link\}\}\{\{nl\}\}{\bf{ Listing Files and Their Sizes}} & `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} for /r c:\textbackslash{} \%i in (*) do @echo \%\textasciitilde{}zi, \%i` \{\{nl\}\}~`\textasciicircum{}{\emph{output to csv and sort in \seqsplit{spreadsheet} }}\textasciicircum{}` \{\{nl\}\}`\# du | sort -nr | head -100` \{\{nl\}\}~`\textasciicircum{}{\emph{show top 100 largest \seqsplit{directories} in \seqsplit{descending} order}}\textasciicircum{}` & \{\{nl\}\} \{\{nl\}\}`\{\{nobreak\}\}\# find / -type f -exec wc -c \{\} \textbackslash{}; | sort -nr | head -100` \{\{nl\}\}~`\textasciicircum{}{\emph{show top 100 largest files in \seqsplit{descending} order}}\textasciicircum{}` & \tn % Row Count 40 (+ 23) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 4 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-5-simple-text-manipulation.html"\}\}{\bf{Episode \#5}}\{\{/link\}\}\{\{nl\}\}{\bf{ Simple Text \seqsplit{Manipulation} - Reverse DNS Records }} & `C:\textbackslash{}\textgreater{} FOR /F \seqsplit{"tokens=1-5"} \%a in \seqsplit{(lookups.txt)} do @(@FOR /F \seqsplit{"tokens=1-4} delims=." \%i in ("\%a") do @echo \seqsplit{\%l.\%k.\%j.\%i} \%e)` \{\{nl\}\} \{\{nl\}\}`\# sed 's/\textbackslash{}({[}0-9{]}*\textbackslash{})\textbackslash{}.\textbackslash{}({[}0-9{]}*\textbackslash{})\textbackslash{}.\textbackslash{}({[}0-9{]}*\textbackslash{})\textbackslash{}.\textbackslash{}({[}0-9{]}*\textbackslash{}).in-addr.arpa domain name pointer\textbackslash{}(.*\textbackslash{})\textbackslash{}./\textbackslash{}4.\textbackslash{}3.\textbackslash{}2.\textbackslash{}1\textbackslash{}5/' \seqsplit{lookups.txt`} \{\{nl\}\}~`\textasciicircum{}{\emph{lookups.txt format: \seqsplit{208.251.16.10.in-addr.arpa} domain name pointer \seqsplit{server2.srv.mydomain.net}.}}\textasciicircum{}` & & \tn % Row Count 38 (+ 38) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 5 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-6-command-line-ping-sweeper.html"\}\}{\bf{Episode \#6}}\{\{/link\}\}\{\{nl\}\}{\bf{ \seqsplit{Command-Line} Ping Sweeper}} & `C:\textbackslash{}\textgreater{} FOR /L \%i in (1,1,255) do @ping -n 1 -w 100 \seqsplit{10.10.10.\%i} | find "Reply"` \{\{nl\}\} \{\{nl\}\} `\# for i in \textbackslash{}`seq 1 255\textbackslash{}`; do ping -c 1 -w 1 \seqsplit{10.10.10.\$i} | tr \textbackslash{}\textbackslash{}n ' ' | awk '/1 received/ \{print \$2\}'; done` \{\{nl\}\} \{\{nl\}\} & & \tn % Row Count 22 (+ 22) % Row 6 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-7-aborting-system-shutdown.html"\}\}{\bf{Episode \#7}}\{\{/link\}\}\{\{nl\}\}{\bf{ Aborting a System Shutdown}} & `C:\textbackslash{}\textgreater{} shutdown /a` \{\{nl\}\}~`\textasciicircum{}{\emph{abort shutdown}}\textasciicircum{}` \{\{nl\}\}`\# shutdown -c` \{\{nl\}\}~`\textasciicircum{}{\emph{cancel scheduled shutdown}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} shutdown /r /t {[}\#\_seconds{]}` \{\{nl\}\}~`\textasciicircum{}{\emph{to try delaying shutdown}}\textasciicircum{}` \{\{nl\}\}`\# shutdown -r +\textless{}\#\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{reboot in \# minute(s)}}\textasciicircum{}` & \{\{nl\}\} \{\{nl\}\}`\# shutdown -r hh:mm:ss` \{\{nl\}\}~`\textasciicircum{}{\emph{reboot at hh:mm.ss (24 hr clock)}}\textasciicircum{}` \tn % Row Count 38 (+ 16) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 7 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-8-netstat-protocol-stats.html"\}\}{\bf{Episode \#8}}\{\{/link\}\}\{\{nl\}\}{\bf{ Netstat Protocol Stats}} & `C:\textbackslash{}\textgreater{} netstat -s` \{\{nl\}\}~`\textasciicircum{}{\emph{all protocols}}\textasciicircum{}` \{\{nl\}\}`\# netstat -s` \{\{nl\}\}~`\textasciicircum{}{\emph{all protocols}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} netstat -s -p tcp` \{\{nl\}\}~`\textasciicircum{}{\emph{all tcp}}\textasciicircum{}` \{\{nl\}\}`\# netstat -s | awk '/:/ \{ p = \$1 \}; (p \textasciitilde{} /\textasciicircum{}{[}Tt{]}cp/) \{ print \}'` \{\{nl\}\}~`\textasciicircum{}{\emph{all tcp (works for OS X too)}}\textasciicircum{}` & \tn % Row Count 17 (+ 17) % Row 8 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-9-stupid-shell-tricks-display.html"\}\}{\bf{Episode \#9}}\{\{/link\}\}\{\{nl\}\}{\bf{ Display the Nth Line}} & `C:\textbackslash{}\textgreater{} find /v /n "" \textless{}file\textgreater{} | findstr /b /L {[}\textless{}\#\textgreater{}{]}` \{\{nl\}\}~`\textasciicircum{}{\emph{will prepend line numbers to output}}\textasciicircum{}` \{\{nl\}\}`\# awk 'FNR = \textless{}\#\textgreater{}' \textless{}file\textgreater{}` \{\{nl\}\}~ & `C:\textbackslash{}\textgreater{} for /F "delims={[}{]} tokens=2" \%i in (tmp.txt) do @echo \%i \& del tmp.txt` \{\{nl\}\}~`\textasciicircum{}{\emph{\{\{nobreak\}\}used to remove line numbers in output (save output of previous cmd to temp.txt)}}\textasciicircum{}` \{\{nl\}\}`\# head -\textless{}\#\textgreater{} \textless{}file\textgreater{} | tail -1` \{\{nl\}\}~`\textasciicircum{}{\emph{alternative command}}\textasciicircum{}` & \tn % Row Count 43 (+ 26) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 9 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-10-finding-names-of-files.html"\}\}{\bf{Episode \#10}}\{\{/link\}\}\{\{nl\}\}{\bf{ Display Filenames \seqsplit{Containing} String Within the File}} & `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} findstr /s /d:\textless{}dir\textgreater{}s /m \textless{}string\textgreater{} *.\textless{}filetype\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{dir=absolute|relative, \seqsplit{filetype=file} extension}}\textasciicircum{}` \{\{nl\}\}`\# find \textless{}dir\textgreater{} -type f -exec grep -l \textless{}string\textgreater{} \{\} +` \{\{nl\}\}~`\textasciicircum{}{\emph{more flexible, allows for multiple -exec predicates}}\textasciicircum{}` \{\{nl\}\}`\# grep -irl \textless{}string\textgreater{} \textless{}dir\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{slow for larger searches, easy to remember}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} findstr /s /m \textless{}string\textgreater{} \textless{}dir\textgreater{}*\textless{}filetype\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{alternative format}}\textasciicircum{}` \{\{nl\}\}`\# find \textless{}dir\textgreater{} -type f -print0 | xargs -0 grep -l \textless{}string\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{alternative safer command (except on Solaris =P)}}\textasciicircum{}` \{\{nl\}\}`Additional Research Links` \{\{nl\}\}~\{\{link="unix.stackexchange.com/questions/41740/find-exec-vs-find-xargs-which-one-to-chooseX"\}\}`\textasciicircum{}{\emph{xargs vs exec uses}}\textasciicircum{}`\{\{/link\}\}`\textasciicircum{}{\emph{ \& }}\textasciicircum{}` \{\{link="http://stackoverflow.com/questions/896808/find-exec-cmd-vs-xargs"\}\}`\textasciicircum{}{\emph{xargs vs exec efficiency}}\textasciicircum{}`\{\{/link\}\} & \tn % Row Count 52 (+ 52) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 10 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-11-listing-files-by-inode-as.html"\}\}{\bf{Episode \#11}}\{\{/link\}\}\{\{nl\}\}{\bf{Listing Files by Inode as a Proxy for Create Time}} & `C:\textbackslash{}\textgreater{} dir /tc /od` \{\{nl\}\}~ `\textasciicircum{}{\emph{oldest first (/o-d will show newest first)}}\textasciicircum{}` \{\{nl\}\} `\# ls -li \textless{}dir\textgreater{} | sort -n` \{\{nl\}\}~ `\textasciicircum{}{\emph{relative times from clustered inodes}}\textasciicircum{}` & & \tn % Row Count 18 (+ 18) % Row 11 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-12-deleting-related-files.html"\}\}{\bf{Episode \#12}}\{\{/link\}\}\{\{nl\}\}{\bf{Deleting Related Files}} & `PS C:\textbackslash{}\textgreater{} sls \seqsplit{spammer@example}.com -list -path qf* | rm -path \{\$\_.Path -replace "\textbackslash{}\textbackslash{}qf","\textbackslash{}{[}qd{]}f"\}` \{\{nl\}\}~ `\textasciicircum{}{\emph{Note, this is PowerShell}}\textasciicircum{}` \{\{nl\}\} `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} cmd.exe /v:on /c "for /f \%i in ('findstr /m \seqsplit{spammer@example}.com qf*') do @set stuff=\%i \& del qf!stuff:\textasciitilde{}2! \& del df!stuff:\textasciitilde{}2!"` \{\{nl\}\} `\# grep -l \seqsplit{spammer@example}.com qf* | cut -c3- | xargs -I \{\} rm qf\{\} df\{\}` & & \tn % Row Count 56 (+ 38) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 12 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-13-find-vulnerable-systems-in.html"\}\}{\bf{Episode \#13}}\{\{/link\}\}\{\{nl\}\}{\bf{Find \seqsplit{Vulnerable} Systems In A Nessus Export}} & {\emph{DEPRECATED Nessus format, no longer necessary}} \{\{nl\}\}`C:\textbackslash{}\textgreater{} for /F \seqsplit{"delims=:|} tokens=2" \%i in ('findstr \seqsplit{CVE-2008-4250} *.nsr') do @echo \%i` \{\{nl\}\} `\# awk -F'|' \seqsplit{'/CVE-2008-4250/} \{print \$1\}' | sort -u` \{\{nl\}\}~ `\textasciicircum{}{\emph{funnel those IP addresses through to \seqsplit{Metasploit's} msfcli and get shell on all of them }}\textasciicircum{}` & & \tn % Row Count 31 (+ 31) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 13 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-14-command-line-shortcuts.html"\}\}{\bf{Episode \#14}}\{\{/link\}\}\{\{nl\}\}{\bf{Command Line (History) Shortcuts}} & `C:\textbackslash{}\textgreater{} doskey /history` \{\{nl\}\}~`\textasciicircum{}{\emph{up to 50 commands stored by default}}\textasciicircum{}` \{\{nl\}\}`\# CTRL+r` \{\{nl\}\}~`\textasciicircum{}{\emph{\{\{nobreak\}\}find \& run cmd \seqsplit{containing} string (ENTER | CTRL+g)}}\textasciicircum{}` \{\{nl\}\}`\# !\textless{}string\textgreater{}:p` \{\{nl\}\}~`\textasciicircum{}{\emph{only display cmd, then !! to run}}\textasciicircum{}` \{\{nl\}\}`\# !!` \{\{nl\}\}~`\textasciicircum{}{\emph{run previous cmd }}\textasciicircum{}` \{\{nl\}\}`\# \textless{}cmd\textgreater{} !\$` \{\{nl\}\}~`\textasciicircum{}{\emph{run a cmd with last argument of prev cmd (ALT+. also works)}}\textasciicircum{}` \{\{nl\}\}`\# \textless{}cmd\textgreater{} !*` \{\{nl\}\}~`\textasciicircum{}{\emph{run a cmd with all arguments of prev cmd}}\textasciicircum{}` \{\{nl\}\}`\# \textasciicircum{}foo\textasciicircum{}bar` \{\{nl\}\}~`\textasciicircum{}{\emph{\{\{nobreak\}\}run prev cmd replacing 1st instance of foo with bar}}\textasciicircum{}` \{\{nl\}\}`\# \textasciicircum{}\textless{}string\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{run prev cmd removing 1st instance of string}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} F7` \{\{nl\}\}~`\textasciicircum{}{\emph{bring up prompt with history}}\textasciicircum{}` \{\{nl\}\}`\# CTRL+p` | `CTRL+n` \{\{nl\}\}~`\textasciicircum{}{\emph{previous or next command in history (up \& down)}}\textasciicircum{}` \{\{nl\}\}`\# !\textless{}string\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{run last cmd that starts with string}}\textasciicircum{}` \{\{nl\}\}`\# !-\textless{}\#\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{run \# previous cmd}}\textasciicircum{}` \{\{nl\}\}`\# \textless{}cmd\textgreater{} !-\textless{}\#\textgreater{}\$` \{\{nl\}\}~`\textasciicircum{}{\emph{run a cmd with last argument of \# prev cmd}}\textasciicircum{}` \{\{nl\}\}`\# \textless{}cmd\textgreater{} !-\textless{}\#\textgreater{}*` \{\{nl\}\}~`\textasciicircum{}{\emph{run a cmd with all arguments of \# prev cmd}}\textasciicircum{}` \{\{nl\}\}`\# !:gs/foo/bar/` \{\{nl\}\}~`\textasciicircum{}{\emph{\{\{nobreak\}\}run prev cmd replacing all instances of foo with bar}}\textasciicircum{}` & \tn % Row Count 66 (+ 66) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 14 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-15-new-user-created-when.html"\}\}{\bf{Episode \#15.1}}\{\{/link\}\}\{\{nl\}\}{\bf{New User Created When?}} & `C:\textbackslash{}\textgreater{} net user \textless{}user\textgreater{}` \{\{nl\}\}~`\textasciicircum{}{\emph{last time password was set}}\textasciicircum{}` \{\{nl\}\}`\{\{nobreak\}\}\#awk -F: '/\textasciicircum{}\textless{}user\textgreater{}:/ \{print \$3 * 86400\}' \seqsplit{/etc/shadow`} \{\{nl\}\}~`\textasciicircum{}{\emph{last time password was set (Epoch time)}}\textasciicircum{}` & `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} dir /tc "C:\textbackslash{}Documents and Settings\textbackslash{}"` \{\{nl\}\}~`\textasciicircum{}{\emph{first logged in (before Vista)}}\textasciicircum{}` \{\{nl\}\}`\{\{nobreak\}\}\# ls -ltd /home/\textless{}user\textgreater{}/.{[}\textasciicircum{}.{]}* | tail -1` \{\{nl\}\}~`\textasciicircum{}{\emph{first logged in}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} dir /tc C:\textbackslash{}Users\textbackslash{} ` \{\{nl\}\}~`\textasciicircum{}{\emph{first logged in (Vista+)}}\textasciicircum{}` \tn % Row Count 20 (+ 20) % Row 15 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-15-new-user-created-when.html"\}\}{\bf{Episode \#15.2}}\{\{/link\}\}\{\{nl\}\}{\bf{New User Created When? Cont.}} & `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} cscript c:\textbackslash{}windows\textbackslash{}system32\textbackslash{}eventquery.vbs /L security /FI "id eq 642"` \{\{nl\}\}~`\textasciicircum{}{\emph{using "audit account \seqsplit{management"} event log (XP \& 03)}}\textasciicircum{}` \{\{nl\}\}`\{\{nobreak\}\}C:\textbackslash{}\textgreater{} wevtutil qe security /f:text "/q:*{[}System{[}(EventID=4720){]}{]}" | more` \{\{nl\}\}~`\textasciicircum{}{\emph{using "audit account \seqsplit{management"} event log (Vista+)}}\textasciicircum{}` \{\{nl\}\}`\# grep \textless{}user\textgreater{} \seqsplit{/var/log/secure*} | tail` \{\{nl\}\}~`\textasciicircum{}{\emph{limited history (may be in \seqsplit{/var/log/auth}.log)}}\textasciicircum{}` & & \tn % Row Count 65 (+ 45) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 16 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-16-got-that-patch.html"\}\}{\bf{Episode \#16}}\{\{/link\}\}\{\{nl\}\}{\bf{Got That Patch?}} & `C:\textbackslash{}\textgreater{} wmic qfe where \seqsplit{hotfixid="KB958644"} list full` \{\{nl\}\}~`\textasciicircum{}{\emph{whether MS08-067 patch was installed and when}}\textasciicircum{}` \{\{nl\}\}`\# \seqsplit{apt-show-versions} -u` \{\{nl\}\}~`\textasciicircum{}{\emph{Debian based \seqsplit{(/var/cache/apt/archives} may have install dates)}}\textasciicircum{}` & `\# rpm -qa -{}-qf "\%-30\{NAME\} \%-15\{VERSION\} \%\{INSTALLTIME:date\}\textbackslash{}n"` \{\{nl\}\}~`\textasciicircum{}{\emph{RHEL report for all packages}}\textasciicircum{}` \{\{nl\}\}`\$ ls -l \seqsplit{com.apple.pkg.update.*`} \{\{nl\}\}~`\textasciicircum{}{\emph{OS X packages and timestamps}}\textasciicircum{}` & \tn % Row Count 23 (+ 23) % Row 17 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/03/episode-17-dns-cache-snooping-in-single.html"\}\}{\bf{Episode \#17}}\{\{/link\}\}\{\{nl\}\}{\bf{DNS Cache Snooping in a Single Command}} & `\{\{nobreak\}\}C:\textbackslash{}\textgreater{} for /F \%i in \seqsplit{(names.txt)} do @echo \%i \& nslookup \seqsplit{-norecurse} \%i {[}DNSserver{]} | find "answer" \& echo.` \{\{nl\}\}~`\textasciicircum{}{\emph{names.txt contains names to check, DNSserver is optional chosen DNS server}}\textasciicircum{}` \{\{nl\}\}`\# for i in \textbackslash{}`cat names.txt\textbackslash{}`; do host -r \$i {[}nameserver{]}; done` \{\{nl\}\}~`\textasciicircum{}{\emph{names.txt contains names to check, DNSserver is optional chosen DNS server}}\textasciicircum{}` \{\{nl\}\}`\# rndc dumpdb -cache` \{\{nl\}\}~`\textasciicircum{}{\emph{if you are the server}}\textasciicircum{}` \{\{nl\}\}`\# lsof -a -c named -d cwd` \{\{nl\}\}~`\textasciicircum{}{\emph{find the current working directory of the named process}}\textasciicircum{}` & & \tn % Row Count 78 (+ 55) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 18 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/04/episode-18-clearing-system-dns-lookup.html"\}\}{\bf{Episode \#18}}\{\{/link\}\}\{\{nl\}\}{\bf{Clearing The System DNS Lookup Cache}} & `C:\textbackslash{}\textgreater{} ipconfig \seqsplit{/flushdns`} \{\{nl\}\}`\# nscd -i hosts` \{\{nl\}\}~`\textasciicircum{}{\emph{linux flush}}\textasciicircum{}` \{\{nl\}\}`\$ \seqsplit{dscacheutil} \seqsplit{-flushcache`} \{\{nl\}\}~`\textasciicircum{}{\emph{OS X flush}}\textasciicircum{}` & `C:\textbackslash{}\textgreater{} ipconfig \seqsplit{/displaydns`} \{\{nl\}\}`\# netstat -rCn` \{\{nl\}\}~`\textasciicircum{}{\emph{linux recent communication}}\textasciicircum{}` \{\{nl\}\}`\$ \seqsplit{dscacheutil} \seqsplit{-cachedump} -entries Host` \{\{nl\}\}~`\textasciicircum{}{\emph{OS X display cache}}\textasciicircum{}` & \tn % Row Count 19 (+ 19) % Row 19 \SetRowColor{white} \{\{link="http://blog.commandlinekungfu.com/2009/04/episode-19-clearing-contents-of-file.html"\}\}{\bf{Episode \#19}}\{\{/link\}\}\{\{nl\}\}{\bf{Clearing The Contents Of A File}} & `C:\textbackslash{}\textgreater{} type nul \textgreater{} my\_file` \{\{nl\}\} \{\{nl\}\}`\# cat /dev/null \textgreater{} my\_file` \{\{nl\}\} & `C:\textbackslash{}\textgreater{} copy nul my\_file` \{\{nl\}\}~`\textasciicircum{}{\emph{shorter command}}\textasciicircum{}` \{\{nl\}\}`\# cp /dev/null my\_file` \{\{nl\}\}~`\textasciicircum{}{\emph{shorter command}}\textasciicircum{}` & \tn % Row Count 35 (+ 16) \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{17.67cm}{x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} x{4.1175 cm} } \SetRowColor{DarkBackground} \mymulticolumn{4}{x{17.67cm}}{\bf\textcolor{white}{Episodes \#1-10 (cont)}} \tn % Row 20 \SetRowColor{LightBackground} \{\{link="http://blog.commandlinekungfu.com/2009/04/episode-20-ping-beep-of-death.html"\}\}{\bf{Episode \#20}}\{\{/link\}\}\{\{nl\}\}{\bf{Ping Beep of Death}} & `C:\textbackslash{}\textgreater{} for /L \%i in (1,0,2) do @(ping -n 1 \seqsplit{HostIPaddr} \textgreater{} nul || echo \textasciicircum{}G) \& ping -n 2 127.0.0.1 \textgreater{} nul` \{\{nl\}\}~`\textasciicircum{}{\emph{not \textasciicircum{} and G, actually CTRL+g}}\textasciicircum{}` \{\{nl\}\}`\# ping x.x.x.x 2\textgreater{}\&1 | awk -F: \seqsplit{'/sendto:/} \{print \$3\}' | say` \{\{nl\}\}`\$ ping -A \seqsplit{192.168.1.1`} & & \tn % Row Count 25 (+ 25) \hhline{>{\arrayrulecolor{DarkBackground}}----} \end{tabularx} \par\addvspace{1.3em} \end{document}