CLI Commands Flashcards
(17 cards)
ping
Command
Ping is a command line tool that is used to perform a connection test between two network devices.
The syntax for the ping command is:ping <target IP address or hostname>
ping
Option List
The following switches are the more common switches that can be used to modify the ping command:
- -t sends ICMP packets until manually stopped.
- -a resolves addresses to hostnames.
- -n <count> specifies the number of ICMP packets to send. Ping sends 4 packets by default
- -l <size> specifies the packet size in bytes. ping sends 32-byte packets by default</size></count>
traceroute/tracert
Command
The tracert tool shows the path a packet takes to reach its destination. Every device the packet passes through is known as a hop. Use tracert to locate network devices that are down or causing latency issues.
- tracert is the Windows version and sends ICMP packets.
- traceroute is used in Linux and sends UDP packets.
pathping
Command
The pathping Windows command line tool combines the tracert and ping tools. Use pathping to locate network devices that are down or causing latency issues.
netstat
Command
Use the netstat command to display a variety of network statistics in both Windows and Linux, including:
Connections for different protocols
Open ports
Running programs
netstat
Option List
Some of the common switches used to specify the information shown in Windows are:
- -a displays all connections and listening ports.
- -b displays the executable involved in creating each connection or listening port.
- -f displays the FQDN for the foreign address if possible.
- -r displays the routing table
- -p <protocol> shows the connections for a specified protocol (TCP, UDP, TCPv6, UDPv6)</protocol>
route
Command
The route command is used in both Windows and Linux to show the routing table and to make manual changes to the table.
arp
Command
The arp command displays, adds, and removes arp information from network devices.
arp
Option List
Some of the common switches used with the arp command are:
- -a displays current ARP entries.
- inet_addr specifies an internet address
- -d deletes the host specified by inet_addr
nslookup/dig
Command
The nslookup and dig commands are used to view and modify DNS settings. These tools can be used to look up DNS server information and also give IP addresses and domain names for a network server.
- nslookup is used in Windows.
- dig is used in Linux.
ipconfig/ifconfig
Command
The ipconfig command (Windows) and the ifconfig command (Linux) are used to display the IP configuration on the local computer. Information such as the following can be shown using these commands:
- Adapter name
- Adapter MAC address
- If DHCP is enabled or not
- IPv6 address
- IPv4 address
- Subnet mask
- IP lease information
- Default gateway
- DHCP server
- DNS server
hping
Command
Hping is a security tool that can check connectivity and also analyze the target to gather information. Hping can send ICMP, TCP. UDP, and RAW-IP packets. Hping is primarily designed for Linux but can be installed in Windows.
rtgen
rtgen md5 ascii-32-95 1 7 0 1000 1000 0
This command generates a rainbow table based on the parameters specified by the user.
The parameters are: ```
rtgen hash_algorithm charset plaintext_len_min
plaintext_len_max table_index chain_len chain_num part_index
~~~
- hash_algorithm - A hashing algorithm is a mathematical algorithm that can convert an input data array of a certain type and arbitrary length to an output bit string of a fixed length. A rainbow table must be generated for the type of hash algorithm used. Although there are many hash algorithms that can be used, some of the more common are ntlm, md5, and sha1.
- charset - A charset specifies all the possible characters for the plaintext.
Some of the possible charset that can be used include:
- - Numeric = [0123456789]
- - alpha = [ABCDEFGHIJKLMNOPQRSTUVWXYZ]
- - alpha-numeric = [ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789]
- - loweralpha = [abcdefghijklmnopqrstuvwxyz]
- - loweralpha-numeric = [abcdefghijklmnopqrstuvwxyz0123456789]
- - ascii-32-95 = ascii-32-95 = [ !”#$%&’()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[]^_‘abcdefghijklmngpqrstuvwxyz{|}~]
- plaintext_len_min and plaintext_len_max - These two values, such as 1 7, specify the length of the plaintext.
The next four parameters are advanced values and are beyond the scope of this lesson. Therefore, only a brief explanation is given here:
- table_index - Specifies the reduction function. Examples are: 0, 1, 2, 3, 4. Zero is often used as the default.
- chain_len - This specifies the rainbow chain length.
- chain_num - This specifies the number of rainbow chains to generate.
- part_index - The number of files used to store the rainbow table. If a value greater than zero is used, the rainbow table is saved in the number of smaller files specified by the value.
0 1000 1000 0
rsort .
Sorts the rainbow table
rcrack . -l /root/hashes.txt
The -l parameter loads the hashes from a file, and each hash is shown on its own line. The hash is shown, followed by the cracked password.
Example output:
plaintext of 590cb9bZaC590/5b9b4b0/152d2321117 P@ssw0rd
plaintext of 400238780e6c41f8f790161e6ed4aafc21 Test_Out@11_Last
plaintext of 89BF04763BF91C9EE2DDBE23D735C73OBDD41FF2 NeverLAnd5
rcrack . -h hashvalue
The -h parameter loads and displays the results for a single hash.
rcrack . -h 590cb9bZaC590/5b9b4b0/152d2321117
