Linux Commands#
Day-to-day Linux commands the operator runs on their attack platform and on compromised hosts. Filesystem navigation, system facts, process control, networking, permissions, and the basic compression and search utilities.
File system#
$ ls # list directory
$ ls -l # long format
$ ls -a # all (hidden)
$ ls -F # mark dirs (/), executables (*)
$ ls dir # list a specific dir
$ cd dir # change to dir
$ cd .. # up one
$ cd / # root
$ cd ~ # home
$ cd - # last directory
$ pwd # working directory
$ mkdir dir # create directory
$ rm file # delete
$ rm -r dir # recursive delete
$ cp file1 file2 # copy
$ cp -r dir1 dir2 # recursive copy
$ mv file1 file2 # move (rename)
$ ln -s file link # symlink
$ touch file # create or update
$ cat file # contents
$ less file # page
$ head file # first 10
$ tail file # last 10
$ tail -f file # follow
$ vim file # edit
$ alias name 'command' # alias
System#
$ cat /etc/*release* # OS version
$ cat /etc/issue # OS version
$ cat /proc/version # kernel
$ date # date and time
$ df # disk usage
$ du # directory usage
$ finger user # user info
$ free # memory and swap
$ last -a # last logins
$ man command # manual
$ mount # mounted filesystems
$ nbtstat -A <IP|CIDR> # query hostname
$ reboot # reboot
$ shutdown # shutdown
$ uname -a # arch and kernel
$ whereis app # find binary
$ which app # default path
$ who -a # logged-in users
$ whoami # current user
Process#
$ ps -aef # active processes
$ top # running processes
$ kill pid # signal a process
$ kill -9 pid # force kill
Networking#
$ echo "1" > /proc/sys/net/ipv4/ip_forward # enable forwarding
$ echo "nameserver <IP>" > /etc/resolv.conf
$ ifconfig <eth#> <IP>/<CIDR> # interface IP
$ iwlist <wlan#> scan # WiFi scan
$ lsof -i # open net files
$ lsof -i tcp:80 # processes on port 80
$ netstat -ant # TCP connection state
$ netstat -anu # UDP
$ route add default gw <IP> # gateway
$ share <USER> <IP> C$ # mount Windows C$
$ smb://<IP>/IPC$ # SMB connect to IPC
$ smbclient -U <USER> \\\\<IP>\\<SHARE> # smbclient
$ watch netstat -an # continuous connection status
Permissions#
$ ls -lart # date order, with permissions
$ chmod ugo file # 7 full / 6 rw / 5 rx / 4 r / 3 wx / 2 w / 1 x / 0 none
$ chmod 600 file # rw owner, good for files
$ chmod 700 file # rwx owner, good for scripts
$ chmod 644 file # owner rw, others r, good for webpages
$ chmod 755 file # owner rwx, others rx, good for shared programs
Net utilities#
$ curl <URL> -O # download file
$ dig -x host # reverse lookup
$ dig domain.com # DNS info
$ dos2unix file.txt # Windows to Unix line endings
$ lsof -i tcp:80 # processes on port 80
$ ping host # ICMP echo
$ scp -r user@host:dir dir # secure copy recursive (pull)
$ scp file user@host:dir # secure copy (push)
$ scp user@host:file dir # secure copy (pull)
$ script -a file.txt # record terminal to file
$ ssh -p port user@host # SSH on port
$ ssh user@host # SSH
$ ssh-copy-id user@host # add your key
$ wget <URL> -O file.txt # download
$ whois domain.com # whois
Searching#
$ grep pattern files # pattern in files
$ grep -r pattern dir # recursive
$ grep -rn pattern dir # with line numbers
$ grep -r pattern dir --include='*.ext' # filter by extension
$ command | grep pattern # pattern in command output
$ find file # find in real filesystem
$ locate file # indexed (updatedb)
$ sed -i 's/day/night/g' file # substitute global
Compression#
$ tar cf file.tar files # tar
$ tar xf file.tar # extract
$ tar czf file.tar.gz files # gzip tar
$ tar xzf file.tar.gz # extract gzip tar
$ gzip file # compress to file.gz
$ gzip -d file.gz # decompress
$ zip -r <file.zip> \path\* # zip directory
Shortcuts#
Ctrl+a move to start of line
Ctrl+f move to end of line
Alt+f forward one word
Alt+b backward one word