Linux Basics
Essential Linux for Hackers.
Reference
HACK THE BOX Academy Linux
Finding Files
Locate commad
ls with modified time
Find files based on filename
find [directory path] -type f -name [filename]
find /home/Andy -type f -name sales.txt
Find Directory based on directory name
find [directory path] -type d -name [filename]
find /home/Andy -type d -name pictures
Find files based on size
find [directory path] -type f -size [size]
find /home/Andy -type f -size 10c
(c for bytes,
k for kilobytes
M megabytes
G for gigabytes
type:'man find' for full information on the options)
Find files based on username
find [directory path] -type f -user [username]
find /etc/server -type f -user john
Find files based on group name
find [directory path] -type f -group [group name]
find /etc/server -type f -group teamstar
Find files modified after a specific date
find [directory path] -type f -newermt '[date and time]'
find / -type f -newermt '6/30/2020 0:00:00'
(all dates/times after 6/30/2020 0:00:00 will be considered a condition to look for)
Find files based on date modified
find [directory path] -type f -newermt [start date range] ! -newermt [end date range]
find / -type f -newermt 2013-09-12 ! -newermt 2013-09-14
(all dates before 2013-09-12 will be excluded; all dates after 2013-09-14 will be excluded, therefore this only leaves 2013-09-13 as the date to look for.)
Find files based on date accessed
find [directory path] -type f -newerat [start date range] ! -newerat [end date range]
find / -type f -newerat 2017-09-12 ! -newerat 2017-09-14
(all dates before 2017-09-12 will be excluded; all dates after 2017-09-14 will be excluded, therefore this only leaves 2017-09-13 as the date to look for.)
Find files with a specific keyword
grep -iRl [directory path/keyword]
grep -iRl '/folderA/flag'
Ignore only these
grep -v "hello"
read the manual for the find command
man find
man find
check the history of bash
history
SSH key does not work
chmod 600 for SSH key to work
Check Sudo Permissions
sudo -l (tells which programs user can run as root)
Calculate Hash
Sha256sum filename (to compute the hash)
Logs
Linux logs are located in var/log
Important commands
whoami
Displays current username.
id
Returns users identity. Gives other groups the user is part of.
hostname
Sets or prints the name of current host system.
uname -a
Prints basic information about the operating system name and system hardware.
pwd
Returns working directory name.
ifconfig
The ifconfig utility is used to assign or to view an address to a network interface and/or configure network interface parameters.
ip
Ip is a utility to show or manipulate routing, network devices, interfaces and tunnels.
netstat
Shows network status.
ss
Another utility to investigate sockets.
ps
Shows process status.
ps aux
processes by all users
top
real time view of processes
who
Displays who is logged in.
env
Prints environment or sets and executes command.
lsblk
Lists block devices.
lsusb
Lists USB devices
lsof
Lists opened files.
lspci
Lists PCI devices.
wc -l access.log
show no of lines in a file
su
The su
utility requests appropriate user credentials via PAM and switches to that user ID (the default user is the superuser). A shell is then executed. su - rocketchat
useradd
Creates a new user or update default new user information.
userdel
Deletes a user account and related files.
usermod
Modifies a user account.
addgroup
Adds a group to the system.
delgroup
Removes a group from the system.
passwd
Changes user password.
lsb_release -a
Current OS version
Start stop service
systemctl stop myservice
Start
Stop
Enable (add to system start up)
Disable
Background process
ctrl+z
add & at the end
fg processid
Important Files
shadow, passwd
/etc
passwords
sudoers
/etc
Sudo permissions
log,backup
/var
/tmp
writable in most of the cases
fail2ban.log, ufw.log,apache
/var/log
important logs
cronjobs
Crontab is one of the processes that is started during boot, which is responsible for facilitating and managing cron jobs.
A crontab is simply a special file with formatting that is recognised by the cron
process to execute each line step-by-step. Crontabs require 6 specific values:
MIN
What minute to execute at
HOUR
What hour to execute at
DOM
What day of the month to execute at
MON
What month of the year to execute at
DOW
What day of the week to execute at
CMD
The actual command that will be executed.
crontab generator can be used to generate crontabs.Crontabs can be edited by using crontab -e
, where you can select an editor (such as Nano) to edit your crontab.
crontab -l to see running crontabs
Services
Start a service
run a service after start up
Enumerate services
Access a shared folder
In Network tab press ctrl + L
Escalate the privilege
Bypass Windows UAC
background the session with ctrl+z
Clear logs
Cat alternative
if cat command does not work, try head, less, nano, vim. If not use grep
Playing with text. Sorting, finding uniques values and cutting the values
We already have the list of unique domains based on our previous use case. Now, we only need to add some parameters to our commands to get the count of each domain accessed. This can be done by adding the -c
option to the uniq command.
Moreover, the result can be sorted again based on the count of each domain by using the -n
option of the sort command.
Based on the result, you can see that the count of connections made for each domain is sorted in ascending order. If you want to make the output appear in descending order, use the -r
option. Note that it can also be combined with the -n
option (-nr
if written together).
Last updated