| By Sheldon L | Published at 2019-10-29 | Updated at 2020-04-27 |
free -<m|g|h> # free memory, by Mebibyte, Gibibyte, or Human readable
df -<m|g|h> # disk free
whoami
id # the user running the session along with the list of groups they belong to
uid
gid
uname -a # -a = -snrvmpio, see uname --help
dmesg # kernel logs
dmesg | grep [componemt]
journalctl #dumps all the available logs
journalctl -<r|f|u> [.service]
# -r: newer messages are shown first
# -f: continuously print
# -u: limit the messages to those emitted by a specific systemd unit
dmidecode
dmidecode -t
dmidecode -t [type No.]
lspci # lists PCI devices
lspci | grep Ethernet
lspci -v -s `lspci | grep VGA | cut -f1 -d\ `
lsusb # lists USB devices
lspcmcia # lists PCMCIA cards, need pcmciautils package
lsdev # need procinfo package
lshw # a combination of the above programs
# Moving around
pwd
cd [directory]
cd - # get back
cd ..
pushd [directory] # instead of cd, remembering more than just the last directory visited
popd
dirs
# List
ls -<l|a> # long / all
tree -aCd -L 2 /home
# New
mkdir [directory]
touch [file]
touch -t 12091600 myfile # set the date and timestamp to 4 p.m., December 9th
# Displaying
cat [file_name]
tac [file_name]
less [file_name]
more [file_name]
head [file_name]
tail [file_name]
<head|tail> -n 15 [file_name]
# Creating/Removing Directoris
mkdir [dir_name1] [dir_name2]
rm -rf [dir_name1]/ [dir_name2]/
mkdir ["dir name"]
rmdir ["dir name"] # The directory must be empty
rm -rf ["dir name"]/ # To remove a directory recursively
rm -rf [dir\ name]/
mkdir -p [dir_name]/{sub_dir1,sub_dir2,sub_dir3}
ls -l [dir_name]/
# Remove, copy and move files
rm -f [target_file] # force
rm -i [target_file] # interactively
cp [source_file] [target_file]
mv [source_file] [target_file]
# Finding Files
locate [file] # just search in `locate.db` updated by `cron`
which [file] # return $PATH, where the program resides on the filesystem
whereis [file] # looks for packages in a broader range of system directories
echo $PATH
find [directory] [criteria] # most complex and flexible
find / -name sbd*
find /usr -type d -name gcc # Searching only for directories named gcc
find /usr -type f -name gcc # Searching only for regular files named gcc
find -name "*.swp" -exec rm {} ’;’ # Find and remove all files that end with .swp
find [directory] -<ctime|atime|mtime> <n|+n|-n>
find / -ctime 3 # -ctime is when the inode metadata, created at excactly 3 days ago
find / -ctime +3 # within 3 days
find / -ctime -3 # before 3 days
# -atime: accessed/last read
# -mtime: modified/last written ()
find / -size 0
find / -size +10M -exec [command] {} ’;’ # find files greater than 10 MB in size and running a command on those files
grep -r [expression] [files] # -r: enables a recursive search
type [command]
type rm
type cd
time [command] # timing
time find [directory] [criteria]
time locate [file]
du -shc [file]
apt update
apt update --fix-missing
apt upgrade
apt upgrade [package]
apt-cache search [keyword]
apt search [keyword]
apt show [package]
apt install [package]
apt --fix-broken install <package>
apt remove [package] # remove package but keep configuration
apt remove --purge [package] # same as following
apt purge [package] # remove package and configuration
sudo apt autoremove
sudo apt clean
sudo apt autoclean
dpkgdpkg is the core tool to install a package .deb, either directly or indirectly through APT.# import pgp and check sha256sum
wget -q -O - https://www.[package_linke.deb] | gpg --import
gpg --fingerprint [fingerprint]
# download the SHA256SUMS and SHA256SUMS.gpg files
wget -O SHA256SUMS http://[SHA256SUMS]
wget -O SHA256SUMS.gpg http://[SHA256SUMS.gpg]
# then:
gpg --verify SHA256SUMS.gpg SHA256SUMS
sudo dpkg -i [package.deb]
sudo dpkg -r [package.deb]
sudo dpkg -l | grep [package] <| less>
sudo dpkg --listfiles [package] <| less>
sudo dpkg --purge [package]
sudo dpkg --configure -a # repair the dpkg database
# List all kernel versions installed
sudo dpkg --list | egrep -i --color 'linux-image|linux-headers'
# currently running Linux kernel
v="$(uname -r | awk -F '-virtual' '{ print $1}')"
echo $v
# Remove all old kernels
sudo apt-get --purge autoremove
sudo snap install <package>
unzip [filename.zip]
gunzip [filename.gz]
tar -xvf [filename.tar]
tar -xzvf [filename.tar.gz]
tar -xjvf [filename.tar.bz2]
tar -xJvf [filename.tar.xz]
tar -xf [fielname.tar.*] # automatically detect
make / bash# make
cd [packageDir]
make [unload] # uninstall
make [load] # install
# bash
bash [filename.sh]
# grep
ls -la /usr/bin | grep zip
# sed
echo "I need to try hard" | sed 's/hard/harder/'
# cut
echo "I hack binaries, web apps, mobile apps" | cut -f 2 -d ","
cat /etc/passwd
cut -d ":" -f 1 /etc/passwd
# awk
echo "hello::there::friend" | awk -F "::" '{print $1 $3}'
echo "hello::there::friend" | awk -F "::" '{print $1, $3}'
# practical example
gunzip access_log.txt.gz
mv access_log.txt access.log # a long log
head access.log # check head, like following
# log sample:
201.21.152.44 - - [25/Apr/2013:14:05:35 -0700] "GET /favicon.ico HTTP/1.1" 404 89 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31" "random-site.com"
70.194.129.34 - - [25/Apr/2013:14:10:48 -0700] "GET /include/jquery.jshowoff.min.js HTTP/1.1" 200 2553 "http://www.random-site.com/" "Mozilla/5.0 (Linux; U; Android 4.1.2; en-us; SCH-I535 Build/JZO54K) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Mobile Safari/534.30" "www.random-site.com"
wc -l access.log # count lines
cat access.log | cut -d " " -f 1 | sort -u # cut the word before the first " ", and sort the result
cat access.log | cut -d " " -f 1 | sort | uniq -c | sort -urn
cat access.log | grep '70.194.129.34' | cut -d "\"" -f 2 | uniq -c
cat access.log | grep '70.194.129.34' | grep '/include' | sort -u
cat access.log | grep '70.194.129.34' | grep -v '/include'
# sort : sort
# sort -u : sort and unique
sudo tail -f /var/log/apache2/access.log
watch -n 5 w
wget
curl
axel #download accelerator that transfers a file from a FTP or HTTP server through multiple connections
ping 12.34.56.78
traceroute 12.34.56.78
nmap 12.34.56.78
lsof -i -P -n
ifconfig # active eth network
iwconfig # active wireless network
netstat -r
arp -e
dig www.baidu.com
nslookup www.baidu.com
route
route add -net 10.10.10.0/24 gw 192.168.0.1
route del -net 10.10.10.0/24 gw 192.168.0.1
route add default gw 192.168.0.1
host www.google.com
host -t CNAME www.redhat.com
hostname
system-config-network
# /etc/network/interfaces
# /etc/init.d/networking init script
ifup <interface> # enable
ifdown <interface> # disable
ifconfig <interface> <private ip adress> # reassignment your ip address, <interface> is some keyword like 'eth0' which can be checked by 'ifconfig'
ifconfig <interface> <private ip adress> netmask 255.255.0.0 broadcast 192.168.1.255 # reassignment a netmask of 255.255.0.0 and broadcast of 192.168.1.255
ifconfig <interface> hw <HardWareType> <newMAC> # <HardWareType> can be like 'ether'
dhclient <interface>
dig <adress>
# change DNS in /etc/resolv.conf
ifconfig
iwconfig
iwevent
iwlist
iwspy
ifrename
iwgetid
# BlueZ tools
hciconfig
hcitool
hcidump
sdptool # scanning services
l2ping <MACadress> # once get MAC, we can do this
# start
sudo systemctl start ssh
sudo ss -antlp | grep sshd
sodo systemctl enable ssh
vim -r # recover setting to zero.
ssh-keygen -t rsa -C your_email@domain.com
# Press 'Enter' to save to defaul path
# Set Key: invisibal when input.
# If don't input anything, the key is null.
# It is recommended to set key as null.
# Confirm Key.
cat ~/.ssh/id_rsa.pub
# show your SSH key
Connect to a camera
ssh pi@[IP]
sudo raspi-config # to enable camera
# start
sudo systemctl start apache2
sudo ss -antlp | grep apache2
sodo systemctl enable apache2
kali>
service mysql start
mysql>
show databases; -- default database is already exist
-- information_schema (adm)
-- performance_schema (adm)
-- mysql (nonadm)
-- select 'mysql' for exp:
select <user>, <host>, <password> from mysql.user;
use mysql;
update user set password = "PASSWORD" where user = "root";
kali>
mysql -u root -p
kali>
mysql -u <username> -p <ipAdress>
mysql>
show databases;
select <user>, <host>, <password> from mysql.user;
proxychain <theCommandNeedProxied> <arguments>
# edit /etc/proxychain.conf
# find the 'ProxyList' section
# add proxies by entering the IP addresses and ports
# pay for proxies that can be trusted
export all_proxy="<null | protocol://ip:port>"
export http_proxy="<null | protocol://ip:port>"
export https_proxy="<null | protocol://ip:port>"
?: matches any single character*: matches any string of characters[abc]: matches any occurrence of a, b, or c[!abc]: matches any character not in the set of characters. Any one single character[ ] Any one specified character[^ ] Not the one specified character* Zero or more of the previous character^ If first character in the pattern, then pattern must be at beginning of the line to match, otherwise just a literal ^$ If last character in the pattern, then pattern must be at the end of the line to match, otherwise just a literal $+ One or more of the previous pattern? The preceding pattern is optional{ } Specify minimum, maximum or exact matches of the previous pattern| Alternation - a logical “or”( ) Used to create groups
Settings - Keyboard ShortcutCTRL-L: Clears the screen
CTRL-D: Exits the current shell
CTRL-Z: Puts the current process into suspended background
CTRL-C: Kills the current process
CTRL-H: Works the same as backspace
CTRL-A: Goes to the beginning of the line
CTRL-W: Deletes the word before the cursor
CTRL-U: Deletes from beginning of line to cursor position
CTRL-E: Goes to the end of the line
Tab: Auto-completes files, directories, and binaries