Summary of Ultimate Linux Penetration Testing Commands-Linux Operation and Maintenance-php.cn

Home

Operation and Maintenance

Linux Operation and Maintenance

Summary of Ultimate Linux Penetration Testing Commands

小云云

Jan 23, 2018 am 10:47 AM

linuxOrdertest

This article mainly shares with you a summary of the ultimate Linux penetration testing commands. The following is a penetration testing memo for Linux machines. They are some typical commands during later development or when performing command injection and other operations. They are designed for testers to perform local enumeration. For inspection purposes.

##netstat -tulpn Display the network port corresponding to the process ID (PID) in Linux. watch ss -stpluWatch TCP, UDP ports in real time through sockets. lsof -iDisplay confirmed connections. macchanger -m MACADDR INTRChange the MAC address on KALI Linux. ifconfig eth0 192.168.2.1/24Set the ID address in Linux. ifconfig eth0:1 192.168.2.3/24Add an IP address to an existing network interface in Linux. ifconfig eth0 hw ether MACADDRUse ifconfig to modify the MAC address in Linux. ifconfig eth0 mtu 1500Use ifconfig in Linux to modify the MTU size and change 1500 to the MTU you want. dig -x 192.168.1.1 Perform a reverse lookup of the IP address. host 192.168.1.1 Perform reverse lookup on an IP address, suitable for situations where dig is not installed. dig @192.168.2.2 domain.com -t AXFRUse dig to perform a DNS zone transfer. host -l domain.com nameserverUse host to perform a DNS zone transfer. nbtstat -A x.x.x.xGet the domain name corresponding to the IP address. ip addr add 192.168.2.22/24 dev eth0Add a hidden IP address to Linux that will not be displayed when executing the ifconfig command. tcpkill -9 host google.comBlock access to google.com from the host. echo "1" > /proc/sys/net/ipv4/ip_forwardEnable IP forwarding and turn the Linux box into a router - this is convenient Routing traffic is controlled through this box. echo "8.8.8.8" > /etc/resolv.confUse Google's DNS.

Command	Description

System information command

is useful for local enumeration checks.

CommandDescription##whoamiidlastmountdf -hecho "user:passwd" | chpasswdgetent passwdstrings /usr/local/bin/blahuname -arPATH=$PATH:/my/new-pathhistoryRedhat/CentOS/RPM based distribution


showLinux Currently logged in user.
Displays the currently logged in users and groups to the user.
Displays the last logged in user.
Display the mounted driver.
Display disk usage with human-readable output.
Reset password with one line of command.
List users on Linux.
Display the contents of non-text files, for example: what is in a binary file.
Displays the running kernel version.
Add a new path to facilitate local file system (FS) operations.
Displays the history of bash scripts executed by the user before, as well as the commands typed.

Commandcat /etc/redhat-releaserpm -qarpm -q --changelog openvpn

YUM Command

RPM-based systems use a package manager. You can use these commands to get useful information about installed packages or other tools.

Description
Displays the Redhat/CentOS version number.
List all installed RPM packages on RPM-based Linux.
Check whether the installed RPM is patched for CVE. You can use the grep command to filter out output related to CVE.

##yum updateUse YUM updates all RPM packages and also shows which ones are out of date. yum update httpdUpdate individual packages, in this case HTTPD (Apache). yum install packageUse YUM to install a package. yum --exclude=package kernel* updateExclude a package from updating when using YUM. yum remove packageUse YUM to remove the package. yum erase packageUse YUM to delete the package. yum list packageList information about yum packages. yum provides httpdDisplays the purpose of a package, for example: Apache HTTPD Server. yum info httpdDisplay package information, architecture, version and other information. yum localinstall blah.rpmUse YUM to install the local RPM, install from the repository. yum deplist packageDisplay the provider information of the package. yum list installed | moreList all installed packages. yum grouplist | moreDisplay all YUM groups. yum groupinstall 'Development Tools'Install YUM group.

Command	Description

Debian/Ubuntu/.deb based distribution

CommandDescriptioncat /etc/debian_versionDisplays the Debian version number. cat /etc/*-releaseDisplay Ubuntu version number. dpkg -lList all installed packages on Debian/.deb based Linux distributions.

Linux User Management

CommandDescriptionuseradd new-userCreate a new Linux user. passwd usernameReset the Linux user password. If you are the root user, just enter the password. deluser usernameDelete a Linux user.

Linux decompression command

How to parse different compressed packages (tar, zip, gzip, bzip2, etc.) on Linux, and others Tips for searching and other operations in compressed files.

CommandDescription##unzip archive.zipzipgrep *.txt archive.ziptar xf archive.tartar xvzf archive.tar.gztar xjf archive.tar.bz2tar ztvf file.tar.gz | grep blahgzip -d archive.gzzcat archive.gzzless archive.gzzgrep 'blah' /var/log/maillog*.gzvim file.txt.gzupx -9 -o output.exe input.exeLinux Compression Command


Extract the files in the zip package on Linux.
Search in a zip archive.
Extract the files in the tarball on Linux.
Extract the files in the tar.gz package on Linux.
Extract the files in the tar.bz2 package on Linux.
Search in a tar.gz file.
Extract files in gzip on Linux.
Read a gz file without decompression on Linux.
Use fewer commands to achieve the same function of .gz compressed package.
Search the contents of the .gz compressed package on Linux, for example, if the search is compressed log file.
Use vim to read .txt.gz files (my personal favorite).
Use UPX to compress .exe files on Linux.

Commandzip -r file.zip /dir/*Create a .zip file on Linux. tar cf archive.tar filestar czf archive.tar.gz filestar cjf archive.tar.bz2 filesgzip file

Linux 文件命令

Description

Create a tar file on Linux.
Create a tar.gz file on Linux.
Create a tar.bz2 file on Linux.
Create a .gz file on Linux.

命令	描述
df -h blah	在 Linux 上显示文件/目录的大小。
diff file1 file2	在 Linux 上比对/显示两个文件之间的差别。
md5sum file	在 Linux 上生成 MD5 摘要。
md5sum -c blah.iso.md5	在 Linux 上检查文件的 MD5 摘要，这里假设文件和 .md5 处在相同的路径下。
file blah	在 Linux 上查找出文件的类型，也会将文件是 32 还是 64 位显示出来。
dos2unix	将 Windows 的行结束符转成 Unix/Linux 的。
base64 output-file	对输入文件进行 Base64 编码，然后输出一个叫做 output-file 的 Base64 编码文件。
base64 -d output-file	对输入文件进行 Base64 解码，然后输出一个叫做 output-file 的 Base64 解码文件。
touch -r ref-file new-file	使用来自于引用文件的时间戳数据创建一个新文件，放上 -r 以简单地创建一个文件。
rm -rf	不显示确认提示就删除文件和目录。

Samba 命令

从 Linux 连接到 Samba 共享。

$ smbmount //server/share /mnt/win -o user=username,password=password1
$ smbclient -U user \\\\server\\share
$ mount -t cifs -o username=user,password=password //x.x.x.x/share /mnt/share

打破 shell 的限制

要谢谢 G0tmi1k(（或者他参考过的内容）。

Python 小技巧：

python -c 'import pty;pty.spawn("/bin/bash")'

echo os.system('/bin/bash')

/bin/sh -i

Misc 命令

命令	描述
init 6	从命令行重启 Linux 。
gcc -o output.c input.c	编译 C 代码。
gcc -m32 -o output.c input.c	交叉编译 C 代码，在 64 位 Linux 上将编译出 32 位的二进制文件。
unset HISTORYFILE	关闭 bash 历史日志记录功能。
rdesktop X.X.X.X	从 Linux 连接到 RDP 服务器。
kill -9 $$	关掉当前的会话。
chown user:group blah	修改文件或者目录的所有者。
chown -R user:group blah	修改文件或者目录，以及目录下面文件/目录的拥有者 —— 递归执行 chown。
chmod 600 file	修改文件/目录的权限设定, 详情见 [Linux 文件系统权限](#linux-file-system-permissions) 。

清除 bash 历史：

      $ ssh user@X.X.X.X | cat /dev/null > ~/.bash_history

Linux 文件系统权限

取值	意义
777	rwxrwxrwx 没有限制，完全可读可写可执行（RWX），用户可以做任何事情。
755	rwxr-xr-x 拥有者可完全访问，其他人只能读取和执行文件。
700	rwx------ 拥有者可完全访问，其他人都不能访问。
666	rw-rw-rw- 所有人可以读取和写入，但不可执行。
644	rw-r--r-- 拥有者可以读取和写入，其他人只可以读取。
600	rw------- 拥有者可以读取和写入，其他人都不能访问。

Linux File System Penetration Testing Memo

Directory	Description
/	/ is also known as the "slash" or root.
/bin	A common program shared by the system, system administrators, and users.
/boot	Boot file, boot loader (grub), kernel, vmlinuz
/dev	Contains references to system devices and files with special attributes.
/etc	Important system configuration files.
/home	The home directory of the system user.
/lib	Library files, including files for all types of programs required by the system and users.
/lost+found	Failed file operations will be saved here.
/mnt	The standard mount point for external file systems.
/media	Mount point for external file systems (or some distributions).
/net	The standard mount point of the entire remote file system - nfs.
/opt	Generally contains some additional or third-party software.
/proc	A virtual file system that contains information about system resources.
/root	The home directory of the root user.
/sbin	A program used by systems and system administrators.
/tmp	The temporary space used by the system will be cleared when restarting.
/usr	Programs, libraries, documentation, etc. for use by all user-related programs.
/var	Stores all variable files and temporary files created by users, such as log files, mail queues, print spoolers, web servers, databases, etc. .

Interesting Files/Directories in Linux

If you want to try privilege escalation/perform post-development, these are some commands worth checking out.

##/etc/passwdIncludes local Linux users. /etc/shadow Contains the hashed local account password. /etc/group Contains local account groups. /etc/init.d/ Contains the service network initialization script - it should be worth taking a look at what is installed. /etc/hostnameThe hostname of the system. /etc/network/interfacesNetwork interfaces. /etc/resolv.confSystem DNS service. /etc/profileSystem environment variables. ~/.ssh/SSH key. ~/.bash_history User’s bash history log. /var/log/Linux system log files are generally stored here. /var/adm/UNIX system log files are generally stored here. The usual path where Apache access log files exist. /etc/fstabMounted file system. ## Related recommendations:

Path	Description












/var/log/httpd/access.log

mysql creation, deletion of users and authorization (linux test)_MySQL

How to use the sed command and awk command in linux

Linux command line summary

The above is the detailed content of Summary of Ultimate Linux Penetration Testing Commands. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Linux's Essential Components: Explained for BeginnersApr 17, 2025 am 12:08 AM

The core components of Linux include the kernel, file system, shell and common tools. 1. The kernel manages hardware resources and provides basic services. 2. The file system organizes and stores data. 3. Shell is the interface for users to interact with the system. 4. Common tools help complete daily tasks.

Linux: A Look at Its Fundamental StructureApr 16, 2025 am 12:01 AM

The basic structure of Linux includes the kernel, file system, and shell. 1) Kernel management hardware resources and use uname-r to view the version. 2) The EXT4 file system supports large files and logs and is created using mkfs.ext4. 3) Shell provides command line interaction such as Bash, and lists files using ls-l.

Linux Operations: System Administration and MaintenanceApr 15, 2025 am 12:10 AM

The key steps in Linux system management and maintenance include: 1) Master the basic knowledge, such as file system structure and user management; 2) Carry out system monitoring and resource management, use top, htop and other tools; 3) Use system logs to troubleshoot, use journalctl and other tools; 4) Write automated scripts and task scheduling, use cron tools; 5) implement security management and protection, configure firewalls through iptables; 6) Carry out performance optimization and best practices, adjust kernel parameters and develop good habits.

Understanding Linux's Maintenance Mode: The EssentialsApr 14, 2025 am 12:04 AM

Linux maintenance mode is entered by adding init=/bin/bash or single parameters at startup. 1. Enter maintenance mode: Edit the GRUB menu and add startup parameters. 2. Remount the file system to read and write mode: mount-oremount,rw/. 3. Repair the file system: Use the fsck command, such as fsck/dev/sda1. 4. Back up the data and operate with caution to avoid data loss.

How Debian improves Hadoop data processing speedApr 13, 2025 am 11:54 AM

This article discusses how to improve Hadoop data processing efficiency on Debian systems. Optimization strategies cover hardware upgrades, operating system parameter adjustments, Hadoop configuration modifications, and the use of efficient algorithms and tools. 1. Hardware resource strengthening ensures that all nodes have consistent hardware configurations, especially paying attention to CPU, memory and network equipment performance. Choosing high-performance hardware components is essential to improve overall processing speed. 2. Operating system tunes file descriptors and network connections: Modify the /etc/security/limits.conf file to increase the upper limit of file descriptors and network connections allowed to be opened at the same time by the system. JVM parameter adjustment: Adjust in hadoop-env.sh file

How to learn Debian syslogApr 13, 2025 am 11:51 AM

This guide will guide you to learn how to use Syslog in Debian systems. Syslog is a key service in Linux systems for logging system and application log messages. It helps administrators monitor and analyze system activity to quickly identify and resolve problems. 1. Basic knowledge of Syslog The core functions of Syslog include: centrally collecting and managing log messages; supporting multiple log output formats and target locations (such as files or networks); providing real-time log viewing and filtering functions. 2. Install and configure Syslog (using Rsyslog) The Debian system uses Rsyslog by default. You can install it with the following command: sudoaptupdatesud

How to choose Hadoop version in DebianApr 13, 2025 am 11:48 AM

When choosing a Hadoop version suitable for Debian system, the following key factors need to be considered: 1. Stability and long-term support: For users who pursue stability and security, it is recommended to choose a Debian stable version, such as Debian11 (Bullseye). This version has been fully tested and has a support cycle of up to five years, which can ensure the stable operation of the system. 2. Package update speed: If you need to use the latest Hadoop features and features, you can consider Debian's unstable version (Sid). However, it should be noted that unstable versions may have compatibility issues and stability risks. 3. Community support and resources: Debian has huge community support, which can provide rich documentation and

TigerVNC share file method on DebianApr 13, 2025 am 11:45 AM

This article describes how to use TigerVNC to share files on Debian systems. You need to install the TigerVNC server first and then configure it. 1. Install the TigerVNC server and open the terminal. Update the software package list: sudoaptupdate to install TigerVNC server: sudoaptinstalltigervnc-standalone-servertigervnc-common 2. Configure TigerVNC server to set VNC server password: vncpasswd Start VNC server: vncserver:1-localhostno

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

2 weeks agoByDDD

R.E.P.O. How to Fix Audio if You Can't Hear Anyone

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Chat Commands and How to Use Them

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

Safe Exam Browser

Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

Notepad++7.3.1

Easy-to-use and free code editor

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software

PhpStorm Mac version

The latest (2018.2.1) professional PHP integrated development tool

Hot Topics

Where is the login entrance for gmail email?

7530

CakePHP Tutorial

1379

What is the format of the account name of steam

win11 activation key permanent

nyt connections hints and answers