Skip to content

Unix

Info

Wild collection of commands for unix like operating systems

Basics

# manual for commands
man <command>

# what is ls ?
whatis ls

# better whatis
apropos shell

# list all available commands (bash)
compgen -c

# list all aliases (bash)
compgen -a

# list cmd history
history

# print working directory
pwd

# change directory
cd

# list with hidden files
ls -la

# search for keyword in directory
ls -l /usr/share/nmap/scripts/*ftp*

# pretty print path variables
echo $PATH | sed 's/:/\n/g'

File / Directory Handling

# create file
touch <file>

# create file and write to file
echo 'hello' > world.txt

# append to file
echo 'hello' >> world.txt

# create file
nano <file>

# create file
vim <file>

# print file in terminal
cat <file>

# cat alternative
while read line; do echo $line; done < file

# cat alternative
echo < file

# display the first parts (10 lines default) of a file
head

# display first 12 lines
head -n 12

# output the last parts (10 lines default) of a file
tail

# display last 12 lines
tail -n 12

# watch changes in realtime
tail -f /var/log/auth.log

# more is a filter for paging through text one screenful at a time
more

# opposite of more
less

# open file with less scroll to end
less +G \<file>

# copy file to destination
cp <path> <destination>

# copy directory to destination
cp -r <source> <destination>

# remove file
rm <file>

# remove directory
rm -r <directory>

# move file / rename file
mv <source> <destination>

# change file rights to read write execute
chmod 777 <file>

# add execute permissions for everyone
chmod +x <file>

# create directory
mkdir <name>

# create directory and cd to ( $\_ holds the last parameter from previous command)
mkdir <name> && cd "$_"

# remove directory
rmdir <name>

# determine file type
file <file>

# display file status
stat <file>

# file status with time of file birth, human-readable
stat -c '%w' .bash_history

# file status with last data modification time
stat -c '%y' .bash_history

# pattern scanning and processing language
awk

# split at delimiter and print at index x
awk -Fx '{print $3}' /etc/passwd

# stream editor for filtering and transforming text
sed

# substitute e with 3 and t with 7 in file
sed 's/e/3/; s/t/7/' eagrs.html

# sort lines of textfile
sort

# omit repeated lines
uniq -c

# text formatter
fmt

# translates or deletes characters from standard input and writes results to standard output
tr

# stdout as parameter for second command
locate flag5 | xargs cat

# compress directory
tar vcfz <target>.tar.gz <source>/

# de-compress tar.gz
tar xvzf flag8.tar.gz -C .

# exclude directories when using tree
tree -I 'node_*|cache|test'

# recursively list files
find $PWD -type f

# tree alternative 
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'

# print path to file (if path is not valid $updatedb)
locate <file>

# find file by name in home directory
find ~ -name 'bookmarks.html'

# find 10 largest files/directories sorted by size (%s=size;%p=file/dir;-n=numericSort;-r=reverseResult)
find -printf '%s %p\n' \| sort -nr \| head -n 10

# find file modified on specific date
find /home/topson/workflows -type f -newermt 2016-09-11 ! -newermt 2016-09-13

# extended grep, more regexp
egrep = grep -E

# fast grep, no regexp
fgrep = grep -F

# recurvise grep
rgrep = grep -r

# show with line number
grep -n

# stop reading file after first match
grep -m1

# prints 5 lines after pattern match
grep -A 5 'aliases' ~/.bashrc

# prints 5 lines before pattern match
grep -B 5 'aliases' ~/.bashrc

# count letter e in file
grep -o 'e' agrs.html | wc -l 

# find flags
grep -rnw . -e 'thm{[0-9,a-z]*}'

# search directory for file that contain a specific string
grep -r <string> <directory>

# extract all names with length 3 from wordlist
egrep '.{3}' /usr/share/wordlists/SecLists/Usernames/Names/names.txt > 3names

# grep case insensitive 
ps aux | grep -i apt

# loop through files and search for flags
for i in {1..9}; do strings apngframe0$i.png \| grep CTF ; done

# list all files with read access for all and replace 'abc' with 'dev'
find /home/bob -type f -perm -o=r | sed -e 's/abc/dev/g'

# find executables modified after date and surpress errors
find / -executable -type f -newermt '02/21/2020 0:00:00' 2>/dev/null

# find flag files and read them
find -name "*flag*" | while read line; do strings $line; done \| grep thm

# find all file owned by a group
find / -type f -group users 2>/dev/null

# find all files with suid permission
find / -perm -u=s -type f 2>/dev/null

Users / Groups

# display current user
whoami

# add user
adduser <user>

# make user sudo
usermod -aG sudo <user>

# rename user
usermod -- <newname> <oldname>

# display last logins of users
last

# display user information
finger <user>

# delete user
userdel <user>

# remove user account with force removal of files
userdel -f <user>

# remove user account including home directory and mail spool
userdel -r <user>

# remove any SELinux user mapping for the user when deleting user
userdel -Z <user>

# list user accounts
cat /etc/passwd

# list shadows
cat /etc/shadow

# switch user
su <user>

# switch user to root
su -

# display who is logged in, what they are doing
w

# run whoami as bob
sudo -u bob whoami

# list the allowed (and forbidden) commands for the invoking user
sudo -l

# find users in group root

cat /etc/group | grep root

Administration / Networking

# generate ssh keys with rsa and length 4096 bits
ssh-keygen -t rsa -b 4096

# generate elliptic curve ssh keys
ssh-keygen -t ed25519

# copy public key to server
ssh-copy-id user@ip

# secure shell to remote host
ssh -vvv -p <port> <remote_username>@<remote_host>

# copy public key to remote server
ssh-copy-id <remote_username>@<remote_host>

# copy file to remote host
scp -P <port> <local_file> <remote_username>@<remote_host>:<path>

# copy directory to remote host
scp -r -P <port> <local_directory> <remote_username>@<remote_host>:<path>

# copy file from remote host
scp -P <port> <remote_username>@<remote_host>:<path> <local_path>

# check ssh localy
ssh localhost

# quick rdp
xfreerdp /u:admin /p:password /v:10.10.82.134

# print system information
uname -a

# print system information
cat /etc/os-release

# print system information
cat /etc/lsb-release

# get operating system
hostnamectl \| grep "Operating System"

# print system information
uname -a

# print environment variables
printenv

# list all running services
systemctl list-unit-files --type service --all

# get status information of service
systemctl status <service>

# stop service
systemctl stop <service>

# start service
systemctl start <service>

# restart service
systemctl restart <service>

# disable service
systemctl disable <service>

# enable service
systemctl enable <service>

# check status of ssh service
sudo service ssh status

# sudo systemctl start sshd.service
start sshd service

# start ssh after restart
sudo systemctl enable ssh

# turn wifi off
nmcli radio wifi off

# get pid of current shell
echo $$

# display linux processes (s: change interval, i: only show active processes)
top

# watch process with pid 1337
top -pid 1337

# sort by cpu and delay 10s
top -u -s 10

# show I/O in terminal, device and SPU summery statistics
iostat

# show file activity for both disk and network
fs_usage

# print ethernet network information
ifconfig

# print wireless network information
iwconfig

# ping endless
ping 127.0.0.1

# ping once
ping -c 1 127.0.0.1

# resolve ip adress of a system to its mac adress
arp -a

# show all open ports an what's connected to the port
netstat -ano

# print network connections, routing tables, interface statistics, masquerade connections and multicast memberships
netstat -tulpn

# list routing table
route

# trace path to a network host
tracepath <ip>

# display updated information about the network (a bit like top for net I/O)
nettop

# utility to investigate sockets
ss

# show table routes
ip route = ip r

# find dns name by ip
nslookup 130.149.17.4

# report a snapshot of the current processes
ps

# see every process on the system
ps -aux

# trace system calls and signals of containerd
strace -f -p pidof containerd-o strace_log

# trace system calls and grep
strace -f -p 4155 2>&1 | grep write

# trace system calls and write everything to file
strace -f -p 4155 1>my_strace_output 2>&1

# curl website, -L: follow redirects, -o write output to file
curl -Lo out.html www.google.com/

# mail exchange lookup
dig 133.713.37.1 MX

# get txt records
dig -t txt example.com

# create php webserver in current directory
php -S localhost:<port> -t .

# create python webserver in current directory
python3 -m http.server

# get external ip
dig +short myip.opendns.com @resolver1.opendns.com

# connect to localhost on port 8080 via netcat
nc localhost 8080

# list all crontabs
crontab -l

Install / Uninstall

# download package information from all configured sources. sources are defined in /etc/apt/sources.list or /etc/apt/sources.list.d
apt update

# install available upgrades of all packages currently installed on the system from the sources configured via sources.list file
apt upgrade

# install git
apt install git -y

# search for package in apt
apt-cache search firefox

# count results
apt-cache search firefox-d | grep firefox -c

# remove package
apt remove thunderbird --purge

Misc

# show uptime
uptime

# create alias
echo "alias ls='ls -l'" >> .bash_aliases

# ls => escape alias
\ls

# decode base64 string
cat flag20 | base64 -d

# base64 encoding
echo -n '{"cookie":"monster","hijack":"session"}' | openssl base64

# binary to ascii
cat binary | perl -lpe '$_=pack"B*",$_'

# generate wordlist
crunch <min> <max> ABCDEFGHIJKLMNOPQRSTUVWXYZ

# set system clock from hardware clock
sudo hwclock -s

# set german keyboard
setxkbmap -layout de

# suppress command output
echo nooutput &>/dev/null
: $(echo nooutput)
echo nooutput | :