Shulou(Shulou.com)06/01 Report--

This article mainly shows you the "Linux penetration test command quick look-up table method", the content is easy to understand, clear, hope to help you solve doubts, the following let the editor lead you to study and learn the "penetration test command quick look-up table method in Linux" this article.

The following is a quick check list of penetration tests for Linux machines, which are typical commands during post-development or when performing operations such as command injection, designed for testers to perform local enumeration checks.

In addition, you can read a lot of articles about penetration testing here.

The command description netstat-tulpn displays the network port corresponding to the process ID (PID) in Linux. Watch ss-stplu observes TCP and UDP ports in real time through sockets. Lsof-I displays the confirmed connection. Macchanger-m MACADDR INTR modifies the MAC address on KALI Linux. Ifconfig eth0 192.168.2.1 ifconfig eth0 24 sets the ID address in the Linux. Ifconfig eth0:1 192.168.2.3 IP 24 adds an IP address to an existing network interface in Linux. Ifconfig eth0 hw ether MACADDR uses ifconfig to modify the MAC address in Linux. Ifconfig eth0 mtu 1500 uses ifconfig in Linux to modify the size of MTU, changing 1500 to the MTU you want. Dig-x 192.168.1.1 does a reverse lookup of the IP address. Host 192.168.1.1 does a reverse lookup on an IP address, which is suitable for situations where dig is not installed. Dig @ 192.168.2.2 domain.com-t AXFR uses dig to perform a DNS area transfer. Host-l domain.com nameserver uses host to perform a DNS area transfer. Nbtstat-A x.x.x.x gets the domain name corresponding to the IP address. Ip addr add 192.168.2.22 ip addr add 24 dev eth0 adds a hidden IP address to Linux, which is not displayed when the ifconfig command is executed. Tcpkill-9 host google.com blocks access to google.com from the host. Echo "1" > / proc/sys/net/ipv4/ip_forward enables IP forwarding, turning the Linux box into a router-- making it easy to control routing traffic through this box. Echo "8.8.8.8" > / etc/resolv.conf uses Google's DNS. System information command

It is useful for local enumeration checking.

The command description whoami displays the currently logged in user on the Linux. Id displays the currently logged in users and groups to the user. Last shows the user who logged in last time. Mount displays mounted drivers. Df-h shows disk usage with human-readable output. Echo "user:passwd" | chpasswd resets the password with one command. Getent passwd lists the users on the Linux. Strings / usr/local/bin/blah displays the contents of a non-text file, such as what is in a binary file. Uname-ar shows the kernel version that is running. PATH=$PATH:/my/new-path adds a new path to facilitate local file system (FS) operations. History displays the history of bash scripts that the user executed previously, as well as the commands that were typed in. The release command based on Redhat / CentOS / RPM describes cat / etc/redhat-release and displays the Redhat / CentOS version number. Rpm-qa lists all installed RPM packages on the RPM-based Linux. Rpm-Q-changelog openvpn checks whether the installed RPM is patched for CVE, and you can use the grep command to filter out the output related to CVE. YUM command

RPM-based systems use package managers, and you can use these commands to get useful information about installed packages or other tools.

The command describes that yum update updates all RPM packages with YUM, and also shows which ones are out of date. Yum update httpd updates a separate package, in this case HTTPD (Apache). Yum install package installs a package using YUM. Yum-exclude=package kernel* update excludes a package from updating when using YUM. Yum remove package uses YUM to delete packages. Yum erase package uses YUM to delete packages. Yum list package lists information about the yum package. Yum provides httpd shows the purpose of a package, for example: Apache HTTPD Server. Yum info httpd displays package information, schema, version, and so on. Yum localinstall blah.rpm uses YUM to install the local RPM from the repository. Yum deplist package displays the provider information of the package. Yum list installed | more lists all installed packages. Yum grouplist | more displays all YUM packets. Yum groupinstall 'Development Tools' installs the YUM grouping. The release command based on Debian / Ubuntu / .deb describes cat / etc/debian_version and displays the Debian version number. Cat / etc/*-release displays the Ubuntu version number. Dpkg-l lists all installed packages on the Debian /. Deb-based Linux distribution. The Linux user management command describes useradd new-user to create a new Linux user. Passwd username resets the Linux user password. If you are a root user, just enter the password. Deluser username deletes a Linux user. Linux decompression command

How to parse different compressed packages (tar, zip, gzip, bzip2, etc.) on Linux, as well as other tips for searching in compressed packages.

The command describes how unzip archive.zip extracts files from the zip package on Linux. Zipgrep *. Txt archive.zip searches in a zip package. Tar xf archive.tar extracts the files in the tar package on Linux. Tar xvzf archive.tar.gz extracts the files in the tar.gz package on Linux. Tar xjf archive.tar.bz2 extracts the files in the tar.bz2 package on Linux. Tar ztvf file.tar.gz | grep blah searches in a tar.gz file. Gzip-d archive.gz extracts files from gzip on Linux. Zcat archive.gz reads an gz file in Linux without unzipping it. Zless archive.gz implements the same function for .gz packages with fewer commands. Zgrep 'blah' / var/log/maillog*.gz performs a search on Linux for the contents of the .gz package, such as searching for compressed log files. Vim file.txt.gz uses vim to read the .txt.gz file (my personal favorite). Upx-9-o output.exe input.exe uses UPX to compress .exe files on Linux. The Linux compression command describes how zip-r file.zip / dir/* creates a .zip file on Linux. Tar cf archive.tar files creates a tar file on Linux. Tar czf archive.tar.gz files creates a tar.gz file on Linux. Tar cjf archive.tar.bz2 files creates a tar.bz2 file on Linux. Gzip file creates a .gz file on Linux. The Linux file command describes the size of the file / directory that df-h blah displays on Linux. Diff file1 file2 compares / displays the differences between the two files on Linux. Md5sum file generates MD5 feeds on Linux. Md5sum-c blah.iso.md5 checks the MD5 summary of the file on Linux, assuming that the file and .md5 are in the same path. File blah finds the type of file on Linux and also displays whether the file is 32-bit or 64-bit. Dos2unix converts the line Terminator of Windows to that of Unix/Linux. Base64

Output-file encodes the input file with Base64, and then outputs a Base64-encoded file called output-file. Base64-d

Output-file decodes the input file with Base64, and then outputs a Base64 decoding file called output-file. Touch-r ref-file new-file creates a new file using the timestamp data from the referenced file, and puts-r to simply create a file. Rm-rf deletes files and directories without displaying a confirmation prompt. Samba command

Connect to the Samba share from Linux.

$smbmount / / server/share / mnt/win-o user=username,password=password1 $smbclient-U user\ server\\ share$ mount-t cifs-o username=user,password=password / / x.x.x.x/share / mnt/share breaks the shell restriction

Thanks to G0tmi1k (or what he has referenced).

Python Tips:

The python-c 'import pty;pty.spawn ("/ bin/bash")' echo os.system ('/ bin/bash') / bin/sh-iMisc command command describes how init 6 restarts Linux from the command line. Gcc-o output.c input.c compiles C code. Gcc-M32-o output.c input.c cross-compiles C code, and 32-bit binaries will be compiled on 64-bit Linux. Unset HISTORYFILE turns off bash history logging. Rdesktop X.X.X.X connects to the RDP server from Linux. Kill-9 $$close the current session. Chown user:group blah modifies the owner of a file or directory. Chown-R user:group blah modifies the file or directory, and the owner of the file / directory under the directory-recursively executes chown. Chmod 600file modifies file / directory permission settings. For more information, please see [Linux File system permissions] (# linux-file-system-permissions).

Clear bash history:

$ssh user@X.X.X.X | cat / dev/null > ~ / .bash_historyLinux file system permission meaning 777rwxrwxrwx has no restrictions, it is fully readable, writable and executable (RWX), and the user can do anything. 755rwxr-xr-x owners are fully accessible, while others can only read and execute files. 700rwxMurray-the owner is fully accessible and no one else can access it. 666rwMurrw RW-everyone can read and write, but not executable. The owner can read and write, others can only read. 600rwMeltel-the owner can read and write, and no one else can access it. The penetration test memo directory description of the Linux file system is also known as the "slash" or root. / bin is a common program shared by systems, system administrators, and users. / bootBoot file, boot loader (grub), kernel, vmlinuz/dev contains references to system devices and files with special properties. / etc important system configuration file. The home directory of the / home system user. / lib library files, including files for all types of programs needed by the system and users. The failure of the / lost+found file operation will be saved here. The standard mount point for / mnt external file systems. The mount point of the / media external file system (or some distributions). / net the standard mount point of the entire remote file system-- nfs. / opt generally contains some additional or third-party software. / proc A virtual file system that contains information about system resources. The home directory of the / rootroot user. / sbin A program used by the system and system administrators. / tmp temporary space for the system, which will be emptied when rebooted. / usr programs, libraries, documents, etc., for use by all user-related programs. / var stores all user-created mutable and temporary files, such as log files, mail queues, spoolers, Web servers, databases, and so on. Interesting files / directories in Linux

If you want to try to upgrade privileges / perform post-development, these are all commands worth looking at.

The path description / etc/passwd contains the users of the local Linux. / etc/shadow contains the hashed local account password. / etc/group contains a grouping of local accounts. / etc/init.d/ contains the service network initialization script-what exactly is installed should be worth a look. / hostname of the etc/hostname system. / etc/network/interfaces network interface. / DNS service of the etc/resolv.conf system. Environment variables of the / etc/profile system. ~ / .ssh/SSH key. ~ /. Bash_history user's bash history log. The log files of / var/log/Linux system are usually stored here. The log files of the / var/adm/UNIX system are generally stored here. The usual existence path for / var/log/apache2/access.log/var/log/httpd/access.logApache access log files. / etc/fstab mounted file system. The above is all the contents of this article "the method of Quick check Table of Penetration Test commands in Linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.