Useful Linux Commands
[#1] Find version and type of distribution
To find out what version and type of Linux is, run the following commands at the shell prompt:
[#2] Find Kernel version
Use the following commands to see the kernel and gcc version used to build:
uname --kernel-name --kernel-release --machine
rpm -q kernel
dmesg | grep Linux
ls /boot | grep vmlinuz-
[#3] View Environment variables
Environment variables always provide a way to influence the behaviour of software on the system. Run the following commands to find out the information about the environment variables:
To list all environment variables in Powershell:
[#4] List of running services
A service is bound by regular permission restrictions. It all depends on what user the service runs as. Services are just regular processes that are always running. With the help of below commands, you can easily find out all the running services from privileged users:
systemctl | grep running
systemctl list-unit-files | grep enabled
systemctl --full --type service --all
service --status-all | grep running
And below are the commands which you can run to find out the running services for root user:
ps aux | grep root
ps -ef | grep root
[#5] Search for installed applications
To get a list of all installed packages or applications, run the following commands at shell prompt:
ls -alh /usr/bin/
ls -alh /sbin/
ls -alh /var/cache/apt/archivesO
ls -alh /var/cache/yum/
[#6] Important configuration files
Most of the configuration files in the Linux machine are in the /etc directory unless otherwise specified. Here we've listed out few configuration files path related to Apache Server, Syslog Server etc:
ls -aRl /etc/ | awk '$1 ~ /^.*r.*/
[#7] Search and view scheduled tasks
The cron daemon on Linux runs tasks in the background at specific times; it's like the Task Scheduler on Windows. You can even add tasks to your system's crontab files using the appropriate syntax and cron will automatically run them for you. Here we've listed out few commands which helps you to search and view the scheduled tasks:
ls -alh /var/spool/cron
ls -al /etc/ | grep cron
ls -al /etc/cron*
[#8] Search for logins and passwords
The grep and find command is one of the powerful commands to find files containing some text. With the help of below commands, you can even search for passwords or some other sensitive information:
grep -i user [filename]
grep -i pass [filename]
grep -C 5 "password" [filename]
find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password"
find / -user [user]
[#9] View network interfaces & adapter configurations
In computing, a network interface is a system's interface between two pieces of equipment or protocol layers in a computer network. The majority of network setup can be done via the interfaces configuration file at /etc/network/interfaces. You can also use below commands which helps you to find more information about network adapter configurations, DNS, Gateways etc:
[#10] Check cache and saved IP / MAC addresses
The Address Resolution Protocol (ARP) cache is a crucial component of IP networking on any operating system. What ARP does is link Ethernet addressing (IP addressing) to hardware addressing (MAC addressing). Without this system, a machine could not communicate to the outside world as one addressing scheme could not communicate with the other.
If you are on a Windows machine, then the command will be "arp -a" to view your local ARP table which will list all IP addresses and their corresponding MAC addresses.
[#11] Check for sniffing traffic
In most cases you will need root permission to be able to capture packets on an interface. But with the help of tcpdump, you can easily sniff/capture all the packets and saving them to a file to analyze with Wireshark. TCPdump is one of the most popular network analysis tool which provides both power and simplicity in single interface.
tcpdump net 192.168.0.1/32
tcpdump -i any
[#12] View confidential files
The password files are an important cornerstone of the security of your Linux system. Commonly they are /etc/passwd and /etc/shadow, and installed by default.
ls -alh /var/mail/
[#13] History Commands
In its most simple form, you can run the 'history' command by itself and it will simply print out the bash history of the current user to the screen. The history is stored in the ~/.bash_history file by default.
[#14] Finding SSH private key information
An SSH key is an access credential in the SSH protocol. Its function is similar to that of user names and passwords, but the keys are primarily used for automated processes and for implementing single sign-on by system administrators and power users.
Below are the commands/paths, where you can easily search all possible SSH Private Key informations.
[#15] Search for rewritable configuration files in /etc
The /etc directory maintains a lot of files. With below commands, you'll be able to list all configuration files that are readable and writable to everyone.
ls -aRl /etc/ | awk '$1 ~ /^.*w.*/' 2>/dev/null
ls -aRl /etc/ | awk '$1 ~ /^..w/' 2>/dev/null
ls -aRl /etc/ | awk '$1 ~ /^.....w/' 2>/dev/null
ls -aRl /etc/ | awk '$1 ~ /w.$/' 2>/dev/null
find /etc/ -readable -type f 2>/dev/null
find /etc/ -readable -type f -maxdepth 1 2>/dev/null
[#16] Recursive Web Search
With the help of below commands, you can easily search all hidden files recursively in a web server.
ls -alhR /var/www/
ls -alhR /srv/www/htdocs/
ls -alhR /usr/local/www/apache22/data/
ls -alhR /opt/lampp/htdocs/
ls -alhR /var/www/html/
ls -ahlR /home/
[#17] Common Log Files
In computing, a log file is a file that records either events that occur in an OS or other software runs, or messages between different users of a communication software.
Common Log Format
x.x.x.x user-identifier joe [12/May/2019:12:23:33 -0700] "GET /favicon.ico HTTP/1.1" 200 1234
- x.x.x.x is the IP address of the client which made the request to the server.
- user-identifier is the RFC 1413 identity of the client.
- joe is the userid of the person requesting the document.
- [12/May/2019:12:23:33 -0700]is the date, time, and time zone that the request was received, by default in strftime format %d/%b/%Y:%H:%M:%S %z.
- "GET /favicon.ico HTTP/1.1" is the request line from the client. The method GET, /favicon.ico the resource requested, and HTTP/1.1 the HTTP protocol.
- 200 is the HTTP status code returned to the client. 2xx is a successful response, 3xx a redirection, 4xx a client error, and 5xx a server error.
- 1234 is the size of the object returned to the client, measured in bytes.
ls -alh /var/lib/dhcp3/
ls -alh /var/log/postgresql/
ls -alh /var/log/proftpd/
ls -alh /var/log/samba/
[#18] Upgrade shells
Every pentester knows that amazing feeling when they catch a reverse shell with netcat but most of the time it is limited. So here we've listed out some commands that make these shells must more useable:
python -c 'import pty;pty.spawn("/bin/bash")'
perl —e 'exec "/bin/sh";'
perl: exec "/bin/sh";
ruby: exec "/bin/sh"
For more info, please visit netsec.ws
[#19] Mounting file systems
The file system is best visualized as a tree, rooted, as it were, at /. /dev, /usr, and the other directories in the root directory are branches, which may have their own branches, such as /usr/local, and so on. During the boot process, file systems listed in /etc/fstab are automatically mounted except for the entries containing noauto but with the help of following commands, you can mount any file system:
mount /dev/sda /opt
[#20] Search for unmounted file systems
The unmounting of a file system removes it from the file system mount point, and deletes the entry from the /etc/fstab file. With the help of below command, you can easily view all mounted and unmounted partitions:
[#21] Search "Advanced Linux File Permissions" Sticky bits, SUID & GUID
find / -perm -1000 -type d 2>/dev/null
find / -perm -g=s -type f 2>/dev/null
find / -perm -u=s -type f 2>/dev/null
find / -perm -g=s -o -perm -u=s -type f 2>/dev/null
[#22] Search Writable directories
In the general the writable directories are /tmp, /var /tmp, /dev /shm but if you want to search throughout the filesystem, then the commands are:
find / -writable -type d 2>/dev/null
find / -perm -222 -type d 2>/dev/null
find / -perm -o w -type d 2>/dev/null
find / -perm -o x -type d 2>/dev/null
find / \( -perm -o w -perm -o x \) -type d 2>/dev/null
[#23] Search for various unusual files, “nobody” etc
find / -xdev -type d \( -perm -0002 -a ! -perm -1000 \) -print
find /dir -xdev \( -nouser -o -nogroup \) -print
[#24] Programming languages and compilers
Linux has always seemed like the natural home for all programming languages. With the help of below commands, you can easily idenfity the common programming languages versions:
find / -name perl*
find / -name python*
find / -name gcc*
find / -name cc
[#25] Search for the ability to upload files to the server
find / -name wget
find / -name nc*
find / -name netcat*
find / -name tftp*
find / -name ftp