Skip to main content

Table Of Contents

  • Linux Post Exploitation
    • Misc Commands
    • Mount USB Device
    • Bash History Manipulation

LINUX POST EXPLOITATION

MISC COMMANDS

List out audio devices

arecord -L

Record microphone (one of the devices listed above) for 5 seconds to a file

arecord -d 5 -D plughw <FILE_PATH>

Compile C program

gcc <FILE_PATH>.c -o <OUTPUT_PATH>

Reboot/Shutdown

init 6
init 0

Display log files

cat /etc/*syslog*.conf | grep -v “^#”

Strip URL links out of a file

cat <FILE_PATH> | grep -Eo "(http|https)://[a-zA-Z0-9./?=_%:-]*" | sort -u

Scrape URL and write to a file

wget http://<URL> -O <FILE_PATH> -o /dev/null

Start a remote desktop session with target IP

rdesktop <IP_ADDRESS>

Log all shell activity. Session is written to file after session exit

script -a <FILE_PATH>

Display user command history and then execute specific line in history

history
!<LINE_NUMBER>

Background command and print all output from command to a file named .nohup

nohup <COMMAND> &

Mount SMB share to /mnt/share folder

mount.cifs //<IP_ADDRESS>/<SHARE_NAME> /mnt/share -o user=<USERNAME>,pass=<PASSWORD>,domain=<DOMAIN>,rw

Add another variable to the PATH

export PATH="<PATH_TO_ADD>:$PATH"

Connect to Windows SMB Share

smbclient -U <USERNAME> //<IP_ADDRESS>/<SHARE_NAME>

MOUNT USB DEVICE

List out potential devices to mount. Make note of the device path

sudo fdisk -l

Create directory to mount to

mkdir /media/myUSBDevice

Mount device to created directory

mount <DEVICE_PATH> /media/myUSBDevice/

Run mount to show all mounted devices. See if USB device was mounted successfully

mount | grep <DEVICE_PATH>

Unmount USB device

umount -f /media/myUSBDevice

BASH HISTORY MANIPULATION

Clear auth.log

echo > /var/log/auth.log

Clear current user Bash history

echo > ~/.bash_history

Delete .bash history file

rm ~/.bash_history -rf

Clear current session history

history -c

Set history max lines to 0

export HISTFILESIZE=0

Set history max commands to 0

export HISTSIZE=0

Disable history logging (need to logout to take effect)

unset HISTFILE

Kills current session

kill -9 $$

Permanently send all Bash history commands to /dev/null

ln -sf /dev/null ~/.bash_history