Table Of Contents
- Linux System Enumeration
- Operating System Information
- Manipulate Packages Using RPM (Red Hat)
- Manipulate Packages Using DPKG
- Update System Using Apt Get
- Situational Awareness & Process Manipulation
- User Account Enumeration & Configuration
- Network Configuration
- DNS Zone Transfer
LINUX SYSTEM ENUMERATION
OPERATING SYSTEM INFORMATION
Disk usage
df -h
Kernel version & CPU information
uname -a
Display OS information
cat /etc/issue
Display OS version information
cat /etc/*release*
Display kernel information
cat /proc/version
Locate the executable files or location of each shell on the system (Can search: tscsh, csh, ksh, bash, etc.)
which <SHELL_NAME>
Display connected drives
fdisk -l
MANIPULATE PACKAGES USING RPM (RED HAT)
List all installed Redhat Packages
rpm -qa
Install all Red Hat packages with a filename ending in .rpm in the current directory
rpm -ivh *.rpm
Remove Red Hat Package
rpm -e <PACKAGE_NAME>
MANIPULATE PACKAGES USING DPKG
List all installed packages
dpkg --get-selections
Install all packages with a filename ending in .deb in the current directory
dpkg -i *.deb
Remove Package
dpkg -r <PACKAGE_NAME>
UPDATE SYSTEM USING APT GET
Updates repositories and available packages to prepare for OS/tool update
apt-get update
Installs newer versions of packages if available (checks results of apt-get update)
apt-get upgrade
Intelligently updates system, updating dependencies and removing older obsolete packages as needed
apt-get dist-upgrade
SITUATIONAL AWARENESS & PROCESS MANIPULATION
Displays current user/group information
id
List logged on users and what they are doing
w
Show currently logged in users
who -a
Show past and current login and system boot information
last -a
Process listing
ps -ef
List mounted drives
mount
# or
findmnt
Force kill processes with specific PID
kill -9 <PID>
Kill all processes matching a specific name
killall <PROCESS_NAME>
Show all processes sorting by most active
top
List configured persistent mounts
cat /etc/fstab
USER ACCOUNT ENUMERATION & CONFIGURATION
Display user and service accounts
getent passwd
Add a user
useradd -m <USERNAME>
Add user to group
usermod -g <GROUPNAME> <USERNAME>
Change user password
passwd <USERNAME>
Lock user account
usermod --expiredate 1 --lock --shell /bin/nologin <USERNAME>
Unlock user account
usermod --expiredate 99999 --unlock --shell /bin/bash <USERNAME>
Enumerate user account details
chage -l <USERNAME>
Delete user
userdel <USERNAME>
NETWORK CONFIGURATION
List all listening, established, and connected TCP sockets every 3 seconds
watch --interval 3 ss -t --all
List all listening TCP and UDP sockets with associated PID/program name
netstat -tulpn
List all network activity associated to a specific user
lsof -i -u <USERNAME> -a
Set IP and NETMASK
ifconfig <INTERFACE_NAME> <NEW_IP> netmask <NEW_SUBNET_MASK>
# or
ip addr add <NEW_IP> dev <INTERFACE_NAME>
Add second IP to existing interface
ifconfig <INTERFACE_NAME>:<NEW_INTERFACE_NAME> <NEW_IP>
# or
ip addr add <NEW_IP>/<CIDR> dev <INTERFACE_NAME>
Set gateway
route add default gw <IP_ADDRESS> <INTERFACE_NAME>
# or
ip route add <IP_ADDRESS>/<CIDR> via <GATEWAY_IP> dev <INTERFACE_NAME>
Change MTU size
ifconfig <INTERFACE_NAME> mtu <SIZE>
# or
ip link set dev <INTERFACE_NAME> mtu <SIZE>
Change MAC address
ifconfig <INTERFACE_NAME> hw ether <MAC_ADDRESS>
# or
ip link set dev <INTERFACE_NAME> down
ip link set dev <INTERFACE_NAME> address <MAC_ADDRESS>
ip link set dev <INTERFACE_NAME> up
Built-in Wi-Fi Scanner
iwlist <INTERFACE_NAME> scan
List DHCP assignments
cat /var/log/messages | grep DHCP
Kills TCP connections running over specific port number
tcpkill host <IP_ADDRESS> and port <PORT>
Enable on IP Forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
Add DNS server
echo "nameserver <IP_ADDRESS>" >> /etc/resolv.conf
DNS ZONE TRANSFER
Reverse domain lookup
dig -x <IP_ADDRESS>
Domain lookup
host <IP_ADDRESS_OR_HOSTNAME>
DNS zone transfer
dig axfr <DOMAIN_NAME_TO_TRANSFER> @<DNS_IP>
DNS zone transfer
host -t axfr -l <DOMAIN_NAME_TO_TRANSFER> <DNS_IP>