tar -czvf info.tar.
gz info Get-CimInstance -ClassName Win32_LogicalDisk
linmid<x><SGL>.txt hka92
sudo systemctl enable ssh
ssh-keygen -t rsa
ssh-copy-id localhost
ssh-copy-id kali@ipaddress
ssh locahost\kali
File system table:
/etc/fstab,fdisk
File system creation/repair:
mkfs,fsck
Disk analysis, creation:
df,du,dd, df -h
Memory: free,vmstat,top
System info: uptime
Space: du -hs “$HOME”
Uname,hostname,ifconfig,ip,d
hclient
Traceroute,netstat,route
Iptables,sftp
Id, su, useradd,passwd
stdin:0, stout:1, stderr:2
Error message: command 2>
/dev/null
arp -a : ARP table
Uname -a : OS version
netstat -a : network conn
Mount : filesystems
ps -e : running processes
!! : to run last command nd
pipe
read str , echo ${str}
No of users: who | wc -l
Groups: getent group | cut -d: -
f3 | wc -l
ls -l /home | grep '^d' | awk
'{print $3}' | wc -l OR getent
passwd | grep '^.*:/home' | wc -
l
Read choice “$choice” -eq 1<
[abc] Match only the character
a or b or c
[1-5] Match on digits in the
range 1 to 5
[a-zA-Z] Match any lowercase
or uppercase a to z
(Get-CimInstance -ClassName Win32_LogicalDisk).FreeSpace
[Math]::Round((Get-CimInstance -ClassName Win32_LogicalDisk).FreeSpace[0] / 1GB),1)
(Get-CimInstance -ClassName Win32_PhysicalMemory | Measure-Object -Property
Capacity -Sum).Sum / 1GbB
(Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter “IPEnabled =
‘True’”).IPAddress[0]
(Get-CimInstance -ClassName Win32_OperatingSystem) | Select-Object -Property *user*
join -1 3 -2 1 -t, accesstime.txt usernames.txt
awk '$2 == "Jones" {print $0}' awkusers.txt
sed 's/10\.0\.4\.35/10.0.4.27/g' ips.txt s/<regular expression>/<replace with>/<flags>
tail -n 1 somefile.txt
tr '\\:' '/|' < infile.txt > outfile.txt
\n: newline , \r: return, \t: tab
cut -d',' -f1 csvex.txt "Jane Smith"
$ cut -d',' -f1 csvex.txt | tr -d '"' Jane Smith
cut -d',' -f1 csvex.txt | tr -d '"' | tail -n +2
sort -t ';' -k 2 tasks.txt > tasks_sorted.txt 2nd field -1 2 2nd field of first file
join -t ';' -1 2 -2 2 procowner_sorted.txt tasks_sorted.txt
Jq -r ‘.authors[] | “\(.first_name) \ (.last_name)” ‘ book.json
find /home -name ‘*hello’ 2>/dev/null
find /home -name ‘,*’ : hidden files
find /home -size +5G
find /home -mtime -1 : modified files <24 hrs
find /home -mtime +2 : modified files >2 days
find /path -type f -name ‘dog.png’
grep -R -I ‘password’ /home
Grep -i -r /home -e ‘password’
egrep
grep ‘T.o’ a.txt : 1 char
egrep ‘T.?o’ a.txt : 0/1 char
egrep ‘T.*o’ a.txt : 0/ more char
egrep ‘T.+o’ a.txt : atleast 1 char
grep -c "pattern" filename (count)
egrep "^pattern" filename : lines that start with pattern
egrep "pattern$" filename
[0-9 +-*/] Match on numbers grep -v "success" results.txt | wc -l : don’t contain
or these four mathematical
symbols
[0-9a-fA-F] Match a egrep "error|warning" config.cfg either error/ warning
hexadecimal digit
\s Whitespace egrep "[0-9]" notes.txt
\S Not whitespace netstat -an | grep "ESTABLISHED" : active netwrk conn
\d Digit grep "sshd" /var/log/auth.log : SSH login attempts
\D Not digit grep "session opened for user" /var/log/auth.log : loggeg in users
egrep '<([A-Za-z]*)>.*</\1>' grep "Failed password" /var/log/auth.log - failed login attempts
tags.txt
^[1-5] means that a matching egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" /var/log/auth.log : lines with IP
string must start with one of
the
digits 1 through 5,
[1-5]$ means that a string grep "session opened for user john" /var/log/auth.log : login attempts
must
end with one of the digits 1
through 5.
handywork < data.in > getent group sudo | awk -F: '{print $4}' | tr ',' '\n' : users belong to sudo group
results.out
ls / | more egrep -o "([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}" /var/log/syslog : MAC add
grep "sshd" /var/log/auth.log | grep "port 22" | awk '{print $(NF-3)}' | sort | uniq : tried to
connect to port 22