Unix

Cheat sheet for Unix.

See also Privilege Escalation on Unix and Unix Post-Exploitation.

Basic commands

OS version

grep VERSION /etc/os-release
cat /etc/redhat-release
cat /etc/oracle-release
lsb_release -a

Kali Linux “Windows 10 theme”

kali-undercover

Show current directory

pwd

List files from current directory, including hidden files

ls -la

Show host name

hostname

Find IP address of a server

host example.com
nslookup <hostname>
nslookup <hostname> 8.8.8.8 # using Google DNS server

Show network interfaces and IP address

ifconfig
ip a
ip addr
ip addr show tun0

List WiFi adapter against the wlan0 module

iwconfig

Clear the terminal screen

clear

Change password for current user

passwd

Count the number of times a word appears in a file

wc file_name

Count number of characters

wc -m file_name

Count number of lines

wc -l file_name

Display date with epoch time

Exemple: 2024-05-03 08:46:19 epoch: 1714740379

date +'%Y-%m-%d %H:%M:%S epoch: %s'

Info on graphic card and more

lspci

Remove file without prompt asking

rm -rf file_to_delete

Remove directory containing files

rm -r directory

Release IP, go in settings to re-enable eth0

dhclient -v -r eth0

List groups of the current user

id

Users currently logged in and what they are doing

w

Change file/directory owner/group

chown owner:group file
chown -R owner:group directory

Show file size (human readable)

du -h

File type

file (command) (Wikipedia)

file <filename>

Elevate privileges to root user

sudo su

Run commands as root

sudo <command>

Transfer files

See scp in File Transfer.

Website Whois Search

Registered information in public databases. Get DNS servers (Name Servers), email of the admin. Get names, physical addresses, phone numbers, email addresses, ip addresses, dns server names…

whois "domain.com"

Create a directory

mkdir <directory name>
# Creates the whole directory structure including parent directories
mkdir -p parentdir/{dir1,dir2,dir3,...}

Create a user

# -m: will create home directory /home/<username>
sudo useradd -s /bin/bash -c "User to ..." -m <username>
sudo passwd <username>

Remove a user

sudo userdel <username>
# Also remove home directory and mail spool for the user
sudo userdel -r <username>

Redirection

Data streams: STDIN (0), STDOUT (1), STDERR (2)

echo "something" > file  # Create file or overwrite
echo "something" >> file # Append
sort < file              # Send file to sort's STDIN

Redirect errors to nothing (discard) or to a log file

find /etc -name something 2>/dev/null
find /etc -name something 2>error.log

Piping first output to next program

cat /etc/passwd | sort

Display file contents

Display whole file

cat filename.txt

Display last lines of a file (default 10 lines)

tail <file name>

Display last n lines of a file

tail -n 3 <file name>

Display last lines of a file (live feed)

tail -f <file name>

Display first lines of a file

head <file name>

Display first n lines of a file

head -n 3 <file name>

Environment variables

Show a specific variable

echo $<variable name>
echo $PATH
echo "$$" # PID of current shell

Show all variables

env
export

Set variable value

export VAR=value

Alias

Replace a command name by an alias… joke 😉

alias whoami='echo "root"'
unalias whoami

Help / Documentation

Manual pages (man)

man <program>
man crontab

Perform keyword search within man pages

man -k <keyword or regex>
man -k crontab
man -k '^crontab$'

Access a specific man page section


man <page> <program>

man 5 crontab

Search the list of man page descriptions (find a command based on its description). Similar to man -k.

apropos <keyword>
apropos schedule

Checksum

# Calculate the checksum of a file with MD5 hash
md5sum file_name

# Calculate the checksum of a file with SHA hash
sha1sum file_name

Cleanup

du -h /var/cache/apt/archives

apt autoremove
apt autoclean

du -h /var/cache/apt/archives

# Find big files
find / -name '*' -size +1G
find / -name '*' -size +500M
du -a / | sort -n -r | head -n 20

Password policy

DEB-based systems (Debian, Kali)

# Minimum password length
# password [success=2 default=ignore] pam_unix.so obscure sha512 minlen=8
sudo cat /etc/pam.d/common-password | grep -v -E "^#"

RPM-based systems (RHEL, CentOS 7.x)

# Minimum password length
sudo grep "^minlen" /etc/security/pwquality.conf

In RHEL, CentOS 6.x systems, edit /etc/pam.d/system-auth

# Minimum password length
# password requisite pam_cracklib.so try_first_pass retry=3 type= minlen=8 
sudo cat /etc/pam.d/system-auth | grep -v -E "^#"

Screenshot & Videos

Printscreen: capture whole screen
Shift + PrintScreen: select part of the screen to capture
Alt + PrintScreen: captures the current window

Screenshots goes into /root/Pictures

PrtSc – Save a screenshot of the entire screen to the “Pictures” directory.
Shift + PrtSc – Save a screenshot of a specific region to Pictures.
Alt + PrtSc  – Save a screenshot of the current window to Pictures.
Ctrl + PrtSc – Copy the screenshot of the entire screen to the clipboard.
Shift + Ctrl + PrtSc – Copy the screenshot of a specific region to the clipboard.
Ctrl + Alt + PrtSc – Copy the screenshot of the current window to the clipboard.

EasyScreenCast

Available in Kali Linux. Click on the camera icon in the upper bar.

Links

# A Unix file is "stored" in two different parts of the disk - the data blocks and the inodes.
# The data blocks contain the "contents" of the file.
# Information about the file is stored in the inode (file structure, DB of all file info except contents and file name).

# Symbolic link (Symlinks/Soft links) are links between files. Shortcut of a file.
# You can delete the soft links without affecting the actual file or directory it is pointing to.
# The inode of the linked file is different from that of the inode of the symbolic link.
# If you delete the source file of the symlink, symlink of that file no longer works.
# Shows the character l (file type corresponding to symbolic link) before the permissions for user, group and other users
# and displays an arrow followed by another file name, meaning it’s a link to another file 
ln -s source linkname

# Hard link is the exact replica of the actual file it is pointing to.
# Both the hard link and the linked file shares the same inode.
# If the source file is deleted ,the hard link still works and you will be able to 
# access the file until the number of hard links to file isn't zero.
# Hard links can link only files,not directories.
# If the source file of hardline is removed, the link still works.
# With hard links, there is no concept of original file and links , both files are equal.
ln source linkname

Host file

This file is used to resolve hosts names before DNS.

/etc/hosts