3.9 KiB
A bunch of how to do things in linux
Show explicitly installed packages on arch based distributions
$ pacman -Qqe
Grow your tmp
directory.
$ mount -o remount,size=2G /tmp/
Curl common usage
Simplest way to GET data
$ curl example.com
Show response header
$ curl -i https://example.com/
GET json and show it nicely
$ curl https://example.com/json | jq
HEAD only shows the response headers
$ curl -I https://example.com/
Please follow redirects
$ curl -I -L https://example.com/redirected
URL Globbing
$ curl https://example.com/[1-9].html
$ curl https://example.com/[01-99].html
$ curl https://example.com/[a-z].html
Provide a step when globbing
$ curl https://example.com/[1-9:2].html
$ curl https://example.com/[a-z:3].html
Save the matching files to output with #1
-> [1-9] parameter
$ curl https://example.com/[1-9].html -o save_#1.html
Comma separated strings
$ curl https://example.com/{ham,cheese,pineapple}.jpg -o hawaii_#1.jpg
Combine everything in one line
$ curl https://example.com/issue[1996-1999]/vol[1-4]/part{a,b,c}.html
Verbose shows more from under the hood
$ curl -v https://example.com/ -o /dev/null
Pass in custom headers
$ curl https://example.com/ -H "User-Agent: Some Silly Agent"
$ curl https://example.com/ -H "Magic: disc0"
$ curl https://example.com/ -H "User-Agent:"
$ curl https://example.com/ -H "User-Agent;"
POST some basic data to the remote
$ curl -d name=Daniel -i https://example.com/receiver
POST a file
$ curl -d @file https://example.com/receiver -o saved
# Post a standard input
$ ls -l | curl -d @- https://example.com/receiver -o saved
# Post as binaries
$ ls -l | curl --data-binary @- https://example.com/receiver
# Post json as binary
$ curl --data-binary @file.json -H "Content-Type: application/json" https://example.com
PUT a file
$ curl -T localfile -i https://example.com/remote_name
Change the method string
# Use -X if you want a different menthod than curl would use
curl -T localfile -X SWOOSH https://example.com/remote_name -o save
Save cookies from site
$ curl -c cookiejar.txt https://example.com/
Send cookies to the server
$ curl -b cookiejar.txt https://example.com/
Cookies in a login
$ curl -b cookiejar.txt -c cookiejar.txt https://example.com/login -d user=daniel -d password=1234
# Request data as a logged in user
$ curl -b cookiejar.txt -c cookiejar.txt https://example.com/profile
DNS Enumeration and zone transfer
Check if tools are available
$ whatis host
host (1) - DNS lookup utility
$ whatis dig
dig (1) - DNS lookup utility
Simple DNS Lookup
$ host example.com
Query name services
$ host -t ns example.com
A records
$ host -t a example.com
MX records
$ host -t mx example.com
General information gathering using DIG
$ dig example.com
Specify type
$ dig -t ns example.com
Perform zone transfer query
$ dig axfr example.com @dns.server.server
General information, zone transfer and bruteforce
$ dnsenum example.com
$ fierce -dns example.com
Effective bruteforcing with SecLists, nmap, fierce and dnsmap
$ git clone https://github.com/danielmiessler/SecLists.git
$ nmap -p 53 --script dns-brute --script-args=[script-options] example.com
$ fierce -dns example.com -wordlist wordlist.txt
$ dnsmap example.com -w wordlist.txt
Check if a firewall is active with an ACK probe. If unfiltered, there is no firewall
$ nmap -sA 192.168.1.38 --reason
Specify port
$ nmap -sA 192.168.1.38 -p 22 --reason