During penetration testing, the Linux command line is like a Swiss Army knife: compact yet powerful. Today, we will discuss ten particularly useful Linux commands that can make a hacker’s work more efficient and open the eyes of network security enthusiasts.
Explore System Information: uname -a
Want to know about your target machine? uname -a is your best partner. This command can provide you with useful information such as the kernel version and hostname.
uname -a
The output will display information similar to the following:
Linux localhost 4.15.0-91-generic #92-Ubuntu SMP Fri Feb 28 11:09:48 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Tip: Don’t underestimate this command; it is a crucial step in obtaining system fingerprints.
Check Open Ports: netstat -tuln
Want to know which ports are open on the target machine? netstat -tuln can help. This command lists all TCP and UDP listening ports, which is essential for discovering service vulnerabilities.
netstat -tuln
Entries in the Listen state in the output are the open ports you are looking for.
File Transfer Tool: scp
File transfer is indispensable in penetration testing. The scp command allows you to securely copy files between two Linux hosts with ease.
scp user@source:/path/to/file user@destination:/path/to/destination
Tip: Remember to ensure that SSH access is configured on both ends.
Search Tool: grep
Text searching is one of the daily operations, and grep is the best choice. Whether you are looking for specific errors in logs or filtering information from large datasets, it can assist you greatly.
grep "ERROR" /var/log/syslog
Privilege Escalation Probe: sudo -l
When you have entered the system but lack sufficient permissions, sudo -l can show you which commands the current user can execute as a superuser, paving the way for privilege escalation.
sudo -l
Network Sniffer: tcpdump
The network analysis tool tcpdump can capture and analyze network traffic, which is very useful for understanding network structure and detecting abnormal behavior.
tcpdump -i eth0 tcp port 80
User Lookup: who
Want to quickly find out which users are logged into the system? The who command is simple and direct.
who
Process Detective: ps aux
Process information is crucial for penetration testing. ps aux lists all running processes, helping you identify potential attack points or sensitive services.
ps aux
Locate Files: find
When looking for specific files, find is a helpful assistant. It can search by name, type, or even modification time.
find / -name passwd
Tip: Be cautious when using it to avoid searching the entire root directory, which can lead to long wait times.
Basic Script Writing: bash
Finally, don’t forget about bash scripting. Writing simple shell scripts can automate many repetitive tasks, greatly improving efficiency.
#!/bin/bash
echo "Hello, World!"
By learning and practicing these commands, you will find that the command line world under Linux is both profound and fascinating. Mastering them can not only make you adept in penetration testing but also deepen your understanding of operating system principles. Remember, technology is just a tool; true experts know how to use it skillfully.