Skip to content

Kali Linux – Penetration Testing Cheat Sheet


Linux Penetration Testing Commands

Breaking Out of Limited Shells

Credit to G0tmi1k for these (or wherever he stole them from!).

The Python trick:

python -c 'import pty;pty.spawn("/bin/bash")'
echo os.system('/bin/bash')
/bin/sh -i

System Information Commands

Useful for local enumeration.

whoami Shows currently logged in user on Linux.
id Shows currently logged in user and groups for the user.
last Shows last logged in users.
mount Show mounted drives.
df -h Shows disk usage in human readable output.
echo "user:passwd" | chpasswd Reset password in one line.
getent passwd List users on Linux.
strings /usr/local/bin/blah Shows contents of none text files, e.g. whats in a binary.
uname -ar Shows running kernel version.
PATH=$PATH:/my/new-path Add a new PATH, handy for local FS manipulation.
history Show bash history, commands the user has entered previously.

Linux Network Commands

netstat -tulpn Show Linux network ports with process ID’s (PIDs)
watch ss -stplu Watch TCP, UDP open ports in real time with socket summary.
lsof -i Show established connections.
macchanger -m MACADDR INTR Change MAC address on KALI Linux.
ifconfig eth0 Set IP address in Linux.
ifconfig eth0:1 Add IP address to existing network interface in Linux.
ifconfig eth0 hw ether MACADDR Change MAC address in Linux using ifconfig.
ifconfig eth0 mtu 1500 Change MTU size Linux using ifconfig, change 1500 to your desired MTU.
dig -x Dig reverse lookup on an IP address.
host Reverse lookup on an IP address, in case dig is not installed.
dig @ -t AXFR Perform a DNS zone transfer using dig.
host -l nameserver Perform a DNS zone transfer using host.
nbtstat -A x.x.x.x Get hostname for IP address.
ip addr add dev eth0 Adds a hidden IP address to Linux, does not show up when performing an ifconfig.
tcpkill -9 host Blocks access to from the host machine.
echo "1" > /proc/sys/net/ipv4/ip_forward Enables IP forwarding, turns Linux box into a router – handy for routing traffic through a box.
echo "" > /etc/resolv.conf Use Google DNS.

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: