🔮
P4n1cBook
  • 🏴‍☠️Welcome!
    • 🔮P4n1cBook
    • 📚Bookmarks
    • 🚨Licence and Disclaimer
  • Fundamentals
    • Starter Kit
      • Linux
      • PowerShell
      • Git
      • 💾Regex
      • Network Analysis
        • curl
        • tcpdump
        • Nmap
        • 🦈Wireshark
      • Metasploit
    • 🌐Network Protocols
      • ICMP
      • SSH
      • Telnet
      • DNS
      • FTP
      • HTTP/HTTPS
      • SMB
      • SNMP
      • SMTP
      • NFS
      • IPP
      • WinRM
      • LLMNR
      • JDWP
    • Code
      • Python Essentials
      • C & C++
    • Web APIs
      • GraphQL
    • Shells/TTYs
    • Dorks
    • Cryptography
    • Reverse Engineering
      • GDB
      • Binaries
  • Web Exploitation
    • Web Enumeration
      • User Endpoints
      • Web Fuzzing
        • ffuf
        • feroxbuster
        • Gobuster
        • GoWitness
      • Web Servers
        • Apache
        • Nginx
        • Werkzeug
      • Databases
        • MySQL
        • NoSQL
          • MongoDB
          • Redis
      • Web Services/Frameworks
        • Wordpress
        • Laravel
        • Express
        • Magento
        • AIOHTTP
        • HashiCorp Vault
        • Tiny File Manager
        • Joomla
        • CMS Made Simple
        • 🌵Cacti
        • Tomcat
        • Zabbix
        • OpenNetAdmin
        • ImageMagick
    • Vulnerabilities
      • Arbitrary File Read
      • Session Hijacking
      • SSRF
      • Eval Injection
      • Template Manipulation
      • Path Traversal
      • Prototype Pollution
      • XXE
      • Deserialization
      • Log Poisoning
      • Arbitrary Command Execution
      • SQLi
        • SQLmap
      • SSI
      • SSTI
      • LFI
      • XSS
    • Java-based web application
      • Struts
      • .WAR
      • pd4ml.jar
  • Cloud Exploitation
    • Kubernetes
    • AWS
  • Post Exploitation
    • File Transfer
      • Exfiltration
    • Credential Dumping
      • Thunderbird
    • Lateral Movement
    • Persistence
    • Linux Privilege Escalation
      • Static Binaries
      • Enumeration
      • Hijacks
      • Command Injection
      • Jailbreaks
      • Binary Exploitation - Linux
      • Kernel Exploits
      • Buffer Overflow - Linux
      • Docker
      • Abusing Wildcards
  • Wireless Exploitation
    • NFC
Powered by GitBook
On this page
Edit on GitHub
  1. Fundamentals
  2. Starter Kit

Linux

Basic commands

Specifications & Performance
uptime
Shows details about all block devices
lsblk -f
Display RAM info
free -h
Stats 5s for 10 itinerations
vmstat 5 10

Check RAM remaining to Memory Locking

Check
ulimit -l
Set a new limit
ulimit -l 10240
List USB
lsusb
List Peripherals
lspci
Store Management
List all files recursively
ls -lAR
Show Sizes Current Directory
du -sh *
Largest 10 directories
sudo du -hsx /* | sort -rh | head -n 10
File Enumeration
Print full path 
realpath file.txt
Count Lines
wc -l myfile.txt

locate

Look for a file
locate file.txt
Update the db
sudo updatedb

find

Find all .txt files
find /home/user -name "*.txt"
Find files larger than 10MB
find / -type f -size +10M
Search with regex
sudo find / -regex ".*alacritty.*" 2>/dev/null
Process Management
List process
ps -ef | grep process
Processes by Trees
ps -auxwf
User process tree + PID
pstree -p user
Current process ID
echo $$
Background process
bg
List background process
jobs
Foreground process
fg
Users/Groups
Edit sudoers file
sudo visudo

Users

Creates a new user
sudo useradd newuser
Creates a new user with home directory and bash shell 
sudo useradd -m -s /bin/bash newuser
Add user to the sudo group
sudo usermod -aG sudo newuser
Set or change password
sudo passwd newuser
Set zsh as default shell
sudo usermod --shell /usr/bin/zsh alice

Groups

Create group
sudo groupadd newgroup
Delete Group
sudo groupdel group
Add user to group
sudo gpasswd -a newuser newgroup
File Ownership
Set file permissions to rwxr-xr-x
sudo chmod 755 file.txt
Read permissions for all users
sudo chmod a+r shell.sh
Change file owner and group
sudo chown user:group file.txt
Add execution permission
sudo chmod +x script.sh
Change group ownership
sudo chgrp group file.txt
Logs
Current login user
w
Display login records
last
Display bad login attempts
lastb
Kernel and boot messages
dmesg

journalctl

Shows logs live
journalctl -f
Logs from the current boot
journalctl -b
Logs from the previous boot
journalctl -b -1
Logs from a specific service
journalctl -u <service>
Logs for a specific process
journalctl _PID=<pid>
Shows logs from the kernel
journalctl -k
Logs by time-frame
journalctl --since "2024-11-01" --until "2024-11-10"

Priority Levels

journalctl -p <level>

  • 0 --> emergency

  • 1 --> alert

  • 2 --> critical

  • 3 --> error

  • 4 --> warning

  • 5--> notice

  • 6 --> informational

  • 7 --> debug

Access Control Lists
Grant read/write permissions to 'user' on file.txt
setfacl -m u:user:rw file.txt
Show the ACL
getfacl file.txt

Prevent world-writable files

umask 022

Change a route's metric

sudo route change -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.1.254 metric 200
SELinux
Display mode
getenforce
Disable SELinux 
sudo setenforce 0
Chroot

Decrypt the system

Decrypt partition
sudo cryptsetup luksOpen /dev/sda3 cryptdisk
Mounts the decrypted device
sudo mount /dev/mapper/cryptdisk /mnt
Mounts the boot partion
sudo mount /dev/sda1 /mnt/boot
chroot into a mounted partition
sudo arch-chroot /mnt

Connect using WPA

Shows connection status
wpa_cli status
Creates the passphrase
sudo wpa_passphrase "MyWiFi" "mypassword123" | sudo tee /etc/wpa_supplicant/wpa_supplicant.conf
Connect using passphrase
sudo wpa_supplicant -B -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant.conf

Boot/UEFI Management

Displays the current boot entries in the UEFI firmware
efibootmgr
deletes the boot entry "0"
sudo efibootmgr --delete-bootnum --bootnum 0

base64
Generate MD5 hash
md5sum <file>
Generates a SHA256 hash
sha256sum file.txt

Encoding

Encode File + Redirect Output
base64 file.txt > hash.txt
Encode String + Redirect Output
echo "your_string_here" | base64 > encoded_file.txt

  • In Base64 encoding, by default, some implementations add line breaks every 76 characters (following the RFC 2045 standard).

Encode File Without line break
base64 -w 0 <file>
Encode String without line breaks
echo -n "your_string_here" | base64 -w 0
Safe URL encoding
base64 -w 0 <file> | tr '+/' '-_' > url_safe_encoded.txt

Decoding

Decode String + Output to a file
echo <string> | base64 -d > <file>
Decode File + Output to a file
base64 -d -i <file> > <decoded_file>
Decode File without line breaks
base64 -d -w 0 file.txt > decoded_output.bin
Qemu
Installation
sudo pacman -S qemu libvirt dnsmasq virt-manager bridge-utils ebtables
sudo systemctl enable --now libvirtd
Check/Backup the XML
sudo virsh net-dumpxml c2-lab

Manual XML Virtual Network Configuration

Locked-down Version
<network>
  <name>c2-lab</name>
  <bridge name="virbr2" stp="off" delay="0"/>  <!-- Disable STP (not needed) -->
  <forward mode="none"/>                       <!-- NO NAT, NO ROUTING -->
  <interface type="network">
  <mac address="52:54:00:XX:XX:XX"/>  <!-- Set a static MAC -->
  <source network="c2-lab"/>
  <model type="virtio"/>
</interface>
  <ip address="192.168.100.1" netmask="255.255.255.0">
  <ip family="ipv6" address="fe80::1" prefix="64"/>
    <!-- No DHCP (assign IPs manually) -->
  </ip>
</network>
Disable ICMP
sudo iptables -I FORWARD -i virbr2 -p icmp -j DROP

Start the Virtual-Network

sudo virsh net-define c2-lab.xml
sudo virsh net-start c2-lab
Start on boot
sudo virsh net-autostart c2-lab
Check Network Info
sudo virsh net-info c2-lab
Check for leaks
sudo iptables -L -v -n | grep virbr2
PreviousStarter KitNextPowerShell

Last updated 2 months ago