khanfarris

  • linux commands
    • cat
      cat - Concatenate and display files
      Usage: Display file contents, combine files
      Common flags: -n (line numbers), -A (show all)
      Security: Read-only, safe to use
      Watch for: Sensitive data exposure when displaying files
    • chmod
      chmod - Change file permissions
      Usage: Modify file access permissions
      Common flags: -R (recursive), +x (add execute)
      Security: Critical for security, affects file access
      Watch for: 777 permissions, SUID/SGID misuse, world-writable files
    • chown
      chown - Change file ownership
      Usage: Change file/directory owner and group
      Common flags: -R (recursive)
      Security: Requires root/sudo, affects access control
      Watch for: Privilege escalation, unauthorized ownership changes
    • curl
      curl - Transfer data from/to server
      Usage: HTTP requests, API testing, file downloads
      Common flags: -X (method), -H (header), -d (data), -o (output)
      Security: Test APIs, download payloads, exfiltrate data
      Watch for: Data exfiltration, malware downloads, C2 communication
    • find
      find - Search for files and directories
      Usage: Locate files by name, type, permissions
      Common flags: -name, -type, -perm, -exec
      Security: Useful for hunting SUID files, misconfigurations
      Watch for: SUID binaries, world-writable files, sensitive data
    • gcc
      gcc - GNU C Compiler
      Usage: Compile C/C++ programs
      Common flags: -o (output), -Wall (warnings), -g (debug)
      Security: Compile exploits, build binaries for privilege escalation
      Watch for: Suspicious compilations, exploit development, backdoor creation
    • grep
      grep - Search text patterns
      Usage: Search files for patterns, filter output
      Common flags: -i (case insensitive), -r (recursive), -v (invert)
      Security: Hunt for credentials, API keys, sensitive data
      Watch for: Passwords in config files, hardcoded secrets
    • ls
      ls - List directory contents
      Usage: View files and directories
      Common flags: -la (all files, long format), -lh (human readable)
      Security: Enumerate system, check permissions
      Watch for: Hidden files (.bashrc, .ssh), unusual permissions
    • netcat
      netcat (nc) - Network Swiss Army knife
      Usage: Port scanning, file transfer, reverse shells
      Common flags: -l (listen), -v (verbose), -p (port), -e (execute)
      Security: Create reverse shells, port scanning, data transfer
      Watch for: Reverse shells, backdoors, unauthorized connections, data exfiltration
    • netstat
      netstat - Network statistics
      Usage: Display network connections, routing tables, ports
      Common flags: -tulpn (TCP/UDP, listening, programs)
      Security: Identify open ports, active connections
      Watch for: Backdoors, unauthorized listeners, suspicious connections
    • ps
      ps - Process status
      Usage: Display running processes
      Common flags: aux (all users, detailed), -ef (full format)
      Security: Identify malicious processes, privilege escalation
      Watch for: Suspicious processes, root processes, hidden services
    • ssh
      ssh - Secure Shell
      Usage: Remote login, secure file transfer
      Common flags: -i (identity file), -p (port), -L (local forward)
      Security: Encrypted remote access, key-based auth
      Watch for: Weak keys, authorized_keys tampering, tunneling abuse
    • sudo
      sudo - Execute command as superuser
      Usage: Run commands with elevated privileges
      Common flags: -u (user), -l (list allowed commands)
      Security: Critical for privilege management
      Watch for: NOPASSWD entries, wildcards in sudoers, privilege escalation
    • tail
      tail - Display end of file
      Usage: View last lines of files, monitor logs
      Common flags: -f (follow), -n (number of lines)
      Security: Monitor log files in real-time
      Watch for: Authentication failures, error patterns, intrusion attempts
    • tcpdump
      tcpdump - Network packet analyzer
      Usage: Capture and analyze network traffic
      Common flags: -i (interface), -w (write to file), -n (no DNS)
      Security: Network forensics, packet capture
      Watch for: Unencrypted credentials, malicious traffic, C2 beacons
    • top
      top - Display system tasks
      Usage: Real-time process monitoring, resource usage
      Common flags: -u (user), -p (PID)
      Security: Identify resource-heavy processes, cryptominers
      Watch for: High CPU/memory usage, suspicious processes
    • uname
      uname - System information
      Usage: Display system/kernel information
      Common flags: -a (all info), -r (kernel release)
      Security: Identify kernel version for exploit research
      Watch for: Outdated kernels, known vulnerable versions
    • wget
      wget - Download files from web
      Usage: Download files via HTTP/HTTPS/FTP
      Common flags: -O (output file), -r (recursive)
      Security: Download tools, exfiltrate data
      Watch for: Malware downloads, data exfiltration, unauthorized transfers
    • which
      which - Locate command executable
      Usage: Show full path of commands
      Common flags: -a (all occurrences)
      Security: Verify command locations, detect PATH hijacking
      Watch for: Modified PATH, malicious binaries in unexpected locations
    • whoami
      whoami - Display current user
      Usage: Show effective username
      Common flags: None
      Security: Verify privilege level after escalation
      Watch for: Unexpected user context, privilege changes
© khanfarris
Notes
Enter Password to Save Notes
Incorrect password. Please try again.