Download Kali Linux Commands Cheat Sheet and more Cheat Sheet Linux skills in PDF only on Docsity! COMMAND DESCRIPTION nc –nv target –p port Connect to specific port of the target machine nc –nlvp port –e filename Listen in specific port and execute the program after connect ncat --exec cmd.exe --allow 10.0.0.4 -vnl 4444 --ssl Listen in port 4444, allow only 10.0.0.4 to connect, execute cmd.exe after connect, encrypt with SSL ncat -v 10.0.0.22 4444 --ssl Connect to target at port 4444, encrypt with SSL Kali Linux Cheat Sheet NMAP COMMAND DESCRIPTION nmap –v –sS –A –T4 target Nmap verbose scan, runs syn stealth, T4 timing (should be ok on LAN), OS and service version info, traceroute and scripts against services nmap -v -sS -p–A -T4 target As above but scans all TCP ports (takes a lot longer) nmap -v -sU -sS -p- -A -T4 target As above but scans all TCP ports and UDP scan (takes even longer) nmap -v -p 445 –script=smb-check-vulns –script-args=unsafe=1 192.168.1.X Nmap script to scan for vulnerable SMB servers – WARNING: unsafe=1 may cause knockover ls /usr/share/nmap/scripts/* | grep ftp Search nmap scripts for keywords SMB Enumeration COMMAND DESCRIPTION nbtscan 192.168.1.0/24 Discover Windows / Samba servers on subnet, finds Windows MAC addresses, netbios name and discover client workgroup / domain enum4linux -a target-ip Do Everything, runs all options (find windows client domain / workgroup) apart from dictionary based share name guessing Basic Command COMMAND DESCRIPTION grep “substring” target-file Extract the lines contains “substring” grep –o “regex” target-file Same as above with regular expression as input cut -d "/" -f 3 Split the string by “/” and output the third column sort –u Remove duplicate host “hostname” Return the IP address of the host name wc –l access.log Count the number of line in “access.log” uniq -c Add the number of occurrence in front cat access.log | cut -d " " -f 1 | sort | uniq -c | sort -urn count the number of occurrence and sort it reversely by A. Wong Netcat / ncat Mount File Shares COMMAND DESCRIPTION mount 192.168.1.1:/vol/share /mnt/nfs Mount NFS share to /mnt/nfs mount -t cifs -o username=user,password=pass ,domain=blah //192.168.1.X/share-name /mnt/cifs Mount Windows CIFS / SMB share on Linux at /mnt/cifs if you remove password it will prompt on the CLI (more secure as it wont end up in bash_history) net use Z: \\win-server\share password /user:domain\janedoe /savecred /p:no Mount a Windows share on Windows from the command line SNMP Enumeration COMMAND DESCRIPTION snmpcheck -t 192.168.1.X -c public SNMP enumeration snmpwalk -c public -v1 192.168.1.X 1| grep hrSWRunName|cut -d* * -f SNMP enumeration snmpenum -t 192.168.1.X SNMP enumeration onesixtyone -c names -i hosts SNMP enumeration DNS Enumeration & Transfer COMMAND DESCRIPTION dnsrecon -d megacorpone.com -t axfr Enum and attemp to transfer target domain dnsenum zonetransfer.me Enum and attemp to transfer target domain HTTP Enumeration COMMAND DESCRIPTION nikto -h 192.168.1.1 Perform a nikto scan against target dirbuster Configure via GUI, CLI input doesn’t work most of the time