Uploaded by CusCuz Gaming

Commands Sheet Sec+

advertisement
Security+ Commands and Tools for Linux/Windows
I.
Networking
Windows
Linux
tracert
traceroute
nslookup
nslookup/dig
ipconfig
ifconfig
ipconfig /all
ifconfig -a
Displays possible routes and measuring transit
delays of packets.
Determines the IP address associated with a
domain name, obtain the mail server settings for a
domain
Displays all the network configurations of the
currently connected network devices and cna
modify the DHCP and DNS settings
Shows comprehensive listing of TCP/IP
configuration information for each NIC
ipconfig
/displaydns
Each time a system queries DNS to resolve a
hostname to an IP address, it stores the result in
the DNS cache, and this command shows the
contents of the DNS cache. Also shows any
hostname to IP address mappings included in the
hosts file
ipconfig
/flushdns
You can erase the contents of the DNS cache with
this command, use when the cache has incorrect
information and want to ensure that the system
queries DNS for up-to-date information
ifconfig eth0
Shows the configuration of the first Ethernet
interface (NIC) on a Linux system, if system has
multiple NICS you can use eth1, eth2, etc.
ifconfig eth0
promisc
Enables promiscuous mode on the first Ethernet
interface. Promiscuous mode allows a NIC to
process all traffic it receives. Normally a NIC is in
non-promiscuous mode and ignores all packets not
addressed to it. Disable with ifconfig eth0 -promisc
ifconfig eth0
allmulti
Enables multicast mode on the NIC, allows the NIC
to process all multicast traffic received by the NIC.
Normally a NIC only processes multicast traffic for
multicast groups that it has joined. Disable with
ifconfig eth0 -allmulti
nmap
nmap
Open-source network scanner that is used to
discover hosts and services on a computer network
by sending packets and analyzing their responses
ping
ping
pathping
Tests connectivity for remote systems
Used to determine if a host is reachable, combines
functions of ping and tracert
hping
hping
Open-source packet generator and analyzer for the
TCP/IP protocol that is used for security auditing
and testing of firewalls and networks
netstat
netstat
Displays network connections for TCP, routing
tables, and a number of network interface and
network protocol stats
netstat -a
netstat -r
Displays a listing of all TCP and UDP ports a
system is listening on along with all open
connections
netstat -r
Displays the routing table
netstat -e
Displays details on network statistics (like how
many bytes the system has sent and received)
netstat -s
Displays statistics of packets sent or received for
specific protocols such as IP, ICMP, TCP, and UDP
netstat -n
Displays addresses and port numbers in numerical
order, useful if looking for information related to a
specific IP address
netstat -p
protocol
Shows statistics on a specific protocol, such as
TCP or UDP. For example, use netstat -p tcp to
show only TCP statistics
netstat -anp tcp
Combine the netstat switches to show different
types of information
This command shows a listing of the ports the
system is listening on (-a), in numerical order (-n),
for only the TCP protocol (-p tcp)
netcat
For reading from and writing to network
connections using TCP or UDP which is
dependable back-end that can be used directly or
easily driven by other programs and scripts
arp
arp
Utility for viewing and modifying the local Address
Resolution Protocol (ARP) cache on a given host
or server
arp -a
arp
Shows the ARP cache
route
route
Used to view and manipulate the IP routing tables
on a host or server
curl
curl
Tool to transfer data to or from a server, using any
of the supported protocol (HTTP, FTP. IMAP,
POP3, SCP, SFTP, SMTP, TFTP, TELNET, LDAP,
or FILE)
the harvester
the harvester
Python script that is used to gather emails,
subdomains, hosts, employee, names, open ports
and banners from different public sources like
search engines, PGP key servers and SHODAN
database
sn1per
sn1per
an automated scanner that can be used during a
penetration test to enumerate and scan for
vulnerabi‐ lities across a network
scanless
scanless
used to create an exploitation website that can
perform open port scans in a more stealth-like
manner
dnsenum
dnsenum
used for DNS enumeration to locate all DNS
servers and DNS entries for a given organization
II.
Nessus
Nessus
proprietary vulnerability scanner that can remotely
scan a computer or network for vulnerabilities
Cuckoo
Cuckoo
open source software for automating analysis of
suspicious files
File Manipulation
Linux
head
command-line utility for outputting the first ten lines of a file provided
tail
command-line utility for outputting the last ten lines of a file provided
to it
cat
command-line utility for outputting the content of a file to the screen
grep
command-line utility for searching plain-text data sets for lines that
match a regular expression or pattern
chmod
command-line utility used tochange the access permissions of file
system objects
journalctl
logger
III.
IV.
queries the Linux system logging utility and displays log entries from
seversal sources, command by itself will display all journal entries
utility that provides an easy way to add messages to the
/var/log/syslog files from the command line or from other files
Packet Capture
Windows
Linux
windump
tcpdump
Wireshark
Wireshark
Exploitaiton
A suite of free open source utilities for editing and
replaying previously captured network traffic
Network analysis tool to capture network packets
and display them at a granular level for real-time or
offline analysis
Windows
Linux
Metasploit
(msfco­nsole)
Metasploit
(msfco­nsole)
A computer security tool that offers inform­ation
about software vulner­abi­lities, IDS signature
develo­pment, and improves penetr­ation test
Browser
Exploi­tation
Framework
(BeEF)
Browser
Exploi­tation
Framework
(BeEF)
A tool that can hook one or more browsers and can
use them as a beachhead of launching various
direct commands and further attack against the
system from within the browser
Cain and Abel
(cain)
Cain and Abel A password recovery tool that can be used through
(cain)
sniffing the network, cracking encrypted passwords
using dictio­nary, brute-­force and crypta­nalysis
attack, recording VoIP conver­sat­ions, decoding
scrambled passwords, revealing password boxes,
and analyzing routing protocols
John the
Ripper (john)
John the
Ripper (john)
V.
An open source password security auditing and
password recovery tool available for many
operating systems
Shells and Scripts
Windows
Linux
SSH
SSH
Powershell
utility that supports encrypted data transfer
between two computers for secure logins, file
transfers, or general purpose connectons
a task automation and config­uration management
framework from Microsoft, consisting of a
comman­d-line shell and the associated scripting
language
Python
Python
OpenSSL
OpenSSL
An interp­reted, high-level and genera­l-p­urpose
progra­mming language
a software library for applic­ation that secure
commun­ica­tions over computer networks against
eavesd­ropping or need to identify the party at the
other end
VI.
Forensics
Windows
FTK Imager
VII.
Linux
dd
a command line utility to copy disk images using a
bit by bit copying process
FTK Imager
a data preview and imaging tool that lets you
quickly assess electronic evidence to determine if
further analysis with a forensic tool is needed
memdump
a command line utility to dump system memory to
the standard output stream by skipping over holes
in memory maps
WinHex
WinHex
a commercial disk editor and universal hexade­cimal
editor used for recovery and digital forensics
Autopsy
Autopsy
a digital forensics platform and graphical interface
to The Sleuth Kit and other digital forensics
Notes
A. Netstat displays the state of connection, such as ESTABLISHED to indicate an
active connection, some common states are:
○ ESTABLISHED
■ normal state for the data transfer phase of a connection, indicates
an active and open connection
○ LISTEN
■ indicates the system is waiting for a connection request, the
well-known port a system is listening on indicates the protocol
○ CLOSE_WAIT
■ indicates the system is waiting for a connection termination request
○ TIME_WAIT
■ indicates the system is waiting for enough time to pass to be suere
the remote system received a TCP-based acknowledgement of the
connection
○ SYN_SENT
■ indicates the system sent a TCP SYN packet as the first part of the
SYN (synchronize), SYN-ACK (synchronize-acknowledge), ACK
(acknowledge) handshake process and is waiting for the SYN-ACK
response
○ SYN_RECEIVED
■ indicates the system sent a TCP SYN-ACK packet after receiving a
SYN packet as the first part of the SYN, SYN-ACK, ACK
handshake process. It is waiting for the ACK response to establish
the connection. An excessive number of SYN_RECEIVED states
indicate a SYN attack with the attacker flooding a system with SYN
packets buy never finalizes the connection with ACK packets
Download