-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathhtb
185 lines (157 loc) · 8.94 KB
/
htb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
File System Hierarchy
(NOTES)
/ The top-level directory is the root filesystem and contains all of the files required to boot the operating system before other filesystems are mounted as well as the files required to boot the other filesystems. After boot, all of the other filesystems are mounted at standard mount points as subdirectories of the root.
/bin Contains essential command binaries.
/boot Consists of the static bootloader, kernel executable, and files required to boot the Linux OS.
/dev Contains device files to facilitate access to every hardware device attached to the system.
/etc Local system configuration files. Configuration files for installed applications may be saved here as well.
/home Each user on the system has a subdirectory here for storage.
/lib Shared library files that are required for system boot.
/media External removable media devices such as USB drives are mounted here.
/mnt Temporary mount point for regular filesystems.
/opt Optional files such as third-party tools can be saved here.
/root The home directory for the root user.
/sbin This directory contains executables used for system administration (binary system files).
/tmp The operating system and many programs use this directory to store temporary files. This directory is generally cleared upon system boot and may be deleted at other times without any warning.
/usr Contains executables, libraries, man files, etc.
/var This directory contains variable data files such as log files, email in-boxes, web application related files, cron files, and more.
--------------------------------------------------------------------------------------------------------------------------------------------
Advanced Package Tool (apt)
graphical user interface (GUI)
command-line interfaces (CLI)
-------------------------------------------------------------------------------------------------------------------------------------------
SHELL types below
Bourne-Again Shell (BASH)
TENEX C Shell (Tcsh/csh)
KornShell (Ksh)
Z shell (Zsh)
Fish
----------------------------------------------------------------------------------------------------------------------------------------
Prompt Description below
<username>@<hostname><current working directory>$
The home directory for a user is marked with a tilde <~> and is the default folder when we log in.
<username>@<hostname>[~]$
The dollar sign, in this case, stands for a user. As soon as we log in as root, the character changes to a hash <#> and looks like this:
root@htb[/htb]#
Unprivileged - User Shell Prompt = $
Privileged - Root Shell Prompt = #
------------------------------------------------------------------------------------------------------------------------------------------
Special Character Description
\d Date (Mon Feb 6)
\D{%Y-%m-%d} Date (YYYY-MM-DD)
\H Full hostname
\j Number of jobs managed by the shell
\n Newline
\r Carriage return
\s Name of the shell
\t Current time 24-hour (HH:MM:SS)
\T Current time 12-hour (HH:MM:SS)
\@ Current time
\u Current username
\w Full path of the current working directory
------------------------------------------------------------------------------------------------------------------------------------------------------
Syntax: OtterlyInTents@htb[/htb]$ man <tool>
Example: OtterlyInTents@htb[/htb]$ man curl
Example: curl(1) Curl Manual curl(1)
NAME
curl - transfer a URL
SYNOPSIS
curl [options] [URL...]
DESCRIPTION
curl is a tool to transfer data from or to a server, using one of the supported protocols (DICT, FILE, FTP, FTPS, GOPHER, HTTP, HTTPS,
IMAP, IMAPS, LDAP, LDAPS, POP3, POP3S, RTMP, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET, and TFTP). The command is designed to work without user interaction.
curl offers a busload of useful tricks like proxy support, user authentication, FTP upload, HTTP post, SSL connections, cookies, file transfer resume, Metalink, and more. As we will see below, the number of features will make our head spin!
curl is powered by libcurl for all transfer-related features. See libcurl(3) for details.
Manual page curl(1) line 1 (press h for help or q to quit)
Syntax: OtterlyInTents@htb[/htb]$ <tool> --help
Example: OtterlyInTents@htb[/htb]$ curl --help
Usage: curl [options...] <url>
--abstract-unix-socket <path> Connect via abstract Unix domain socket
--anyauth Pick any authentication method
-a, --append Append to target file when uploading
--basic Use HTTP Basic Authentication
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
-E, --cert <certificate[:password]> Client certificate file and password
<SNIP>
Short version: Syntax: OtterlyInTents@htb[/htb]$ <tool> -h
Example: OtterlyInTents@htb[/htb]$ curl -h
Usage: curl [options...] <url>
--abstract-unix-socket <path> Connect via abstract Unix domain socket
--anyauth Pick any authentication method
-a, --append Append to target file when uploading
--basic Use HTTP Basic Authentication
--cacert <file> CA certificate to verify peer against
--capath <dir> CA directory to verify peer against
-E, --cert <certificate[:password]> Client certificate file and password
<SNIP>
apropos: Syntax: OtterlyInTents@htb[/htb]$ apropos <keyword>
Example: OtterlyInTents@htb[/htb]$ apropos sudo
sudo (8) - execute a command as another user
sudo.conf (5) - configuration for sudo front end
sudo_plugin (8) - Sudo Plugin API
sudo_root (8) - How to run administrative commands
sudoedit (8) - execute a command as another user
sudoers (5) - default sudo security policy plugin
sudoreplay (8) - replay sudo session logs
visudo (8) - edit the sudoers file
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
System Information
Command: Description:
whoami Displays current username.
id Returns users identity
hostname Sets or prints the name of current host system.
uname Prints basic information about the operating system name and system hardware.
pwd Returns working directory name.
ifconfig The ifconfig utility is used to assign or to view an address to a network interface and/or configure network interface parameters.
ip Ip is a utility to show or manipulate routing, network devices, interfaces and tunnels.
netstat Shows network status.
ss Another utility to investigate sockets.
ps Shows process status.
who Displays who is logged in.
env Prints environment or sets and executes command.
lsblk Lists block devices.
lsusb Lists USB devices
lsof Lists opened files.
lspci Lists PCI devices.
-----------------------------------------------------------------------------------------------
hostname:Example
OtterlyInTents@htb[/htb]$ hostname
nixfund
-----------------------------------------------------------------------------------------------
Whoami:Example
cry0l1t3@htb[/htb]$ whoami
cry0l1t3
-----------------------------------------------------------------------------------------------
id:Example
cry0l1t3@htb[/htb]$ id
uid=1000(cry0l1t3) gid=1000(cry0l1t3) groups=1000(cry0l1t3),1337(hackthebox),4(adm),24(cdrom),27(sudo),30(dip),46(plugdev),116(lpadmin),126(sambashare)
--------------------------------------------------------------------------------------------------------
Uname:Example (man uname) in terminal
UNAME(1) User Commands UNAME(1)
NAME
uname - print system information
SYNOPSIS
uname [OPTION]...
DESCRIPTION
Print certain system information. With no OPTION, same as -s.
-a, --all
print all information, in the following order, except omit -p and -i if unknown:
-s, --kernel-name
print the kernel name
-n, --nodename
print the network node hostname
-r, --kernel-release
print the kernel release
-v, --kernel-version
print the kernel version
-m, --machine
print the machine hardware name
-p, --processor
print the processor type (non-portable)
-i, --hardware-platform
print the hardware platform (non-portable)
-o, --operating-system
---------------------------------------------------------------------------------------------------------------
Secure Shell (SSH)
command ls -la to list all files of a directory: