Exploit Notes

Linux Techniques

Last modified: 2023-01-01


Useful techniques in Linux.

System Control

# Check status the service (ex. ssh)
systemctl status ssh
# Start servide
systemctl start ssh
# Stop servide
systemctl stop ssh
# Start during system boot
systemctl enable ssh
# Not start during system boot
systemctl disable ssh

Download Files Recursively from Web

# -r: recursive
# -np: no parent
# Don't forget "/" after the directory name
wget -r -np http://example.com/somedir/

Text Format


Belows are basic examples to print contents of files.

# Print the full content of /etc/passwd
awk '//' /etc/passwd
awk '{print}' /etc/passwd

# Print the lines which match the given pattern
awk '/root/' /etc/passwd
awk '/root/ {print}' /etc/passwd

# -F -> Field separator (ex. ":")
# $1 -> First text
awk -F : '{ print $1 }' /etc/passwd

# FS: Field separator
awk 'BEGIN{FS="\n"} {print $0}' sample.txt
# RS: Record separator
awk 'BEGIN{RS="o"} {print $0}' sample.txt
# OFS: Output field separator
awk 'BEGIN{OFS=":"} {print $0,$4}' sample.txt
# ORS: Output record separator
awk 'BEGIN{ORS="o" print $0}' sample.txt

Generating the specific length wordlist from the original one.

# 6 length only 
awk '{ if (length($0) == 6) print }' original-wordlist.txt

# More than 5 length only
awk '{ if (length($0) >= 5) print }' original-wordlist.txt

File Transfer


  1. Encode a File with Base64 in Local Machine

    # -w 0: disabe line wrapping
    base64 exploit.sh -w 0
  2. Decode Base64 of the File in Remote Machine

    echo <base64-string-of-file> | base64 -d > exploit.sh


  • Single File

    In local machine, open listener for receiving a file.

    # -l: Listen mode
    # -p: Port
    nc -lp 4444

    In remote machine, transfer a file.

    nc <local-ip> 4444 < ./example.txt
  • Directory

    In local machine, start listener for getting a directory.

    nc -lvnp 1234 > out.tar

    In remote machine, compress the directory and transfer over netcat.

    tar -cf - example/ | nc <local-ip> 1234

    Then, decompress it in local.

    tar -xf out.tar

Shell Script

For Loop


for i in {1..5}
    echo "Hello $i"


for i in {0000..9999}
    echo $i

Read Text Line by Line


while read line
    echo $line
done < example.txt

Retrieve Arguments

Getopts is useful.
Create "my_opt.sh".


getopts c cmd
echo $cmd

Run. This output is the current username.

./my_opt.sh -cwhoami
  • While Loop and Retrieving Arguments

    Create “my_while_opt.sh”.
    while getopts ab: flag
        case "${flag}" in
            a) command1=${OPTARG};;
            b) command2=${OPTARG};;
    echo $cmd1
    echo $cmd2

    Run. This output is the current username and current time.

    ./my_while_opt.sh -awhoami -btime
    # kali
    # real  1111.11s ...

Display Data

Line Numbers

cat -n wordlist.txt

Cut Out Text

# Print 'Hello'
echo 'Hello World' | cut -d ' ' -f 1

# Print 'my name is Adam'
echo 'Hi, my name is Adam' | cut -d ',' -f 2

Search Lines Contained the Specific Text

less -p SomeWord example.txt

Count the Numbers of Files in the Directories

ls ./ | wc -l


Sed is the String Editor command-line tool.

# Print second line from file
sed -n 2p sample.txt

# Display line numbers from 14 to 18
sed -n 14,18p example.txt

# exclude given pattern in a file
sed '/sample text/d' ./sample.txt

# -e: add multiple script
sed -e '/sample text/d' -e '/sample2 text/d' ./sample.txt

For example, "/usr/bin/python3 -> /tmp/python3".

ln -s /usr/bin/python3 /tmp/python3
unlink /tmp/python3


Create a New Password

SHA512 encrypted password.

mkpasswd -m sha-512 password

Tools by HDKS


Automatic web fuzzer.


Auto reconnaissance CLI.

Hash Cracker

Hash identifier.