tar -czvf info.tar.

gz info Get-CimInstance -ClassName Win32_LogicalDisk

linmid<x><SGL>.txt hka92 (Get-CimInstance -ClassName Win32_LogicalDisk).FreeSpace
sudo systemctl enable ssh [Math]::Round((Get-CimInstance -ClassName Win32_LogicalDisk).FreeSpace[0] / 1GB),1)
ssh-keygen -t rsa (Get-CimInstance -ClassName Win32_PhysicalMemory | Measure-Object -Property
Capacity -Sum).Sum / 1GbB
ssh-copy-id localhost (Get-CimInstance -ClassName Win32_NetworkAdapterConfiguration -Filter “IPEnabled =
‘True’”).IPAddress[0]
ssh-copy-id kali@ipaddress (Get-CimInstance -ClassName Win32_OperatingSystem) | Select-Object -Property *user*
ssh locahost\kali
join -1 3 -2 1 -t, accesstime.txt usernames.txt
File system table: awk '$2 == "Jones" {print $0}' awkusers.txt
/etc/fstab,fdisk
File system creation/repair: sed 's/10\.0\.4\.35/10.0.4.27/g' ips.txt s/<regular expression>/<replace with>/<flags>
mkfs,fsck
Disk analysis, creation: tail -n 1 somefile.txt
df,du,dd, df -h
Memory: free,vmstat,top tr '\\:' '/|' < infile.txt > outfile.txt
System info: uptime \n: newline , \r: return, \t: tab
Space: du -hs “$HOME” cut -d',' -f1 csvex.txt "Jane Smith"
Uname,hostname,ifconfig,ip,d $ cut -d',' -f1 csvex.txt | tr -d '"' Jane Smith
hclient
Traceroute,netstat,route cut -d',' -f1 csvex.txt | tr -d '"' | tail -n +2
Iptables,sftp sort -t ';' -k 2 tasks.txt > tasks_sorted.txt 2nd field -1 2 2nd field of first file
Id, su, useradd,passwd join -t ';' -1 2 -2 2 procowner_sorted.txt tasks_sorted.txt
stdin:0, stout:1, stderr:2 Jq -r ‘.authors[] | “\(.first_name) \ (.last_name)” ‘ book.json
Error message: command 2> find /home -name ‘*hello’ 2>/dev/null
/dev/null
arp -a : ARP table find /home -name ‘,*’ : hidden files
Uname -a : OS version find /home -size +5G
netstat -a : network conn find /home -mtime -1 : modified files <24 hrs
Mount : filesystems find /home -mtime +2 : modified files >2 days
ps -e : running processes find /path -type f -name ‘dog.png’
!! : to run last command nd grep -R -I ‘password’ /home
pipe
Grep -i -r /home -e ‘password’
read str , echo ${str} egrep
No of users: who | wc -l grep ‘T.o’ a.txt : 1 char
Groups: getent group | cut -d: - egrep ‘T.?o’ a.txt : 0/1 char
f3 | wc -l
ls -l /home | grep '^d' | awk egrep ‘T.*o’ a.txt : 0/ more char
'{print $3}' | wc -l OR getent
passwd | grep '^.*:/home' | wc -
l
Read choice “$choice” -eq 1< egrep ‘T.+o’ a.txt : atleast 1 char
[abc] Match only the character grep -c "pattern" filename (count)
a or b or c
[1-5] Match on digits in the egrep "^pattern" filename : lines that start with pattern
range 1 to 5
[a-zA-Z] Match any lowercase egrep "pattern$" filename
or uppercase a to z
[0-9 +-*/] Match on numbers grep -v "success" results.txt | wc -l : don’t contain
or these four mathematical
symbols
[0-9a-fA-F] Match a egrep "error|warning" config.cfg either error/ warning
hexadecimal digit
\s Whitespace egrep "[0-9]" notes.txt
\S Not whitespace netstat -an | grep "ESTABLISHED" : active netwrk conn
\d Digit grep "sshd" /var/log/auth.log : SSH login attempts
\D Not digit grep "session opened for user" /var/log/auth.log : loggeg in users
egrep '<([A-Za-z]*)>.*</\1>' grep "Failed password" /var/log/auth.log - failed login attempts
tags.txt
^[1-5] means that a matching egrep -o "([0-9]{1,3}\.){3}[0-9]{1,3}" /var/log/auth.log : lines with IP
string must start with one of
the
digits 1 through 5,
[1-5]$ means that a string grep "session opened for user john" /var/log/auth.log : login attempts
must
end with one of the digits 1
through 5.
handywork < data.in > getent group sudo | awk -F: '{print $4}' | tr ',' '\n' : users belong to sudo group
results.out
ls / | more egrep -o "([0-9A-Fa-f]{2}:){5}[0-9A-Fa-f]{2}" /var/log/syslog : MAC add
grep "sshd" /var/log/auth.log | grep "port 22" | awk '{print $(NF-3)}' | sort | uniq : tried to
connect to port 22