It's official!

Offsec has rolled out exam proctoring. Read more here: https://blackwintersecurity.com/oscp/#future

Commands

The following is a list of commands for both Linux and Windows, with a mouseover popup containing an "About" section that gives a brief description of the command, and a "Usage" section which displays a screenshot of the output. I hope that this will assist you when looking for a possible plan of attack.

Example output will display when you mouseover the code below

Operating systems used for screenshots: Kali Linux 2017.3/2018.1, CentOS 5.7/7

Operating System, kernel version, or service pack info:

1 cat /etc/issueAbout: Display system info
Usage:
2 cat /etc/*releaseAbout: Display version info
Usage:
3 cat /proc/versionAbout: Detailed versioning
Usage:
4 ls /boot | grep "vmlinuz"About: Kernel executable name
Usage:
5 lsb_release -aAbout: Linux Standard Base (LSB) info
Usage:
6 uname -aAbout: All system info
Usage:

 
Find user information:

1 idAbout: Current user ID and group associations
Usage:
2 whoamiAbout: Current user
Usage:
3 lastAbout: Last logged in user
Usage:

 
Check installed programs, permissions, and hidden files:

1 ls -lahAbout: List all file info in a readable format
Usage:
2 ls -lah /usr/binAbout: List basic Linux tools
Usage:
3 ls -lah /sbinAbout: List system/administrative tools
Usage:
4 yum list installedAbout: List installed packages
Usage:
5 dpkg-query -lAbout: List installed apps from dpkg database
Usage:
6 rpm -qaAbout: List installed applications
Usage:
7 ls -lah /usr/share/applications | awk -F '.desktop' ' { print $1}'About: List installed applications
Usage:

 
Manual escalation commands:

1 sudo suAbout: Escalate to root user (uses .bashrc)
Usage:
2 sudo -iAbout: Escalate to root user (uses .bashrc, .profile, or .login)
Usage:
3 sudo /bin/bashAbout: Escalate to root user (can also use "sudo -s" for $SHELL variable) - (uses .bashrc)
Usage:
4 sudo su-About: Escalate to root user (uses .bashrc and .profile)
Usage:
5 sudo htAbout: Escalate to root user (for 256 color error)
Usage:
6 pkexec visudoAbout: Opens the /etc/sudoers file for editing (alternative usage: "visudo")
Usage:
7 /etc/passwdAbout: File housing user information
Usage:
8 /etc/sudoersAbout: File containing permissions for superuser privileges
Usage:
9 find / \( -perm -2000 -o -perm -4000 \) -exec ls -ld {} \; 2>/dev/nullAbout: Find programs with the suid bit enabled
Usage:
10 find / -type d \( -perm -g+w -or -perm -o+w \) -exec ls -adl {} \;About: Find "world writeable" files
Usage:

 
Evaluate running services:

1 ps auxAbout: Show processes for all users and display the owner
Usage:
2 ps aux -u rootAbout: Display processes belonging to the root user
Usage:
3 systemctl status (service)About: Show managed system services
Usage:
4 topAbout: Task manager style list of running processes
Usage:
5 pstreeAbout: Show running processes as a tree
Usage:
6 cat /etc/servicesAbout: Check services file
Usage:
7 service --status-allAbout: Show all init scripts
Usage:

 
Check for scheduled tasks/jobs:

1 cat /etc/cron.d/*About: Show all cron tasks
Usage:
2 cat /var/spool/cron/*About: Show cron tasks
Can also be (cat /var/spool/cron/crontabs/*)
Usage:
3 crontab -lAbout: List current user's cronjobs
Usage:
4 cat /etc/crontabAbout: View crontab text file
Usage:
5 cat /etc/cron.(time)About: View cron jobs by time
Usage:
6 systemctl list-timersAbout: Show status of task service
Usage:

 

Operating systems used for screenshots: Win 10 Pro, Win XP Pro SP2, Win 7 Pro SP1

Find Operating System, kernel version, or service pack info:

1 verAbout: OS version
Usage:
2 c:\windows\system32\license.rtfAbout: License information
Usage:
3 c:\windows\system32\licenses\*About: Additional license file locations
Usage:
4 c:\windows\system32\eula.txtAbout: End user license agreement
Usage:
5 systeminfo | findstr /B /C: "OS Name" /C: "OS Version"About: Name, version, and build
Usage:
6 wmic os get Caption, CSDVersion /valueAbout: Name and service pack info
Usage:

 
Find user information:

1 whoamiAbout: Display current user
Usage:
2 echo %username%About: Show logged in user
Usage:
3 net userAbout: List all users
Usage:
4 net user (username)About: List specific user details
Usage:
5 echo %userprofile%About: Show logged in user home directory
Usage:
6 net localgroupAbout: Show current user group associations
Usage:
7 net config Workstation | find "User name"About: Display logged in user
Usage:
8 query userAbout: Display additional info for logged in user
Usage:
9 wmic useraccount get nameAbout: Display all users
Usage:
10 wmic /node: "127.0.0.1" computersystem get usernameAbout: Display current user
Usage:
11 qwinstaAbout: Display current user
Usage:
12 cmdkey /listAbout: Display saved credentials
Usage:

 
Check installed programs, permissions, and hidden files:

1 dir /qAbout: Display owner of files and folders
Usage:
2 dir /rAbout: Display hidden files with alternate data streams
Usage:

Tip courtesy of CuChulaind
3 attrib -h *.*About: Unhide any hidden files
Usage:
4 wmic /node: "127.0.0.1" product get name, versionAbout: List installed programs and versions
Usage:
5 wmic product get /format:listAbout: List detailed info about installed programs (optional format: /format:csv)
Usage:

 
Manual escalation commands:

1 net user username password /addAbout: Add local user
Usage:
2 net localgroup Administrators username /addAbout: Add local user to Administrators group
Usage:
3 net localgroup "Remote Desktop Users" username /addAbout: Add local user to RDP group
Usage:
4 psexec.exe -accepteula \\hostname -u hostname\username -p password cmd /c net user username password /addAbout: 3rd party application running telnet commands
Usage:
5 runas /user:hostname\username explorer.exeAbout: Run as a privileged user
Usage:
6 reg.exe saveAbout: Save registry hives
Usage:
C:\>reg.exe save hklm\sam c:\sam.save
C:\>reg.exe save hklm\security c:\security.save
C:\>reg.exe save hklm\system c:\system.save
7 icacls.exeAbout: Check NTFS file permissions
Usage:
8
reg.exe query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultUserName
reg.exe query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\WinLogon" /v DefaultPasswordAbout: Grab the default/admin username and password if either exists
Usage:
9
SAM file locations
About: Grab the sam.old and system.old files (Use with samdump2 to retrieve hashes)
Usage:
c:\Windows\System32\Config\RegBack\sam.old
c:\Windows\System32\Config\RegBack\system.old

 
Evaluate running services:

1 sc query type= serviceAbout: Display state properties for all services
Usage:
2 sc qc (service)About: Display info about specific service
Usage:
3 Get-Service -DisplayName "Service"About: Display info about specific service using Powershell
Usage:
4 Get-CimInstance Win32_Service -Filter "Name='Service'" | Format-List -Property *About: Display text
Usage:

 
Check for scheduled tasks/jobs:

1 schtasks /query /v /fo LISTAbout: Show scheduled tasks
Usage:
2 Get-ScheduledTask | Where State -EQ 'Ready'About: List scheduled tasks using Powershell
Usage:

 

Exploits

Below are several exploits, tools, and scripts that you may want to run when presented with a specific target.