The Lovely Command-Center

This Page Is A No Nonsense Straight To The Command List For Commonly Used Configs/Rules I Need To Remember

If You Have a Command Request Feel Free To Ping me @j3st3rjam3s and I’ll add it!

—————————————————————————————————————————————————————————————————————————————- Firewall-cmd Commands

Allow Traffic on an Inbound Port:

# firewall-cmd –add-port=[YOUR PORT]/tcp

Don’t Forget –Permanent For Persistence

# firewall-cmd –permanent –add-port=[YOUR PORT]/tcp

Allow Traffic With a Rich Rule:

# firewall-cmd –permanent –add-rich-rule=’rule family=ipv4 destination address= port port=8080 protocol=tcp accept'

Add a Service:

# firewall-cmd –add-service [service]

List Allowed Services and Ports:

# firewall-cmd –list-services

List All Zones

# firewall-cmd –list-all-zones

Starting and Stopping The Firewall/Services It’s called “firewalld”

# systemctl enable firewalld
# systemctl restart firewalld
etc. (Just Use systemctl, etc.)


How To Add A User In VYOS (user: James pass: examplepassword)

vyos@vyos-rtr:~$ configure vyos
vyos@vyos-rtr# set system login user James full-name “James”
vyos@vyos-rtr# set system login user James authentication plaintext-password examplepassword
—You also change the password by using the same command
vyos@vyos-rtr# set system login user James level admin
—You can set a user to admin by using 'level'
vyos@vyos-rtr# commit
vyos@vyos-rtr# save

How to Change SSH Port: set service ssh port [insert a port #] commit save

How to Assign SSH For Specific Addresses: set service ssh listen-address [ip address]

Configuring a VYOS Firewall & Rules Set Nameserver

# set system name-server <IP>

Set Hostname

# set system host-name <hostname>

Set IP Address

# set interfaces ethernet eth# address <IP address>/CIDR

Synchronize NTP with Log Server For Consistent Log Dates/Times

set date ntp <IP address>

Set System Gateway

# set system gateway-address <IP address>


# set interfaces ethernet eth# vrrp vrrp-group #
# set interfaces ethernet eth# vrrp vrrp-group # virtual-address [ip address]
# set interfaces ethernet eth# vrrp vrrp-group # advertise-interval 1
# set interfaces ethernet eth# vrrp vrrp-group # preempt true
# set interfaces ethernet eth# vrrp vrrp-group # priority #
# set interfaces ethernet eth# vrrp vrrp-group # sync-group [group name]

Create the Firewall Rule set firewall name [WAN-to-LAN] default-action drop

The above command creates the firewall rule for WAN to LAN and sets the default action to drop packets. set firewall name [WAN-to-LAN] enable-default-log

This logs all attempts for traffic going thru the firewall
Create the Zone and Assign it to the Interface set zone-policy zone [WAN] interface [eth0]

Create the Zone and Link it to the Rule set zone-policy zone [LAN from WAN] firewall name [WAN-to-LAN]

The above command creates the ZONE for connections from the WAN to the LAN and links it to the firewall rule WAN-to-LAN
Set Up DNS Forwarding set service dns forwarding name-server [] set service dns forwarding listen-on ‘eth1’

Create the specific firewall rules

Set Up NAT: same syntax as the firewall rules in 7 (below) just without the firewall name

set nat destination rule 1 destination address etc.
set nat source rule 1 source address etc.

Accept traffic set firewall name [WAN-to-LAN] rule [10] action accept

Allow Firewall for certain traffic set firewall name [DMZ-to-LAN] rule [#] destination address [ip] set firewall name [DMZ-to-LAN] rule [#] destination port [#] set firewall name [DMZ-to-LAN] rule [#] protocol [udp]

Accept Established Commands set firewall name [WAN-to-LAN] rule [20] state established enable

You increment rules by 10 because if you have to add rules in the future you can place them in block chunks. For example if you want to deny traffic from a specific IP you could make Rule 11. The reason rules are blocked by 10 is only for organizational purposes. It’s just a number. As long as you keep track of your firewall rules in a spreadsheet or something then you’ll be fine.
Configuring Logging with syslog on Vyos set system syslog host [log ip] facility [authpriv] level [info]

Navigate here for a list of facilities and levels:

General Linux(Quick Common Commands):

Create a sudo user

add user [username]
passwd [username]
usermod -aG [sudo/wheel] [username]


Using fping: “fping -g”

fping [options] [ipaddress/s]

Options -4 = restricts name resolution to IPv4 addresses -6 = restricts name resolution to IPv6 addresses -a = show alive systems -A = show targets by address vs. DNS name -d= use DNS to look up target (find DNS name) -b = number of byte data to send in the ping -c = number of ping request packets to send -g = generate a list of targets based of a subnet -H = set the TTL -i = change the interval between each packet -I = set the interface -l = loop sending packets indefinitely (stop by using ctrl+c) -n = name the addresses by running a reverse DNS lookup


Running an nmap scan: nmap -sC [target] This will run the default nmap scripts

nmap [scanning options] [timing options] [ipaddress/s] [output options] Scan Options: Official Options Summary -p = Specify Ports -o = Determine the OS –osscan-limit = limit OS Detection to those hosts with one port open and one closed as this saves time –max-os-tries = reduce the number of OS Scans below the default 4 to save time. -A = Enable OS Detection, Version Detection, script scanning, and tracert. -sL = DNS/List Scan – simply list targets to scan (uses a list instead of doing host discovery which is the default) -sn = Ping scan – disable port scan -Pn = treat all hosts as online – skips host discovery -sS = Syn Scan -sA = ACK scan -sF = Fin Scan -sl = IDLE Scan -sN = Null Scan -sO = Protocol Scan -sP = Ping Scan -sR = RPC Scan -sT = TCP Connect Scan -sU = UDP Connect Scan(Expect replies) -sW Windows Scan -sX XMAS Scan -PI = ICMP Ping -Po = No ping -PS = SYN Ping -PT = TCP Ping -oN = Normal Output -oX = XML Output -T0 = Serial Slowest Scan (Paranoid Level) -T1 = Serial Slow Scan (Cautious Level) -T2 = Serial Slow Normal Speed Scan (Polite Level) -T3 = Serial Normal Speed Scan (Normal Level) -T4 = Serial Fast Scan (Aggressive Level) -T5 = Who gives a sh1t I want them to know what I’m doing.

Runnin an Nmap nse script:

same as nmap –script=default [target]

nmap –script=[nmap script/category] [target]

What categories James? Go here:

NMAP Cheat Sheet Here is Helpful: shoutout to highoncoffee whoever that is lol.


Use TheHarvester

theharvester [options]
example: theharvester -d -l 100 -b google -h myresults.html
-d = domain to search
-b = data source (baidu, bing, bingapi, dogpile, google, googleCSE, googleplus, google-profiles, linkedin,
pgp, twitter, vhost, virustotal, threatcrowd, crtsh, netcraft, yahoo, all)
-f = save results into an html or xml
-c = DNS Bruteforce
-l = limit the number of results

SSH Keys

Create Key Pairs on target host


That will create an RSA key pair
Use a password if you want
Copy the public key to the remote host

cd ~/.ssh ssh-copy-id username@RemoteHostIpAddress


cat ~/.ssh/ ssh username@RemoteHostIpAddress “mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat » ~/.ssh/authorized_keys”


Manually copy and paste the key.

Test out the public key authentication. If it works you can also disable root password logins. Make sure you leave a shell open. In case something goes wrong in this step. You don’t want to lock yourself out of your own box.

Disable Root Logon

cd /etc/ssh/

sudo nano /etc/ssh/sshd_config

change this line(you’ll see it) to this “PermitRootLogin without-password“

save and close the file
Restart SSH

systemctl restart sshd


Using CeWL:

cewl [options] <url>
e.g. cewl -with-numbers -a -w wordList.txt
What are the CeWL Options?
-h, –help: Show help.
-k, –keep: Keep the downloaded file.
-d ,–depth : Depth to spider to, default 2.
-m, –min_word_length: Minimum word length, default 3.
-o, –offsite: Let the spider visit other sites.
-w, –write: Write the output to the file.
-u, –ua : User agent to send.
-n, –no-words: Don’t output the wordlist.
–with-numbers: Accept words with numbers in as well as just letters
-a, –meta: include meta data.
–meta_file file: Output file for meta data.
-e, –email: Include email addresses.
–email_file : Output file for email addresses.
–meta-temp-dir : The temporary directory used by exiftool when parsing files, default /tmp.
-c, –count: Show the count for each word found.
-v, –verbose: Verbose.
–debug: Extra debug information.


Using RSMangler:

rsmangler [options] – -(that’s two dashes next to each other wordpress won’t make it look any closer) file wordlist.txt > mangledWordlist.txt

So because of the nature of a mangler. You want to really insert only like 4-5 words in your starting wordlist.
I recommend having multiple wordlists with about 4-5 word in each of them. Then use RSMangler to create passwordlists from all of the different wordlists.
That really just cuts down on the time it will take to generate these wordlists and password lists.

Options for RSMangler:

–help, -h: show help –file, -f: the input file, use – for STDIN –output, -o: the output file, use – for STDOUT –max, -x: maximum word length –min, -m: minimum word length –perms, -p: permutate all the words –double, -d: double each word –reverse, -r: reverser the word –leet, -t: l33t speak the word –full-leet, -T: all posibilities l33t –capital, -c: capitalise the word –upper, -u: uppercase the word –lower, -l: lowercase the word –swap, -s: swap the case of the word –ed, -e: add ed to the end of the word –ing, -i: add ing to the end of the word –punctuation: add common punctuation to the end of the word –years, -y: add all years from 1990 to current year to start and end –acronym, -a: create an acronym based on all the words entered in order and add to word list –common, -C: add the following words to start and end: admin, sys, pw, pwd –pna: add 01 – 09 to the end of the word –pnb: add 01 – 09 to the beginning of the word –na: add 1 – 123 to the end of the word –nb: add 1 – 123 to the beginning of the word –force: don\’t check output size –space: add spaces between words –allow-duplicates: allow duplicates in the output list


ncrack -v -T3 -p 80 –user [bigMike] -P [magledMikeListn.txt] [ip address]

-v is for verbosity -T3 is the level of paranoia. I did T3 b/c that’s average -p is to set the port number afterwards so -p 80 is port 80 for web –user is username [insert the username without brackets] -P specifies the word list [insert your word list without brackets] [ip address] is obviously [insert the target ip without brackets]

Ubuntu 18.04 Bionic Beaver:

How to set up networking
    Edit the file: /etc/netplan/50-cloud-init.yaml
    Should look something like This

          addresses: []
            search: [lab,  home]
            addresses: [,]
          optional: true
    version: 2

    Apply Your Changes sudo netplan apply

comments powered by Disqus