CheatSheet – Bash

A random collection of commands for the linux shell Bash (and other linux commands that don’t yet have their own cheatsheet).

Linux Shell Back to Index

Backups **dd**

mount -o remount,ro /dev/whatever /
dd if=/dev/whatever bs=1M iflag=direct | dd of=/media/exthdd/backup/$date_backup.dd bs=1M
mount -o remount,rw /dev/whatever /


rsync -aAXv /* /path/to/backup/folder --exclude={/dev/*,/proc/*,/sys/*,/tmp/*,/run/*,/mnt/*,/media/*,/lost+found}

# Backup with rsync and keep folder structure (the /./ is important!)
rsync -avR /source/path/./folder-to-backup user@server:/target/folder/


# Create root filesystem snapshots with LVM

Find out where GRUB is installed

Nothing more annoying then getting asked during system upgrades where GRUB should be installed… how ’bout where it was before!? Wait, where was that again?

Just try the disk (e.g. /dev/sda), and if it’s not on there, try its partitions. (/dev/sda1)

root@server:~ # dd bs=512 count=1 if=/dev/sda 2>/dev/null |strings
GRUB <--- there it is!
Hard Disk

Run command in screen as one-liner

screen -dmS name command
screen -dmS screen01 rdesktop -k us -g 1920x1180    


Sometimes you need to search for something in a document and replace whatever comed after that with the string you found. For example search for xbob23f, ybob543, and zbob123 and replace it with xbobnew, ybobnew and zbobnew respectively. To do that, you need to specify a serachterm in brackets, like .bob (the . being a randomn char), a regular expression for what you want to change, like … (three dots for three random chars following the searchterm) and a string to replace the found content. The string contains whatever the searchterm (aka .bob) found plus whatever you might want to add to replace ....

First, the simple structure of sed

sed -options 's/searchterm/replace/g'	#s = search for, g = replace all

Example 1: Replace .bob with itself (e.g. xbob, ybob, zbob)

sed -re 's/(.bob)/\1/g'	#(searchterm) is represented by \1 in replace

Example 2: Replace .bob and the three following chars with the searchresults

sed -re 's/(.bob).../\1/g'	#You can add further regex after the (searchterm)

Example 3: Same as above and append _new to every found string.

sed -re 's/(.bob).../\1_new/g'

Replace x number of random characters

# As always, . stands for any character, but instead of typing five dots, we specify the amount of chars with `{5}`
sed -r 's/^.{5}//'

Replace a line in a file

sed -i '/TEXT_TO_BE_REPLACED/c\This line is removed by the admin.' /tmp/foo

Print a file up until a certain keyword

sed '/Keyword/q' file

IRC **IRSSI IRC encrypt traffic** – don’t know if that’s all of it…

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout ~/.irssi/mynick.key -out ~/.irssi/mynick.pem

Connect to defcon IRC

/connect EFNet
/join #dc-forums


Here are some notes on how to use git – as I always seem to screw things up…

# the basics
git status
git add <file1 file2 | folder | *>
git commit -m "comment"
git push

# delete file
git rm <file>

# delete file from git only (not locally)
git rm --chached <file>

# delete all files from cache that are marked as deleted
sudo git rm --cached $(sudo git ls-files --deleted)

# get a file back that has been deleted locally but not commited yet
git checkout HEAD <file>

# get a file back that has been deleted and commited
git checkout HEAD^ <file>

# temporary move all changes to "stash", to work on something else (e.g. patch)
git stash

# after patch (or whatever) is done, get back to previous work
git stash apply

If you have committed something (not pushed) that you want to revert, use

# for the current commit
git reset HEAD

# for the one before the current
git reset HEAD~1

or if just want to reset them and get them back later,
git reset --soft HEAD

If git annoys you with multiple files, that are being tracked and that have changed but you don’t really care about them (in fact they’re just taking up space in git status…)

# Ignore tracked files
git update-index --assume-unchanged <file>

# If you wanna start tracking changes again run the following command:
git update-index --no-assume-unchanged <file>

# If you want to find all files that have been added to this list, use the following:
git ls-files -v|grep '^h'

General Bash Stuff
Set sticky bit to keep user or group throughout a directory or subdirectory when editing, moving or creating files under a different user

# Example folder structure
mkdir -p myfolder/subfolder/lastfolder

# Set folder ownership the way you want it
chown -R myuser:www-data myfolder
# Perm: myuser:r/w/x, www-data (group):r/x, everyone: nothing
chmod -R 750 myfolder

# To keep the ownership of myuser, set the sticky bit for user
chmod u+s myfolder
# Or with -R for recursive if you want to keep is throughout all subfolders
chmod -R u+s myfolder

# To keep the ownership of the group www-data, set the sticky bit for group (-R optional)
chmod -R g+s myfolder

# Get permissions of file/s in octal form
# stat -c = format of stat output 
# "%a %n" = print "octal-permissions filename"
stat -c "%a %n"  /etc/sudoers.d/*


Install Security Updates (-s is dryrun!)

grep security /etc/apt/sources.list > /etc/apt/security.sources.list
apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list -s

Pakete auf Hold setzen

dpkg --get-selections |grep hold
echo -e "packetname\thold" |sudo dpkg --set-selections

#search packet with apt or dpkg
apt-cache search packetname
dpkg --get-selection |grep packetname

#show packet
apt-cache showpkg packetname

#set hold
echo "packetname hold" |dpkg --set-selections

#set install
echo "packetname install" |dpkg --set-selections

MySQL Packet Troubleshooting (5.5 vs. 5.6)

#Prüfen welche versionen installiert sind
sudo apt-cache policy mysql-server-5.[5,6]

#Prüfen welche version läuft
sudo mysql -V
sudo mysqld -V

#MySQL 5.5 deinstallieren
sudo apt-get remove mysql-server-5.5 mysql-server-core-5.5 mysql-client-5.5

# Anschließend unbedingt MySQL 5.6 wieder starten, da dieses bei der deinstallation von 5.5 gestoppt wird.
sudo /etc/init.d/mysql start

#Prüfen welche version läuft
sudo mysql -V
sudo mysqld -V

List files

# list one file per line (1), don't go into subdirs and print full path (d)
ls -1d /etc/*

# show newest log at the bottom, oldest at the top.
# list all (a) in long-format (l), human readable (h), sorted by time (t) reverse (r)
ls -alhtr /var/log/


Print everything except first Collumn

awk -F "delimiter" {'$1=""; print $0'}


Grepplings that I need but never want to figure out on my own…

# grep for a string that is exactly 23 chars long (any chars)
grep '^.\{22\}$' 

# grep for a string that is exactly 23 chars long (charset a-z)
grep '^[a-z]\{22\}$' 

Locales on Ubuntu 14.04 – Fresh LXC install

fmohr@ubuntu-1404:~$ locale
locale: Cannot set LC_CTYPE to default locale: No such file or directory
locale: Cannot set LC_MESSAGES to default locale: No such file or directory
locale: Cannot set LC_ALL to default locale: No such file or directory

# To fix it, just run locale-gen en_US.UTF-8
fmohr@ubuntu-1404:~$ sudo locale-gen en_US.UTF-8
/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF8)
Generating locales...
  en_US.UTF-8... done
Generation complete.

fmohr@ubuntu-1404:~$ locale

User Permissions and Groups

If you can’t remember your root password, or run usermod -G group user without the -a option and now find yourself without sudo rights, here is how you reset your root password or group settings.

# Reboot your system
# Keep hitting SHIFT to get into GRUB selection
# Select Recovery, or Advanced options -> Recovery
# Once the blue/red/greyish menu pops up, select root or netroot shell
# Remount / with
mount -rw -o remount / 
# Change root password
passwd root
# Or reset your group settings (first example vbox host, second vbox guest)
usermod -a -G  hashtagsecurity,adm,cdrom,sudo,dip,plugdev,lpadmin,sambashare,vboxusers hashtagsecurity
usermod -a -G  hashtagsecurity,adm,cdrom,sudo,dip,plugdev,lpadmin,sambashare,vboxsf hashtagsecurity
# You might not need all of the groups - these are just an example

SSL Cert Voodoo

This is a good blogpost when it comes to getting info from ssl certificates!

# Use openssl to get the valid-dates of a SSL cert directly from a website
# If you want a complete ssl scan, use sslscan instead!
echo | openssl s_client -connect 2>/dev/null | openssl x509 -noout -dates
notBefore=Jun 19 12:44:04 2013 GMT
notAfter=Oct 31 23:59:59 2013 GMT

# Not SSL, but handy if you are looking for hosts to check...
nmap -PN -p 443 -iL ./all_my_hosts.txt -oN nmap_results.txt

# Now check all open ports for ssl certs with this small bash script.

for i in `grep -B 4 open nmap_results.txt |grep "Nmap scan report" |awk {'print $5'}`
  j=`curl -Ik -m 5 -s https://$i |head -n 1`
  k=`echo $j|awk {'print $2'}`
  echo "Host: $i, Status: $j"
  if [[ "$k" != "401" && "$k" != "" ]]
    echo -n "$i;" && echo | openssl s_client -connect $i:443 2>/dev/null | openssl x509 -noout -subject -dates |sed 's/subject=.*CN/CN/g' |sed 's/$/;/g' |tr -d "\n" |sed 's/$/\n/g'

Check Server for supported SSL protocol versions – It should look like this – SSL3 (or -ssl2) not supported, which is good!

$> openssl s_client -connect server:443 -ssl3 
140131777316512:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1260:SSL alert number 40
140131777316512:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 0 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
    Protocol  : SSLv3
    Cipher    : 0000
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1413807987
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)

Bad Example – This is a successfull connect – in case of SSL2 and SSL3 something you don’t want!

$> openssl s_client -connect server:443 -ssl3
depth=1 C = US, O = DigiCert Inc, OU =, CN = DigiCert SHA2 High Assurance Server CA
verify error:num=20:unable to get local issuer certificate
verify return:0
Certificate chain
Server certificate
No client certificate CA names sent
SSL handshake has read 3079 bytes and written 288 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
    Protocol  : SSLv3
    Cipher    : ECDHE-RSA-AES256-SHA

Even more random Bash stuff
Run a minimal http server on linux using netcat (nc)

while true;do nc -l -p 8080 -q 1 <<<"Hello World";done
while true;do nc -l -p 8080 -q 1 < index.html ;done

#with interpreted html (note, internal links will not work!)
while true; do { echo -e 'HTTP/1.1 200 OK\r\n'; cat index.html; } | nc -l -p 8080 -q 1; done

VirtualBox shared folder troubleshooting

I know it’s just a link, but a good one!

Also, so you can access your files without sudo…

sudo usermod -a -G vboxsf username