Really cool but obscure command line

I found this site and just love it. It lists out a lot of obscure commands that can be used on Unix systems, like ledger, a terminal based accounting package! What?!? Check it out!

A little collection of cool unix terminal/console/curses tools Just a list of 20 (now 28) tools for the command line. Some are little-known, some are just too useful to miss, some are pure obscure — I hope you find something useful that you weren’t aware of yet! Use your operating system’s package manager to install most of them.


I love using screen at work, especially while I’m in a PuTTy session. Basically, screen lets you open up another bash session without disrupting a current bash session in the same window. So I can open one PuTTy session and with screen emulate multiple. This is nice because I can do something different in each screen session without loosing my place in another. Trust me, it’s awesome.


To download:

apt-get install screen

or (depends on your distribution and packet manager)

yum install screen


Create a screen by typing the command:


Super easy, to detach from a screen:

press CTRL+”a”+”d”

Now what? There is now a floating screen session someone. How do you reconnect to it? First you can list all screen session with:

screen -ls

With knowledge of what screens exist, you can reconnect to one with the command:


Screen Shot 2014-01-29 at 6.46.30 PM

To kill the current screen, use:

press CTRL+”a”+”\”

Other helpful shortcuts can be found by pressing:

CTRL+”a” release “?”

Screen Shot 2014-01-29 at 6.48.08 PM

There you have it! Manage your screens wisely.

Linux: Running Scripts on Startup

One of the easiest ways to run a script or command on startup is to use the crontab.

The crontab includes an entry string to let you run a script after reboot or on startup.

Enter the crontab.

crontab -e

Add an item to run on startup.


My crontab entry is visible below. I used this to start all my scripts on my Pi creation.

Screen Shot 2014-01-26 at 12.30.43 PM

Other startup options include, writing an entry into the bashrc. For the Pi, you could also write an entry in /etc/rc.local. This article discusses actually creating an init.d script for those interested.

Handy-Dandy Terminal Shortcuts

Hey all, here are some handy terminal shortcuts I’ve stumbled upon in school and work. Maybe they’ll make your life easier as you go about entering commands in a Unix bash shell.

The + sign is not part of the key combination, it’s just to show what buttons to hit together.

CTRL + “u” -> Delete current text in prompt and move cursor to the beginning
CTRL + “k” -> Similar to the last, but instead it kills the input
CTRL + “y” -> Return the last killed input
CTRL + “a” -> Jump cursor to the beginning of your terminal input line
CTRL + “e” -> Jump cursor to the end of your terminal input line
CTRL + “f” -> Move cursor forward one character (similar to right arrow key)
CTRL + “b” -> Move cursor backward one character (similar to left arrow key)
CTRL + “d” -> Backwards Delete (For all you Mac users)
CTRL + “h” -> Forward Delete
CTRL + “r” -> Extremely useful, lets you look up a previous used command. Just press CTRL plus the letter “r” then begin typing the command, the promo will return the last command that used the term.
CTRL + “l” -> Clear screen

I’ll add to this list as I come upon more helpful terminal shortcuts.

Aliases, loosing command identity…

Today, I was looking into my environment setup and realized, aliases are really useful. So for your enjoyment, here is a quick reference into how to setup and utilize the flexibility of aliases in your own Unix setup.

What is alias?

Aliases in any platform is a command that lets you replace one word for another.  Nothing really confusing here. The alias command is:

alias <NAME>=<VALUE>

An example:

alias list='ls –l'

This will replace any instance where you type list with “ls –l.”

Screen Shot 2014-01-16 at 6.52.45 PM

Listing isn’t a big deal, but say you have a really long command, imagine replacing that really long command with one word. Seeing the benefits now?

To get rid of an alias, either close your shell or type the command:

unalias <NAME>

This is great and all, but the alias will only work for the current shell it was called in. As soon as I close my shell, my list alias will disappear. What if I want an alias to be a permanent fixture. I want every shell I open to have my list alias. How do I do this? Well, the bash configuration files will help us here.

Bash Files for Unix Systems

When you login to a Unix system over bash shell, ~/.bash_profile is read. From this file, the shell gathers settings for that particular bash shell. If by chance ~/.bash_profile is corrupted or does not exist, ~/.profile is read instead. Say you are already logged into a Unix environment and you open a shell, instead of ~/.bash_profile being read, ~/.bashrc is instead reviewed for shell settings.

So ~/.bash_profile is read by a login shell and ~/.bashrc is read the other shell. I hate being repetitive. I want my aliases in one spot, I don’t want to have to manage two sets.

Well, there is a really easy fix for this problem! Ensure your ~/.bash_profile invokes ~/.bashrc! Check to see if your ~/.bash_profile has the following lines of code that perform the operation or just add them yourself.

if [ -f ~/.bashrc ]; then
        . ~/.bashrc

Nice, now you can store all your aliases in one place, ~/.bashrc. I just stuck mine in at the bottom of the file.

Example Aliases

Sudo reboot every time:

alias reboot='sudo reboot'

Sudo update application package manager:

alias update='sudo apt-get upgrade'

List directories in color:

alias ls='ls --color=auto'

Forget vi, always use vim:

alias vi='vim'

Show open ports:

alias ports='netstat -tulanp'

Directory traversals made easy:

alias ..='cd ..'
alias ...='cd ../..'
alias ....='cd ../../..'
alias .....='cd ../../../..'

Go to your web directory:

alias www='cd /var/www/html'

Grep with color:

alias grep='grep --color=auto'

Remove recursively by force:

alias rm='rm –rf'

The possibilities are endless! Have fun!

Ncat for Live Incident Response

When a system is vital in daily operations, it often cannot be taken offline for duplication. Also because of its importance it cannot risk the chance of state change, forensic tools cannot be downloaded onto the system. In a court case, the installation of tools could be considered as tampering with the evidence because there is a chance the tools could overwrite important data. The same goes for saving data on the victim machine. A live incident response looks to collect data from a machine without changing the environment. I recommend mapping a network drive or preferably using Ncat to transfer information between analyzing machine and the victim machine during a live investigation.

Ncat comes pre-installed on most Linux distributions and can be called by the ‘nc’ command. For Windows, a portable executable can be downloaded from here.

If using Ncat to transfer logs the following commands can be used:

Command to setup a Ncat listener on host machine: 
Linux: nc –v –l  –p <PORT> > <LOG FILE>
Windows: <NCAT EXECUTABLE> –v –l  –p <PORT> > <LOG FILE>

The port number is any port desired for the Ncat listener to listen on for communication. The log file is just a file for the data to be stored in on the analyzing host machine.

Command to send data from a victim machine: 

Basically the command sends the results of a command performed on the victim machine to the listening host machine. <COMMAND> is the command issued on the victim machine. The IP address and port are of the host machine with Ncat listening. The connection can be closed by CONTROL C/D or closing the terminal/command prompt. Once closed, the listener will output all received data to the output file.

Not only can Ncat be used to send command output but it can be used to listen for text or file transfers.



Overall, it is an easy to use clean tool for transferring information between host machines.

Scanning With Nmap

Nmap is an effective network-scanning tool that can be used for host and open port service discovery. It can be downloaded from here.

In my experiences, to find hidden services or special services, not located on common ports, the below scans can be used. Different services respond to different packet messages. The “-p” tag specifies a port range, it is not required. However, when I stated the range, I found more running services than when the range was not stated. My theory is nmap, on a basic scan will look at popular ports and not necessarily all ports when not stated.

  • Find UDP Services: nmap –sU <ADDRESS> –p1-6000
  • Basic Service Scan: nmap –v <ADDRESS> –p1-6000
  • Basic All Service Scan: nmap –A <ADDRESS> –p1-6000
  • Null port scan (Does not set and bits in the TCP flag header): nmap –sN <ADDRESS> –p1-6000
  • Fin port scans (Sets just the TCP FIN bit): nmap –sF <ADDRESS> –p1-6000
  • Christmas port scans (Sets the FIN, PSH and URG flags): nmap –sX <ADDRESS> –p1-6000

Ping Sweep

nmap is a great tool to use to perform a network ping sweep, however there is an effective way to perform a ping sweep with out any additional installation. A FOR loop can be used to perform consecutive pings.

Ping Sweep FOR Loop: FOR /L %i in (<Host Number Start (0-255)>,1,<Ending Host Number (0-255)>) do @ping -n 1 <Network Prefix>.%i | find “Reply”

The FOR loop is basically saying start at a network prefix with stated starting host number value and send a ping. Once a reply as been received the first loop is finished and it continues to the next loop. After each loop, the host number increases and a ping is sent to that address on the network. For example, say the network prefix is 192.168.0 and we want to ping host numbers (3-43). We would enter 3 as our beginning host number and 43 as are finishing host number. The one in between the two parameters states to increase each address by one for each running of the for loop. This allows us to ping each host on the the specified network range, thus performing a ping sweep.

Windows Example:

The following command ping sweeps addresses in range –

FOR /L %i in (1,1,255) do @ping -n 1 192.168.100.%i | find "Reply"

The same function can be done in the Linux Terminal.

Linux Ping Sweep:

Linux is slightly different but follows almost the same pattern.

for i in {0..255}; do ping -c 1 -t 1 <IP PREFIX>.$i | grep 'from'; done

Mount a Network Drive Linux

Mount a Linux Drive in Linux Machine:

  1. Create a directory for mount: mkdir /<mount place>
  2. Mount Drive: mount <Linux file system address>:/<share> /<mount place>
  3. View Contents of mounted drive: ls /<mount place>

Mount a Windows Drive in a Windows Machine:

  1. Create a directory for mount: mkdir /<mount place>
  2. Mount Drive: mount -t smbfs //<file system address>/<share> /<mount place> -o username=<username>,password=<password>
  3. View contents of mounted drive: ls /<mount place>


In a Linux machine, for a Windows Drive, it is required to state that the drive uses a Samba File System. This will notify Linux of how to read the drive.