In the Linux basic module of OSCP, you’re asked to configure your shell in a way that the history commands always displays the date and the time when the command was run.
Such information is valuable as evidence so this configuration tweak is well worth it.
If you’re the impatient type you might turn to some search engines for some quick results and you will definitely get a lot of hits. None of which work.
Why? All (most, at least) are written for the bash shell.
However, nowadays (2023) the default shell in Kali Linux is zsh.
See for yourself: run ‘echo $SHELL’ in your terminal.
Similar to the bash shell with a ~/.bashrc file, there is a ~/.zshrc file. Open the file with less and search for ‘history’ cat | grep the file and you will that there is an alias defined for history: ‘history 0’ (the numbers modifies the returned history lines).
In many posts, the fc is referenced, including the -E switch – most of the mentioned switches do not work as outlined in the posts.
Finally, I came across the -li switch which not only works (as in ‘does not return “bad option”‘). And this option actually returns the date/time info of commands run in zsh.
What does that mean for you?
Simply add another alias at the end of the .zshrc file:
alias history=’fc -li 0′
(that’s a zero. if you don’t add it, the history command will only return the 16 latest entries in the history file)
Now you can move on to the next task in the OSCP course.