Module : 2

In – Depth Linux OS

General structure of Linux File System -

1
2
Commands –

Command Description
Man <tool> Opens man pages for the specified tool.
<tool> -h Prints the help page of the tool.
Apropos Searches through man pages’ descriptions for instances of a given
<keyword> keyword.
Cat Concatenate and print files.
Whoami Displays current username.
Id Returns users identity.
Hostname Sets or prints the name of the current host system.
Uname Prints operating system name.
pwd Returns working directory name.
ifconfig The ifconfig utility is used to assign or view an address to a network
interface and/or configure network interface parameters
ip ip is a utility to show or manipulate routing, network devices,
interfaces, and tunnels.
Netstat Shows network status.
Ss Another utility to investigate sockets.
Ps Shows process status.
Who Displays who is logged in.
env Prints environment or sets and executes a command.
Lsblk Lists block devices.
Lsusb Lists USB devices.
Lsof Lists opened files.
Lspci Lists PCI devices.
Sudo Execute command as a different user.
Su The su utility requests appropriate user credentials via PAM and
switches to that user ID (the default user is the superuser). A shell
is then executed.

3
Useradd Creates a new user or update default new user information.
userdel Deletes a user account and related files.
usermod Modifies a user account.
addgroup Adds a group to the system
delgroup Removes a group from the system
passwd Changes user password.
dpkg Install, remove and configure Debian-based packages.
apt High-level package management command-line utility.
snap Install, remove and configure snap packages.
gem Standard package manager for Ruby
pip Standard package manager for Python.
git Revision control system command-line utility.
systemctl Command-line based service and systemd control manager.
ps Prints a snapshot of the current processes.
journalctl Query the systemd journal.
kill Sends a signal to a process.
bg Puts a process into background
jobs Lists all processes that are running in the background.
fg Puts a process into the foreground.
curl Command-line utility to transfer data from or to a server.
wget An alternative to curl that downloads files from FTP or HTTP(s)
server.
python3 -m Starts a Python3 web server on TCP port 8000.
http.server
ls Lists directory contents
cd Changes the directory.
clear Clears the terminal.
touch Creates an empty file.
mkdir Creates a directory.

4
tree Lists the contents of a directory recursively.
mv Move or rename files or directories.
cp Copy files or directories.
nano Terminal based text editor.
which Returns the path to a file or link
find Searches for files in a directory hierarchy
updatedb Updates the locale database for existing contents on the system.
locate Uses the locale database to find contents on the system.
more Pager that is used to read STDOUT or files.
less An alternative to more with more features.
head Prints the first ten lines of STDOUT or a file.
tail Prints the last ten lines of STDOUT or a file
sort Sorts the contents of STDOUT or a file
grep Searches for specific results that contain given patterns
cut Removes sections from each line of files
tr Replaces certain characters.
column Command-line based utility that formats its input into multiple
columns.
awk Pattern scanning and processing language.
sed A stream editor for filtering and transforming text.
wc Prints newline, word, and byte counts for a given input.
chmod Changes permission of a file or directory.
Chown Changes the owner and group of a file or directory.

5
Nano – File editor

$nano
#or
$nano fileName

Ctrl+o : Save output

Ctrl+z : Exit Vim

View File Content Description

more Pager that is used to read STDOUT or files.
less An alternative to more with more features.
cat Concatenate and print files.
head Prints the first ten lines of STDOUT or a file.
tail Prints the last ten lines of STDOUT or a file.

Redirecting file output –

$echo "Hey Frost!" > message.txt

> is used for one time redirection: it overwrites the current file content.

$echo "Hey Frost!" >> message.txt

>> is used to append content to the file. Instead of overwriting.

Hosting server –
$sudo python3 -m http.server

6
curl - cli browser
$man curl
$curl http://10.10.155.71:8081/ctf/get -X "GET"
# -v : verbose
# -X : request method
#Add data to POST request
$curl http://10.10.155.71:8081/ctf/post -X "POST" --data flag_please
#Set cookies
$curl http://10.10.155.71:8081/ctf/sendcookie -X "GET" -b "flagpls=flagpls"

wget - download file through cli

$wget fileURL

Viewing processes -
# View processes started by other users.
$ps aux

To be used with kill command

# SIGTERM - Kill the process, but allow it to do some cleanup tasks beforehan
# SIGKILL - Kill the process - doesn't do any cleanup after the fact
# SIGSTOP - Stop/suspend a process

7
Networking Commands –

$ifconfig
#ifconfig - Show / manipulate routing, network devices, interfaces and tunnel
$ip a
#ip - Show / manipulate routing, network devices, interfaces and tunnels
# a - show all
$iwconfig
#iwconfig - configure a wireless network interface
$ip n
#or
$arp -a
#Both are used to list neighboring devices
$ip r
#or
$route
#Both are used to list IP routing table

8
Netdiscover –
$sudo netdiscover -r 192.168.211.0/24
#netdiscover - active/passive ARP reconnaissance tool
#-r : range

Arp scan –
$sudo arp-scan -l
#arp-scan : The ARP scanner
#-l or --localnet : Generate addresses from network interface configuration

9
 Privilege Escalation –
Privilege escalation is the act of exploiting a bug, design flaw or configuration oversight
in an
operating system or software application to gain elevated access to resources that are
normally protected by an application or user.
 Horizontal Privilege Escalation: Horizontal privilege escalation is when a user
gains the access rights of another user who has the same access level as he or
she does
 Vertical Privilege Escalation an attacker attempts to gain more permissions or
access with an existing account they have compromised most probably
admin/root account.

WHAT TO LOOK FOR:

 Kernel Exploit example: (Dirty cow) A race condition was found in the way the
Linux kernel's memory subsystem handled the copy-on-write (COW) breakage of
private read-only memory mappings. All the information we have so far is included
in this page.

 Read/Write Permissions

- Writeable: /etc/passwd

- possible if a member of the root group with gid 0 is found

 SUID/GUID Files
 Escaping Vi Editor

1
0