| name | Linux Penetration Testing Fundamentals |
| description | This skill should be used when the user asks to "learn Linux for pentesting", "use Linux commands for hacking", "manage Linux processes", "manipulate text in Linux", "write bash scripts", or "configure Linux networking". It provides comprehensive Linux fundamentals for penetration testing. |
| version | 1.0.0 |
| tags | linux, pentesting, bash, networking, commands, scripting |
Linux Penetration Testing Fundamentals
Purpose
Master essential Linux skills for penetration testing including navigation, file manipulation, text processing, networking, process management, permissions, and bash scripting. Linux is the preferred platform for security professionals due to its flexibility, transparency, and extensive tool support.
Prerequisites
Required Environment
- Linux-based system (Kali Linux recommended)
- Terminal access
- Basic understanding of operating systems
Required Knowledge
- Basic command-line concepts
- File system understanding
- Networking fundamentals
Outputs and Deliverables
- System Navigation - Efficient directory and file operations
- Text Processing - Data extraction and manipulation
- Network Configuration - Interface and DNS management
- Automation Scripts - Custom bash tools
Core Workflow
Phase 1: Basic Navigation Commands
Essential commands for system navigation:
# Identify current location and user
pwd # Print working directory
whoami # Current user
id # User ID, group ID, groups
# Change directories
cd /path/to/directory # Absolute path
cd .. # Parent directory
cd ~ # Home directory
cd - # Previous directory
# List contents
ls # Basic listing
ls -l # Detailed listing
ls -la # Include hidden files
ls -lah # Human-readable sizes
# Get help
man <command> # Manual page
<command> --help # Help text
<command> -h # Short help
Phase 2: File Operations
Create, copy, move, and delete files:
# Create files and directories
touch newfile.txt # Create empty file
mkdir new_directory # Create directory
mkdir -p path/to/dir # Create nested directories
# Copy files
cp file.txt copy.txt # Copy file
cp -r dir1 dir2 # Copy directory recursively
cp file.txt /dest/ # Copy to destination
# Move/rename files
mv file.txt newname.txt # Rename file
mv file.txt /dest/ # Move to destination
mv dir1 dir2 # Rename directory
# Remove files
rm file.txt # Remove file
rm -r directory/ # Remove directory recursively
rm -rf directory/ # Force remove (dangerous!)
rmdir empty_directory/ # Remove empty directory
# View file contents
cat file.txt # Display entire file
less file.txt # Scrollable view
more file.txt # Page-by-page view
head -n 20 file.txt # First 20 lines
tail -n 20 file.txt # Last 20 lines
tail -f logfile.log # Follow log file
Phase 3: Searching and Finding
Locate files and search content:
# Find files
find / -name "filename" 2>/dev/null # Find by name
find / -type f -name "*.txt" 2>/dev/null # Find text files
find / -type d -name "logs" 2>/dev/null # Find directories
find / -size +100M 2>/dev/null # Files over 100MB
find / -mtime -7 2>/dev/null # Modified in 7 days
find / -perm -4000 2>/dev/null # SUID files (privesc)
find / -user root -perm -4000 2>/dev/null # Root SUID files
# Locate (uses database)
locate filename # Fast search (database-based)
updatedb # Update locate database
# Find binaries
which nmap # Binary location in PATH
whereis nmap # Binary, source, man page
# Search file contents
grep "pattern" file.txt # Search in file
grep -r "pattern" /path/ # Recursive search
grep -i "pattern" file.txt # Case insensitive
grep -v "pattern" file.txt # Invert match
grep -n "pattern" file.txt # Show line numbers
grep -E "regex|pattern" file.txt # Extended regex
Phase 4: Text Manipulation
Process and transform text:
# Display with line numbers
nl file.txt # Number lines
cat -n file.txt # Number all lines
# Extract and cut
cut -d':' -f1 /etc/passwd # First field, colon delimiter
cut -d',' -f1,3 file.csv # Fields 1 and 3
awk '{print $1}' file.txt # Print first column
awk -F: '{print $1}' /etc/passwd # Custom delimiter
# Sort and unique
sort file.txt # Sort lines
sort -r file.txt # Reverse sort
sort -n file.txt # Numeric sort
uniq file.txt # Remove duplicates
sort file.txt | uniq # Sort then unique
sort file.txt | uniq -c # Count occurrences
# Search and replace
sed 's/old/new/g' file.txt # Replace all occurrences
sed -i 's/old/new/g' file.txt # In-place replacement
sed -n '5,10p' file.txt # Print lines 5-10
sed '1,5d' file.txt # Delete lines 1-5
# Word count
wc file.txt # Lines, words, bytes
wc -l file.txt # Count lines
wc -w file.txt # Count words
# Piping and redirection
command1 | command2 # Pipe output
command > file.txt # Redirect to file (overwrite)
command >> file.txt # Append to file
command 2>/dev/null # Discard errors
command 2>&1 # Stderr to stdout
Phase 5: Permissions and Ownership
Manage file access control:
# View permissions
ls -l file.txt # Show permissions
# Format: -rwxrwxrwx (type, owner, group, others)
# Change permissions (numeric)
chmod 755 file.txt # rwxr-xr-x
chmod 644 file.txt # rw-r--r--
chmod 777 file.txt # rwxrwxrwx (dangerous!)
chmod 600 file.txt # rw------- (secure)
# Change permissions (symbolic)
chmod +x file.txt # Add execute for all
chmod u+x file.txt # Add execute for owner
chmod g+w file.txt # Add write for group
chmod o-r file.txt # Remove read for others
chmod u=rw,g=r file.txt # Explicit assignment
# Change ownership
chown user file.txt # Change owner
chown user:group file.txt # Change owner and group
chown -R user directory/ # Recursive ownership
chgrp group file.txt # Change group only
# Special permissions
chmod 4755 file.txt # SUID (setuid)
chmod 2755 directory # SGID (setgid)
chmod 1755 directory # Sticky bit
Permission values:
- 4 = Read (r)
- 2 = Write (w)
- 1 = Execute (x)
Phase 6: Network Management
Configure and analyze network settings:
# View network interfaces
ifconfig # All interfaces (legacy)
ip addr # Modern alternative
ip link # Interface status
# Change IP address
ifconfig eth0 192.168.1.100 netmask 255.255.255.0
ip addr add 192.168.1.100/24 dev eth0
# Spoof MAC address
ifconfig eth0 down
ifconfig eth0 hw ether 00:11:22:33:44:55
ifconfig eth0 up
# Or: macchanger -r eth0
# DHCP client
dhclient eth0 # Request IP from DHCP
# DNS resolution
dig example.com # DNS lookup
dig example.com mx # Mail servers
dig example.com ns # Name servers
nslookup example.com # Alternative lookup
# Change DNS server
echo "nameserver 8.8.8.8" > /etc/resolv.conf
# Host file mapping
nano /etc/hosts
# Add: 192.168.1.100 fake.domain.com
# Test connectivity
ping -c 4 target.com # 4 ping packets
traceroute target.com # Trace route
netstat -tuln # Listening ports
ss -tuln # Modern alternative
Phase 7: Process Management
Control running processes:
# View processes
ps # Current session
ps aux # All processes, all users
ps aux | grep nmap # Filter by name
top # Interactive process view
htop # Enhanced interactive view
# Process control
kill <PID> # Terminate process
kill -9 <PID> # Force kill
killall processname # Kill by name
pkill -f pattern # Kill by pattern
# Background processes
command & # Run in background
jobs # List background jobs
fg %1 # Bring job 1 to foreground
bg %1 # Resume job 1 in background
Ctrl+Z # Suspend current process
# Priority management
nice -n 10 command # Start with lower priority
nice -n -10 command # Start with higher priority (root)
renice 10 -p <PID> # Change running process priority
Phase 8: Software Management
Install and manage packages:
# Debian/Ubuntu (apt)
apt update # Update package lists
apt upgrade # Upgrade packages
apt install <package> # Install package
apt remove <package> # Remove package
apt purge <package> # Remove with config files
apt search <keyword> # Search packages
apt-cache show <package> # Package info
# RHEL/CentOS (yum/dnf)
yum update # Update packages
yum install <package> # Install package
yum remove <package> # Remove package
dnf install <package> # Modern alternative
# From source/GitHub
git clone https://github.com/user/repo.git
cd repo
pip install -r requirements.txt
python setup.py install
Phase 9: Bash Scripting Basics
Create automation scripts:
#!/bin/bash
# Basic script structure
# Shebang - tells system to use bash
#!/bin/bash
# Comments
# This is a comment
# Variables
name="World"
echo "Hello, $name"
# User input
echo "Enter target IP:"
read target
echo "Scanning $target"
# Command substitution
current_date=$(date)
ip_address=$(hostname -I)
# Conditional statements
if [ -f /etc/passwd ]; then
echo "File exists"
else
echo "File not found"
fi
# Loops
for i in 1 2 3 4 5; do
echo "Number: $i"
done
for file in *.txt; do
echo "Processing: $file"
done
# While loop
while [ $count -lt 10 ]; do
echo $count
count=$((count + 1))
done
Example scanner script:
#!/bin/bash
# Simple network scanner
echo "Enter target network (e.g., 192.168.1):"
read network
echo "Scanning $network.0/24..."
for ip in {1..254}; do
ping -c 1 -W 1 $network.$ip > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo "[+] Host alive: $network.$ip"
fi
done &
echo "Scan running in background"
Phase 10: Environment Variables
Manage system environment:
# View variables
env # All environment variables
echo $PATH # Specific variable
set | more # All variables
# Set variables (session)
export MYVAR="value" # Set and export
PATH=$PATH:/new/path # Append to PATH
# Permanent variables
echo 'export MYVAR="value"' >> ~/.bashrc
source ~/.bashrc # Reload
# Important variables
$HOME # Home directory
$PATH # Executable search path
$USER # Current username
$SHELL # Current shell
$PWD # Current directory
$HISTSIZE # History size
Quick Reference
Essential Commands
| Command | Purpose |
|---|---|
pwd |
Print working directory |
ls -la |
List all files detailed |
cd |
Change directory |
cat |
Display file contents |
grep |
Search text |
find |
Find files |
chmod |
Change permissions |
ps aux |
List processes |
kill |
Terminate process |
File Permissions
| Value | Permission |
|---|---|
| 7 | rwx |
| 6 | rw- |
| 5 | r-x |
| 4 | r-- |
| 0 | --- |
Network Commands
| Command | Purpose |
|---|---|
ifconfig |
Interface config |
ip addr |
Show IP addresses |
netstat -tuln |
Listening ports |
dig |
DNS lookup |
ping |
Test connectivity |
Constraints and Limitations
Permission Requirements
- Many commands require root/sudo
- File access depends on permissions
- Network operations may need elevated privileges
Best Practices
- Always backup before modifying system files
- Use test environments for learning
- Document changes made to systems
- Understand commands before executing
Troubleshooting
Permission Denied
Solutions:
- Use sudo for elevated privileges
- Check file permissions:
ls -la - Verify user group membership
- Check for immutable attributes
Command Not Found
Solutions:
- Check if package is installed
- Verify PATH includes command location
- Use full path to binary
- Install missing package