Commands in Linux - CSU1899 - Shoolini U

Practical 2: 30 Commands of Linux Operating System

2. 30 Commands of Linux Operating System

ls

The ls command is used to list the contents of a directory. It displays the names of files and directories within the current or specified directory. This command can be enhanced with options such as -l for a detailed listing and -a to include hidden files. It is widely used for navigation and file management in Unix/Linux systems.

ls
Output of ls command
Figure 2.1.1: Output of ls command

lscpu

The lscpu command is a powerful utility used to display detailed information about the CPU architecture of a system. It provides details such as the CPU architecture type, operational modes (32-bit or 64-bit), byte order, number of CPUs, threads per core, cores per socket, and vendor-specific information like the CPU model name and family. This command is helpful for system administrators, developers, or users performing system performance analysis or hardware compatibility checks.

lscpu
Output of lscpu
Figure 2.2.1: Output of lscpu

lsblk

The lsblk command displays detailed information about block devices, such as hard drives, SSDs, and partitions. It provides a tree-like structure showing the device names, types, sizes, and mount points. This command is useful for analyzing storage configurations and managing disk partitions.

lsblk
Output of lsblk command
Figure 2.3.1: Output of lsblk

lspci -tv

The lspci -tv command is used to display detailed information about PCI devices connected to the system in a tree-like structure. It provides a hierarchical view of devices such as graphics cards, network cards, and other PCI-compliant hardware. This command is useful for diagnosing hardware configurations or troubleshooting issues related to PCI devices.

lspci -tv
Output of lspci -tv
Figure 2.4.1: Output of lspci -tv

lshw

The lshw command is used to list detailed information about the hardware configuration of a system. It provides insights into CPU, memory, disks, and other hardware components, making it a valuable tool for system analysis and troubleshooting.

lshw
Output of lshw
Figure 2.5.1: Output of lshw

cat /proc/cpuinfo

The cat /proc/cpuinfo command displays detailed information about the CPU, including its model, vendor ID, speed, cache size, and number of cores. It reads directly from the system's /proc virtual file system to provide accurate hardware data.

cat /proc/cpuinfo
Output of cat /proc/cpuinfo
Figure 2.6.1: Output of cat /proc/cpuinfo

cat /proc/meminfo

The cat /proc/meminfo command provides detailed information about system memory, including total available memory, free memory, and memory usage by the kernel. It is helpful for monitoring system performance and debugging memory-related issues.

cat /proc/meminfo
Output of cat /proc/meminfo
Figure 2.7.1: Output of cat /proc/meminfo

cat /proc/mounts

The cat /proc/mounts command lists all mounted file systems along with details such as the mount point, file system type, and mount options. It is useful for understanding current storage configurations and diagnosing file system issues.

cat /proc/mounts
Output of cat /proc/mounts
Figure 2.8.1: Output of cat /proc/mounts

free -h

The free -h command displays the system's memory usage in a human-readable format. It shows total, used, free, and available memory, providing a quick overview of memory allocation for performance monitoring.

free -h
Output of free -h
Figure 2.9.1: Output of free -h

sudo dmidecode

The sudo dmidecode command retrieves hardware information directly from the system's BIOS. It provides details about components such as the processor, memory, and system manufacturer, making it essential for hardware diagnostics and inventory management.

sudo dmidecode
Output of sudo dmidecode
Figure 2.10.1: Output of sudo dmidecode

df -h

The df -h command displays disk space usage for all mounted file systems in a human-readable format. It shows details such as total space, used space, available space, and usage percentage for each file system.

df -h
Output of df -h
Figure 2.11.1: Output of df -h

du -sh [directory_name]

The du -sh [directory_name] command shows the disk space used by a specified directory in a summarized and human-readable format. It is helpful for quickly identifying storage usage by directories.

du -sh [directory_name]
Output of du -sh
Figure 2.12.1: Output of du -sh

ps

The ps command lists the currently running processes for the current user in the terminal. It provides details such as process IDs, terminal identifiers, and CPU usage statistics.

ps
Output of ps
Figure 2.13.1: Output of ps

ps aux

The ps aux command lists all running processes on the system, including those from other users and without controlling terminals. It is a comprehensive view of system activity and resource utilization.

ps aux
Output of ps aux
Figure 2.14.1: Output of ps aux

top

The top command displays a dynamic real-time view of running processes, sorted by resource usage. It includes information on CPU, memory usage, process IDs, and user details.

top
Output of top
Figure 2.15.1: Output of top

htop

The htop command provides an interactive and user-friendly way to monitor system processes and resources. It displays CPU, memory, and swap usage, allowing users to manage processes directly from the interface.

htop
Output of htop
Figure 2.16.1: Output of htop

which [command]

The which [command] command searches for the executable file of a given command in directories listed in the $PATH environment variable. It is useful for identifying the location of command binaries.

which [command]
Output of which command
Figure 2.17.1: Output of which command

whereis [command]

The whereis [command] command locates the binary, source code, and manual page of a given command. It is helpful for quickly finding all related files for a command.

whereis [command]
Output of whereis command
Figure 2.18.1: Output of whereis command

mkdir [directory_name]

The mkdir [directory_name] command creates a new directory with the specified name. It is commonly used for organizing files and structuring directories.

mkdir [directory_name]
Output of mkdir command
Figure 2.19.1: Output of mkdir

rm [file_name]

The rm [file_name] command removes the specified file from the file system. Use caution as deleted files cannot be recovered without backups.

rm [file_name]
Output of rm command
Figure 2.20.1: Output of rm

cp [source_file] [destination_file]

The cp [source_file] [destination_file] command copies the contents of the source file to the destination file. It can also be used to copy directories using the -r flag.

cp [source_file] [destination_file]
Output of cp command
Figure 2.21.1: Output of cp

mv [source_file] [destination_file]

The mv [source_file] [destination_file] command moves a file to a new location or renames it. It is useful for reorganizing files and directories.

mv [source_file] [destination_file]
Output of mv command
Figure 2.22.1: Output of mv

touch [file_name]

The touch [file_name] command creates a new, empty file with the specified name. It can also be used to update the timestamp of an existing file.

touch [file_name]
Output of touch command
Figure 2.23.1: Output of touch

cat [source_file] >> [destination_file]

The cat [source_file] >> [destination_file] command appends the contents of the source file to the destination file without overwriting its existing content.

cat [source_file] >> [destination_file]
Output of append using cat
Figure 2.24.1: Output of cat append

sed 's/[old_string]/[new_string]/g' [file_name]

The sed 's/[old_string]/[new_string]/g' [file_name] command uses the stream editor to search and replace all occurrences of [old_string] with [new_string] in a file.

sed 's/[old_string]/[new_string]/g' [file_name]
Output of sed command
Figure 2.25.1: Output of sed

curl -o [filename] [url]

The curl -o [filename] [url] command downloads the contents of the specified URL and saves it to the specified file. It is commonly used to fetch files from the internet.

curl -o [filename] [url]
Output of curl command
Figure 2.26.1: Output of curl

head [file_name]

The head [file_name] command displays the first ten lines of a file. It is useful for quickly viewing the beginning of a file.

head [file_name]
Output of head command
Figure 2.27.1: Output of head

tail [file_name]

The tail [file_name] command displays the last ten lines of a file. It is useful for monitoring logs and checking recent updates in files.

tail [file_name]
Output of tail command
Figure 2.28.1: Output of tail

gpg -c [file_name]

The gpg -c [file_name] command encrypts a file using GPG symmetric encryption. It prompts the user to enter a passphrase to secure the file, making it useful for protecting sensitive information.

gpg -c [file_name]
Output of gpg -c
Figure 2.29.1: Output of gpg -c

gpg [file_name].gpg

The gpg [file_name].gpg command decrypts an encrypted .gpg file. It prompts the user to enter the passphrase used during encryption. This command is essential for accessing the contents of a file secured using GPG encryption.

gpg [file_name].gpg
Output of gpg decryption command
Figure 2.30.1: Output of gpg decryption

Command Justifications for Ethical Hacking

1. ls - List directory contents

Use Case: Enumerating files and directories on a compromised system to understand its structure.

Practical Example: After gaining access to a remote shell, you can list sensitive files like credentials or configuration files.

2. lscpu - View CPU information

Use Case: Gathering information about the target system's architecture for crafting optimized payloads or exploits.

Practical Example: Identifying the CPU type to determine whether the system runs a vulnerable version of specific software.

3. lsblk - View block devices

Use Case: Identifying mounted drives and storage devices to locate critical data.

Practical Example: Knowing which drives contain sensitive data helps attackers focus their efforts during post-exploitation.

4. lspci -tv - Display PCI devices

Use Case: Determining hardware like network cards to exploit vulnerabilities specific to those devices.

Practical Example: Identifying a vulnerable network card for a direct hardware attack.

5. lshw - List hardware details

Use Case: Gathering comprehensive hardware information to understand the target environment better.

Practical Example: Identifying specific hardware setups that could have weak security configurations.

6. cat /proc/cpuinfo - View CPU details

Use Case: Similar to lscpu, for gathering CPU details to optimize attacks.

Practical Example: Using this data to determine how to escalate privileges based on system architecture.

7. cat /proc/meminfo - View memory details

Use Case: Checking available memory to execute large payloads or resource-intensive attacks.

Practical Example: Ensuring sufficient RAM is available for running large malware scripts.

8. cat /proc/mounts - View mounted filesystems

Use Case: Identifying critical file systems for data exfiltration or tampering.

Practical Example: Locating filesystems like /boot or /home for further exploitation.

9. free -h - Check memory usage

Use Case: Evaluating system load and memory availability before launching resource-intensive attacks.

Practical Example: Ensuring the system can handle a DoS attack without immediate crashes.

10. sudo dmidecode - Display BIOS information

Use Case: Accessing hardware and BIOS information to exploit firmware vulnerabilities.

Practical Example: Finding a specific manufacturer’s BIOS flaw to gain persistence.

11. df -h - Disk usage

Use Case: Checking disk space to determine storage availability for malicious uploads or tools.

Practical Example: Ensuring there’s enough disk space for data exfiltration.

12. du -sh [directory] - Disk usage of a directory

Use Case: Identifying large directories that might contain important or sensitive files.

Practical Example: Scanning the largest directories for further reconnaissance.

13. ps - Show running processes

Use Case: Enumerating processes to find weak or exploitable services.

Practical Example: Identifying processes like mysql or httpd for exploitation.

14. ps aux - Detailed process list

Use Case: Similar to ps, but with more detailed information on each process.

Practical Example: Finding processes running as root for privilege escalation opportunities.

15. top - System resource monitor

Use Case: Monitoring system load and identifying high-priority processes to target.

Practical Example: Spotting resource-heavy applications that might be easier to attack.

16. htop - Interactive process viewer

Use Case: Provides a user-friendly view of processes for analysis.

Practical Example: Identifying resource-intensive processes for exploitation.

17. which [command] - Locate command path

Use Case: Ensuring required tools are available on the system.

Practical Example: Checking for binaries like netcat or nmap for further attacks.

18. whereis [command] - Locate binaries

Use Case: Similar to which, used for locating specific binaries and their associated files.

19. mkdir, rm, cp, mv - File operations

Use Case: Basic operations to manage files or directories during an attack.

Practical Example: Creating directories to store exfiltrated data or moving files to hide activities.

20. cat, sed - View or modify file content

Use Case: Reading and altering files to tamper with logs or configurations.

Practical Example: Modifying configuration files to create backdoors.

21. curl - Download from the internet

Use Case: Fetching malicious scripts or tools from remote servers.

Practical Example: Downloading an exploit payload during a live attack.

22. gpg - Encrypt/decrypt files

Use Case: Encrypting sensitive stolen data for secure exfiltration.

Practical Example: Encrypting data before uploading to a remote server.

10. Commands of Linux Operating System

Sl. no. Command Description
ls List directory contents
lscpu See CPU information.
lsblk See information about block devices.
lspci -tv Show PCI devices (graphics card, network card, etc.) in a tree-like diagram.
lshw List hardware configuration information.
cat /proc/cpuinfo Show detailed CPU information.
cat /proc/meminfo View detailed system memory information.
cat /proc/mounts See mounted file systems.
free -h Display free and used memory.
sudo dmidecode Show hardware information from the BIOS.
df -h Display disk space usage.
du -sh [directory_name] See the disk space used by a directory.
ps Show running processes.
ps aux Show all running processes.
top Display all running processes.
htop Monitor system resources.
which [command] Search the command path in the $PATH environment variable.
whereis [command] Use the whereis command to find the source, binary, and manual page for a command.
mkdir [directory_name] Create a new directory.
rm [file_name] Remove a file.
cp [source_file] [destination_file] Copy the contents of one file to another file using the cp command.
mv [source_file] [destination_file] Move or rename files or directories.
touch [file_name] Create a new file using touch.
cat [file_name] Show the contents of a file.
cat [source_file] >> [destination_file] Append file contents to another file.
sed 's/[old_string]/[new_string]/g' [file_name] Replace text in a file using the sed command.
curl -o [filename] [url] Store the contents of url from internet to a file.
head [file_name] Show the first ten lines of a file.
tail [file_name] Show the last ten lines of a file with the tail command.
gpg -c [file_name] Encrypt a file.
gpg [file_name].gpg Decrypt an encrypted .gpg file.