Basic Linux Commands (Cheatsheet)

Working with the Bash-Shell / Terminal / Command-Line-Interface (CLI) is fundamental if you want to use Linux to it’s full potential. A lot of tools and programs that are necessary for solving CTF-Challenges – or exploring Linux in general – only work through the shell. Its faster (if you know what you’re doing) and uses less system resources than Graphical User Interfaces (GUI).

(Nice little side-effect: All of your friends will believe you’re one kind of a hacker if they see you using the Shell.)

1. pwd – Print Working Directory

The ‘pwd’ command returns the current directory (or Folder) you’re in as an absolute path, starting at root. If you just started up your shell, the pwd command should return /home/yourusername. Useful command if you want to know where you are.

2. cd – Change Directory

The ‘cd’ command is used to change the present working directory. You have five main choices to do so.

cd directoryname – changes into the next (deeper) directory.
cd .. – by using the ‘..’ you change into the next higher directory, f.e. if used in /fullpath/XYZ , the directory changes into /fullpath
cd /fullpath/XYZ – changes working directory to the XYZ directory.
cd ~/path – the ‘~/’ is a placeholder for your home/user directory. Starting from there you can specify the path you want.
cd / takes you directly to your root-directory.

3. ls – Lists the content of the Directory / Folder

The ‘ls’ command returns the content of the current directory and lists every item inside of it. To get even more informations about the contents use the additional Tag -la (‘ $ls -la‘). This also returns a list of the permissions, owners and size associated with every file.

‘$ls -R‘ will return the filenames inside of sub-directories as well.

4. clear

If something went wrong, and you want to start over with an empty shell you don´t have to start a new instance. Simply use the ‘$clear ‘ command. Alternatively you can use ‘ctrl’ + ‘l’ for the basically same effect. But while ‘clear’ flushes down everything you’ve done at the terminal, the ‘ctrl’ + ‘l’ just hides your last work so you can still scroll up to have a look if you need to.

5. cat – concatenate

The ‘cat’ – command is one of the most frequently used commands in Linux-Shell. It allows you to create files, view contents of a file, redirect outputs into the terminal or files and concatenates / merge files – Everything on the fly.

$cat filename – prints out the content of a file, you can type in multiple filenames. ‘cat’ will show them all.
$cat -n filename – prints out the file with line numbers in front.
$cat > newfile – will create a new file and keeps it open. You can write to the file right from the Terminal. If you stop the command using ‘ctrl’ + ‘c’ it will save
$cat file1 > file 2 – copies content of file1 into file2. OVERWRITES CONTENT IN FILE 2
$cat file1 >> file2 – copies content of file1 into file2 and appends the contents
$cat file1 file2 file3 > MergedFile – merges all of the stated file into a new one.
$cat *.txt – prints out all text files in a directory.
$cat file1 | more – For really long files. Prints out the content that fits inside your Terminal . Asks if you want to see more.

6. cp – copy files

$cp FileToCopy.txt home/user/destination – is used to copy files to a different directory.

7. mkdir – Make a new directory

$mkdir Foldername – creates a new (sub-)directory in your current location. To create it inside another location use the path to do so. – > $ mkdir Pictures/Foldername

8. rmdir – remove a directory

$rmdir DirectoryToBeRemoved – removes the stated directory. Unfortunately this only works with an empty directory.

9. rm – removes files and directories. – Recursive!

Removes directories and the contents within them. If you only want to remove a directory (alternative to rmdir) you can use $rm -r

BE CAREFUL USING THIS! There is no undo function. Double check your target and working directory before you hit enter.

10. mv – move (and rename)!

The ‘mv’ – command is used to move files from one directory to another. Achieved by the syntax

$mv filename /destination/you/desire a file gets moved. You can rename the file in the same step.
$mv oldname newname renames the file right on the spot.

11. touch

The ‘touch’- command creates a blank new file.
$touch /home/user/Documents/program.py creates an empty program.py projectfile

12. sudo (SuperUserDo / SubstituteUserDo)

The sudo command allows you to gain temporary SuperUser / Root permissions for actions like installing a new application or modifying certain system files. As it is – for security reasons – not recommended to work as root all the time, sudo will help you if you get permission errors.

13. grep

The grep command is very useful to find certain strings/words inside a big amount of data or inside of data streams. You’ll probably use it very often and it will make your life much easier.

$grep whatyouarelookingfor filename will return each line from the given file that contains the word you are looking for. To use it on a running program / datastream you can pipe it out.

f.e. $python3 program.py | grep resultX will only return and print out the lines that contain the resultX

14. locate

$locate filename works just like the search function in windows. The command searches your filesystem for matches of the given word and prints the location out. The function itself is case sensitive. If you want it to be case insensitive you can use the parameter -i. If you dont know exactly how the file is named or you only know certain parts of the name you can use the asterisk >> * << as wildcard symbol.

f.e. $locate -i *book* will find you the file ‘bookstore’ as well as the file ‘schoolbook’ while *book would only get you schoolbook.

As the command locate will deliver every find of a given string (even if it´s in the location variable (and that happens a lot!) you can specify your search for a basename with the parameter -b. That restricts the search to the actual filenames.

If you did create a file just yet and can’t find it via the ‘locate’ command try updating your internal database first. You can do this with ‘sudo updatedb’

15. find

The “find” command is far more specific then the “locate”– command. It allows you to search by file, directory / folder name, creation date, modification date, owner and permissions. Additionally the find command allows the user to perform commands on the found files by using the -exec parameter. Note: If you specify a certain directory for your search, the find-command will also search in existing subdirectories.

General Syntax:
$find [Where to search] [expression that determines what to find] [-options] [what to find]

$find ./YourDirectory -name ExampleFile.txt – Search for ExampleFile in the directory /home (To search for filetypes, you can use the Wildcard-Symbol (Asterisk) – f.e. *.txt instead of ExampleFile.txt)
$find ./YourDirectory -empty – Search for empty files of directories.
$find ./Your directory -perm 600 – Search for files that only the owner (or root) can read / write and execute (See my command-cheatsheet number 19 for more insights on the permission side of things.)

$find ./ -type f -name “*.txt” -exec grep ‘picoCTF’ { } ; – This command searches in multiple files (inside the current working directory) that end with ‘.txt’ and prints out every line, that contains the term ‘picoCTF’ – very useful for CTF-Challenges.
$find ./YourDirectory -name FileToDelete.txt -exec rm -i {} ; . removes all files with the name ‘FileToDelete.txt’ inside the given directory / folder

important other parameters (for a reminder):-user Username – Search for files owned by user Username-newer file – Search for files that are newer (modified / created after) than the specified file.

16. man (manual)

The ‘man’ command calls / opens the manual of the Module / Function you are specifying. Very helpful if you don´t know the syntax or possible parameters of commands. f.e. $man echo

17. wc (word count)

The ‘wc’ command is used for counting the words, characters, bytes etc. of a file. Without any parameters the wc command returns :

$wc YourFileName
> x y z YourFileName – with x for number of lines, y for number of words and z for number of bytes.
The most common Parameters are:
$wc -l YourFileName — prints only the numbers of lines in a file
$wc -w YourFileName — prints only the numbers of words in a file
$wc -c YourFileName — prints the count of bytes in a file
$wc – m YourFileName — prints the count of characters in a file
$wc -L YourFileName — prints the Length of the longest line in the given file.

18. echo

The ‘echo’ command is used to display / print out lines of text that get´s passed in behind the ‘echo’. Useful for Shell-scripts or bash-files.

$echo ‘this is an example’
>this is an example

19. chmod

‘chmod’ is used to change the read/write/execute permissions of a file. To check the actual Permissions you can use the list command $ls -l . This returns a list of all files inside of an directory with the information about the file permissions. The ‘chmod’ command is a tool that should be used carefully. If you do set permissions wrong someone unintended could gain access to your private files. There are a lot of useful and more detailed tutorials on this command out there. Here, i’ll cover the most basic and important ones.

How to read file permissions:
The ‘ls -l’ command returns strings like “-rwxrwxrwx” for every file. Mentally you can split this up into groups of 3 characters each. f.e. ‘- rwx | rwx | rwx’
The first group of three symbolizes the permissions for the fileowner (user permissions)
The second / middle group of three symbolize the permissions of the file’s group (group permissions )
The last group of three symbolizes the permissions for everyone else that is not in one of the two groups before. ( other permissions)

r stands for reading permission , w stands for writing permission and x stands for execution permission . If the user is allowed to read a file but is not allowed to write or execute a file the user permission would be ‘ r– ‘ with ‘-‘ symbolzing that the corresponding rights (w/x) are missing. Note: Filepermissions like ‘–x’ are possible! You can’t read or write to a file but you can execute it.

Change Permissions for the FileOwner

chmod +rwx FileName/DirectoryName – adds read/write/execute permissions for the owner
chmod –rwx FileName/DirectoryName – removes all rights for the owner
chmod + x FileName/DirectoryName – adds only the execute permission for the owner
chmod –wx FileName/DirectoryName – removes the write / execute permission for the owner
chmod g+w FileName/DirectoryName – adds write permission for the group
chmod g-wx FileName/DirectoryName – remowes write /execute permission for the group
cmod o- wx FileName/DirectoryName – removes write /execute permission for others
chmod o+r FileName/DirectoryName – adds read permission for others. To add / remove permissions for everyone you can use ‘chmod ugo+rwx’ or ‘chmod a+rwx’ – ugo stands for users, group, others and a for all 

feel free to experiment!

You can also change permissions by using numeric codes.
0 – No permissions = —
1 – Execute = –x
2 – Write = -w-
3 – Write /execute = -wx
4 – Read = r–
5 – Read /Execute = r-x
6 – Read /Write = rw-
7 – all Permissions = rwx

f.e. $chmod 777 FileName – hands read/write/execute permissions to everyone while $chmod 700 FileName hands those permissions only to the user!

20. chown / chgrp

Changes the ownership of a file (chown) or the the group of a file (chrgp) – Note: The user / group has to exist before you use those commands.

General Syntax:
$chown [Username] [FileName / DirectoryName]
f.e. $chown Even FileName/Directoryname – The user Even should be the Owner of the file now.
$chgrp [groupname] [Filename / DirectoryName]
f.e. $chgrp friends Filename/DirectoryName – now the file should belong to the group ‘friends’

21. strings

Returns the the contents / strings of a normally unreadable binary/executable file. The usage is quite easy:

$strings filename – prints out the strings that are (via default) 4 characters long or longer. If you want to search for shorter or longer strings, you can use the parameter -n x with x being the corresponding number.
f.e. §strings -n 6 Filename will return only strings that are made out of 6 characters or more.

Other useful parameters:

$strings -o filename – also returns the file offset of the displayed string (where the string is located inside of the file!)
$strings filename | less – if the output lenght is to big for your stdout you can use the less operator. It will enable you to scroll through the results.
$strings -w Filename – includes whitespaces as part of the strings you find. Very useful if the strings command is expected to extract whole sentences from a given file.

22. tee

‘tee’ is used to write the output of a Script / Command simultaneously to the Shell itself and to another (or even more) file(s). Make sure to separate the tee command by using the pipe (|)!f.e. python3 pythonscriptwithoutput.py | tee output1.txt output2.txtwrites the output to the stdout (in this case the shell itself) and to both files output1 and output2! As the standard ‘tee’ command overwrites the contents of the specified files you can use the parameter -a to append the output to the end of any specified file.

23. whoami – who am i?

The ‘whoami’ command returns the account that is currenty directing the shell.

$whoami > YourCurrentUser
$sudo whoami  > root

24. tree

The ‘tree’ command is useful to get a clear overview on the structure of the filesystem , starting at your present working directory. It prints out the files and subdirectories of your pwd and does that subsecquently / recursively and structured for every subdirectory included. It also returns a summary of the total number of sub-directories and files!

If you want to use tree in a directory that needs permissions you can do that by using sudo tree.

$tree
> tree diagram of your current directory and its sub-directories.

That alone is handy but tree comes with a set of useful parameters. To use them you can append them to your command as usual:

$tree [-parameter] 
-a   –> also lists hidden files / directories
-f  –> if the tree diagram should contain the full path for every file / directory it returns use this.
-d –> returns only the directories and sub-directories. Ignores the files.
-L x  –> specifies the depth of the tree command. x is the amount of directories that should be displayed. f.e. $tree -L 2 will return only the contents of your present directory and the first subdirectories! (Depth of 2)
-P searchpattern –> Attention: The P is Uppercase! – displays only the files / directories that match the specified pattern. Very useful if used with the wildcard operator (*) f.e.: ‘$tree -P note*’ will return everything that contains the pattern note* (like files named notepad etc.)
–prune –> shortens the output and removes empty files and directories.
-p –> (Lowercase p) – lists the filetype and permissions for every displayed file. This can be combined with the -u and the -g parameter. The -u parameter also returns the user that owns the file while -g returns the group. Can be combined by using –pug.
-s / -h  –> displays the filesize in the tree. While -s returns the bytesize, -h can be used to output the filesize in an human readable form with the suffix K (Kilobytes), M (Megabytes), G (Gigabytes) etc…
-D –>optional parameter that also returns Date of the last Modification of an Entry.
–du –> displays the accumulated size of every directory with all it´s subdirectories and files included. Runs recursively over every listed directory inside the tree diagram.

–o –> Very useful to redirect the output of the tree command into a file for later inspection. Use it like ‘$tree -o redirected_tree.txt’

This is the End of my Cheatsheet for now. If you think i missed something feel free to contact and / or correct me!

General Knowledge:

‘ctrl’ + ‘c’ terminates running Programs. ‘ctrl’ + ‘z’ just pauses them – useful if you made silly mistakes like creating infinite loops in a function call or printing out 100000000 line of text inside the shell.

To copy something inside the shell you have to use ‘shift’ + ‘ctrl’ + ‘c’ instead of the common ‘shift’ +’c’. To paste something you have to use ‘shift’ +’ctrl’ +’v’.

Wherever it is possible: use the Tabulator key to auto-complete filenames and directorynames. Makes life so much easier.

To execute an executable file if you are in the same directory as your targetes executable you cannot just type in the filename. Instead use the syntax ./filename.

If you get a very long output and you don’t want to scroll all the way up / down you can simply jump to the beginning or the end of the output with the ‘<‘ and ‘>’ keys.