Linux Basics for Penetration Testing

This beginner-friendly guide covers filesystem navigation, file permissions, shell scripting, and more!

Krit Karnjanakrajang

Krit Karnjanakrajang

|
Krit Karnjanakrajang

Krit Karnjanakrajang

Founder

A visionary leader with a passion for technology, He expertise in Business Analyst and AI integration helps the team deliver exceptional results on time, he leads the team towards transformative results.

Master the Essentials: Linux Basics for Penetration Testing
#Fundamental Concepts #Cybersecurity #Linux #Linux commands

Linux Basics for Penetration Testing

Linux is a foundational component of most penetration testing toolkits. Whether you are scanning networks, brute forcing services, analyzing logs, or scripting exploits, you’ll often rely on Linux environments—especially security-focused distributions such as Kali Linux or Parrot OS. Mastering basic Linux skills is invaluable for both defense and offense: if you don’t know how to navigate, configure, and secure a system, it becomes far more challenging to exploit or protect it.

This mini-course is designed to get you up to speed quickly on the essentials of Linux for penetration testing. Feel free to practice these commands in a virtual machine, lab environment, or any sandboxed system you have available. Let’s begin!

Module 1: Filesystem Navigation

1.1 Overview of Linux Filesystem Hierarchy

When you first log into a Linux system, you’re greeted by a shell (such as Bash or Zsh). From here, everything you see and interact with is organized into a hierarchical directory structure, starting with the root directory (/). Understanding which folders store configurations, logs, and executables is crucial, especially as a pentester who might need to investigate or manipulate them.

  • /: The root directory. Every other file and folder stems from here.

  • /bin: Contains essential user binaries (commands like ls, cat, etc.).

  • /sbin: Contains system binaries (often requires elevated privileges).

  • /etc: Main configuration files for the entire system (think /etc/passwd, /etc/shadow, etc.).

  • /var: Variable files like logs (/var/log), spools, caches, and more.

  • /home: Default user home directories.

  • /tmp: Temporary files, cleared often.

  • /usr: Contains user-installed software, libraries, and more.

For pentesting, knowledge of log locations (/var/log) and configuration files (/etc) can be critical to discovering system or application issues.

1.2 Essential Commands

  1. cd (change directory)

    • Usage: cd /path/to/directory

    • Example: cd /etc to move into the /etc directory.

  2. ls (list files/directories)

    • Usage: ls [options] [directory]

    • Example: ls -l /etc to list files in /etc with detailed information (permissions, owner, size, etc.).

  3. pwd (print working directory)

    • Usage: pwd

    • Shows you the full path to the directory you’re currently in.

1.3 Practical Exercises

  1. Navigating System Directories

    • Practice cd into various directories. Start with cd /var/log then cd /home and observe the output of pwd.

  2. Locating Important Pentesting Folders

    • Investigate /etc and /var/log. Use ls -l to see how files are organized. Look for configuration files like passwd and log files like syslog or auth.log.

Familiarizing yourself with these locations will help you quickly pivot during a pentest when you need to collect evidence or explore system configurations.

Module 2: File Manipulation

2.1 Basic File Operations

  1. cp (copy)

    • Usage: cp [options] source destination

    • Example: cp file.txt /tmp to copy file.txt to the /tmp directory.

  2. mv (move/rename)

    • Usage: mv [options] source destination

    • Example: mv oldname.txt newname.txt to rename a file, or mv script.sh /usr/local/bin to move script.sh into /usr/local/bin.

  3. rm (remove)

    • Usage: rm [options] file(s)

    • Example: rm -r folder/ to recursively remove a directory and its contents.

2.2 Safety Considerations

  • Using the -i or --interactive option with cp, mv, or rm can prompt you before overwriting or removing files:

    • rm -i file.txt will ask for confirmation before deleting file.txt.

  • Once a file is deleted in Linux (especially from the command line), recovery isn’t always straightforward. Always double-check before removing critical files.

2.3 Real-World Usage Scenarios

  1. Organizing and Relocating Scripts or Logs

    • Pentesters often create multiple scripts, reports, and logs. Keeping them organized in dedicated folders helps maintain a tidy work environment.

  2. Maintaining a Clean Lab Environment

    • After you finish experiments or tests, you might move or remove old log files to keep your VM environment uncluttered.

Module 3: Permissions and Ownership

3.1 Understanding File Permissions

Linux file permissions revolve around three main actions:

  • Read (r)

  • Write (w)

  • Execute (x)

Each file or directory has these permissions assigned for three groups of users:

  • Owner (the user who owns the file)

  • Group (the user group that owns the file)

  • Others (everyone else)

When you list files with ls -l, you’ll see something like -rwxr-xr--. This breaks down into:

  • - at the start: indicates a regular file (a d would indicate a directory).

  • rwx: Permissions for the owner (read, write, execute).

  • r-x: Permissions for the group (read, no write, execute).

  • r--: Permissions for others (read only).

3.2 Changing Permissions

  1. chmod (change mode)

    • Example with numeric mode: chmod 755 script.sh

      • 7 for owner (r+w+x), 5 for group (r+x), 5 for others (r+x).

    • Example with symbolic mode: chmod u+x script.sh

      • Adds execute (+x) permission to the owner (u).

3.3 Ownership and Groups

  1. chown (change owner)

    • Usage: sudo chown [new_owner] file

    • Example: sudo chown root script.sh changes the ownership of script.sh to root.

  2. chgrp (change group)

    • Usage: sudo chgrp [new_group] file

    • Example: sudo chgrp admin script.sh changes the group ownership of script.sh to the admin group.

3.4 Security Implications

  • Principle of Least Privilege: Only grant the minimum permissions necessary. This reduces the attack surface if someone compromises an account.

  • Preventing Unauthorized Access: Make sure sensitive files (like logs or critical configurations) are not world-writable or world-readable. This is crucial in pentesting to protect your own tools and logs from being manipulated.

Module 4: Practicing in a Linux VM

4.1 Choosing a Linux Distribution for Pentesting

  • Kali Linux: Arguably the most popular pentesting distro, comes pre-installed with numerous hacking tools.

  • Parrot OS: Similar to Kali, with extra privacy features.

  • Ubuntu: Not specialized for pentesting by default but excellent for learning; can be customized with the tools you need.

4.2 Basic Setup

Most people get started with virtual machines using software like VirtualBox or VMware. When installing:

  1. ISO Download: Obtain an official image of Kali, Parrot, or Ubuntu.

  2. Create a New VM: Allocate memory, virtual hard disk size, and choose an ISO.

  3. Network Configuration:

    • Bridged: The VM will be visible on your local network, which is helpful for network-based tests.

    • NAT: The VM is behind the host’s IP, often safer when practicing in unknown networks.

4.3 Maintaining the VM

  • Regular Updates and Upgrades: Keep your VM up to date with sudo apt update && sudo apt upgrade. Outdated systems can miss security patches or break certain tools.

  • Snapshots: Very useful. Before major system changes, take a snapshot. If something breaks, you can roll back quickly.

Module 5: Shell Scripting and Automation

5.1 Introduction to Bash Scripting

A Bash script is essentially a series of commands stored in a file that can be executed sequentially. The first line typically is:

#!/bin/bash

This tells the system to run the script with the Bash interpreter.

Basic structure:

#!/bin/bash  
# Variables 
NAME="PenTester"  

# Conditional Example  
if [ "$NAME" == "PenTester" ]; then
    echo  "Hello, $NAME!" 
fi  

# Loop Example  
for i in 1 2 3; do
    echo  "Number: $i" 
done

5.2 Common Automation Tasks

  • Updating and Upgrading the System: A single script that runs the necessary apt commands can save time if you’re managing multiple VMs.

  • Creating User Directories with Correct Permissions: Automate setting up new users or directories with mkdir, chown, and chmod.

  • Checking Service Status or Log Files: Scripts can be scheduled (via cron) to alert you if a crucial service goes down or if a log grows unexpectedly large.

5.3 Practical Exercises

  1. Write a Script to Bulk-Create Directories

    • Prompt the user for a directory name, then create a set of them: mkdir dir1 dir2 dir3.

  2. Write a Script to Install and Configure Common Tools

    • Automate installing nmap, netcat, and other pentesting essentials in one go.

Automation is your friend in pentesting. Scripts save time, reduce errors, and allow you to focus on high-level analysis.

Module 6: Linux Process Management

6.1 Monitoring Running Processes

  1. ps: Snapshot of current processes.

    • ps aux shows all running processes in detail.

  2. top: Real-time view of processes, CPU, and memory usage.

  3. htop: An enhanced, interactive version of top (not installed by default on some systems).

Process monitoring is critical for detecting malicious software or verifying if your own tools (e.g., Metasploit, password crackers) are running properly.

6.2 Controlling Processes

  • kill: Send a signal to a process to terminate it.

    • kill -9 <PID> (SIGKILL) forcibly stops a process.

  • killall: Kills processes by name, e.g., killall firefox.

  • pkill: Similar to killall but supports more flexible pattern matching, e.g., pkill -f "my_script.sh".

6.3 Process Lifecycle

Each running application or script is a process. When a process spawns another, it creates a child process using a fork/exec system call. In pentesting, you might examine these relationships to see if malicious processes are spawning from legitimate services.

6.4 Security Implications

  • Identifying Malicious or Rogue Processes: If you’re on a compromised system, you might discover processes running cryptocurrency miners, rootkits, or other unauthorized software.

  • Controlling Services on Compromised Systems: Knowing how to start, stop, or kill suspect processes is part of both incident response and post-exploitation activities.

Suggested Learning Path

  1. Start with Filesystem Navigation & File Manipulation (Modules 1 & 2)

    • Before you dive into advanced tasks, ensure you can comfortably move around the filesystem and handle files without risking accidental data loss.

  2. Learn Permissions (Module 3)

    • Understanding permissions is absolutely vital. Many Linux-based exploits revolve around misconfigurations like overly permissive directories or files.

  3. Set Up a Linux VM (Module 4)

    • Practice in a controlled environment. Make mistakes, break things, and then restore a snapshot. This is the best way to learn without risk to production systems.

  4. Shell Scripting (Module 5)

    • Efficiency is key. Writing scripts saves time during reconnaissance, scanning, enumeration, and reporting.

  5. Dive into Process Management (Module 6)

    • You’ll need to know how to monitor and control processes to detect anomalies or kill harmful services during a pentest.

Final Thoughts

Linux proficiency underpins your success in cybersecurity and penetration testing. The modules above aren’t just theoretical checklists; they represent critical skills you’ll use on a daily basis when analyzing systems, gathering evidence, and orchestrating complex attack vectors. A strong grasp of filesystem navigation, file permissions, script automation, and process management will empower you to explore a system thoroughly—whether you’re defending it or trying to break in.

As you progress, keep the security mindset front and center. Every command, file permission change, or script can introduce vulnerabilities if misused. Always aim to understand the implications behind every action. Learning in a virtual lab environment is a safe way to experiment, hone your skills, and gain confidence.

Next Steps:

  1. Practice Daily: Even if it’s just running a few commands, muscle memory is crucial.

  2. Build Scripts: Automate tasks you find yourself repeating.

  3. Install Specialized Tools: Tools like nmap, metasploit-framework, openvas, or wireshark to get familiar with more advanced pentesting workflows.

  4. Join Security Communities: Participate in forums or capture-the-flag (CTF) events where you’ll continually sharpen your knowledge.

By following this structured approach, you’ll establish a rock-solid foundation in Linux, setting the stage for more advanced pentesting topics such as network scanning, privilege escalation, exploit development, and forensic investigation. Good luck with your learning journey!

You now have a step-by-step roadmap to mastering the Linux basics essential for penetration testing.

Practical, hands-on experience is just as important as theoretical knowledge. Spin up a VM, try out these commands, break things, and learn from the process. As a pentester, curiosity and experimentation will be your best friends. Happy hacking!

Test Your Knowledge

  • What symbolic mode would you use to remove execute permission from "others" on a file?

  • In a penetration testing scenario, what is a potential risk of assigning 777 permissions to a script?

  • Which command terminates all instances of a process named python3?

  • What is the correct command to create a snapshot of a VirtualBox VM named PentestLab?

  • Which command would you use to find all .log files inside /var/log?
Share:
Tweet or X? Share on Facebook Share via WhatsApp Share via Telegram Share via email

← Previous Post

Packet Analysis & Network Scanning

Next Post →

Linux Basic Network Management

Latest Posts

See all posts