Linux Penetration Testing Fundamentals

Purpose

Master essential Linux skills for penetration testing including navigation, file manipulation, text processing, networking, process management, permissions, and bash scripting. Linux is the preferred platform for security professionals due to its flexibility, transparency, and extensive tool support.

Prerequisites

Required Environment

• Linux-based system (Kali Linux recommended)
• Terminal access
• Basic understanding of operating systems

Required Knowledge

• Basic command-line concepts
• File system understanding
• Networking fundamentals

Outputs and Deliverables

1. System Navigation - Efficient directory and file operations
2. Text Processing - Data extraction and manipulation
3. Network Configuration - Interface and DNS management
4. Automation Scripts - Custom bash tools

Core Workflow

Phase 1: Basic Navigation Commands

Essential commands for system navigation:

# Identify current location and user
pwd                     # Print working directory
whoami                  # Current user
id                      # User ID, group ID, groups

# Change directories
cd /path/to/directory   # Absolute path
cd ..                   # Parent directory
cd ~                    # Home directory
cd -                    # Previous directory

# List contents
ls                      # Basic listing
ls -l                   # Detailed listing
ls -la                  # Include hidden files
ls -lah                 # Human-readable sizes

# Get help
man <command>           # Manual page
<command> --help        # Help text
<command> -h            # Short help

Phase 2: File Operations

Create, copy, move, and delete files:

# Create files and directories
touch newfile.txt       # Create empty file
mkdir new_directory     # Create directory
mkdir -p path/to/dir    # Create nested directories

# Copy files
cp file.txt copy.txt    # Copy file
cp -r dir1 dir2         # Copy directory recursively
cp file.txt /dest/      # Copy to destination

# Move/rename files
mv file.txt newname.txt # Rename file
mv file.txt /dest/      # Move to destination
mv dir1 dir2            # Rename directory

# Remove files
rm file.txt             # Remove file
rm -r directory/        # Remove directory recursively
rm -rf directory/       # Force remove (dangerous!)
rmdir empty_directory/  # Remove empty directory

# View file contents
cat file.txt            # Display entire file
less file.txt           # Scrollable view
more file.txt           # Page-by-page view
head -n 20 file.txt     # First 20 lines
tail -n 20 file.txt     # Last 20 lines
tail -f logfile.log     # Follow log file

Phase 3: Searching and Finding

Locate files and search content:

# Find files
find / -name "filename" 2>/dev/null           # Find by name
find / -type f -name "*.txt" 2>/dev/null      # Find text files
find / -type d -name "logs" 2>/dev/null       # Find directories
find / -size +100M 2>/dev/null                # Files over 100MB
find / -mtime -7 2>/dev/null                  # Modified in 7 days
find / -perm -4000 2>/dev/null                # SUID files (privesc)
find / -user root -perm -4000 2>/dev/null     # Root SUID files

# Locate (uses database)
locate filename         # Fast search (database-based)
updatedb                # Update locate database

# Find binaries
which nmap              # Binary location in PATH
whereis nmap            # Binary, source, man page

# Search file contents
grep "pattern" file.txt              # Search in file
grep -r "pattern" /path/             # Recursive search
grep -i "pattern" file.txt           # Case insensitive
grep -v "pattern" file.txt           # Invert match
grep -n "pattern" file.txt           # Show line numbers
grep -E "regex|pattern" file.txt     # Extended regex

Phase 4: Text Manipulation

Process and transform text:

# Display with line numbers
nl file.txt             # Number lines
cat -n file.txt         # Number all lines

# Extract and cut
cut -d':' -f1 /etc/passwd      # First field, colon delimiter
cut -d',' -f1,3 file.csv       # Fields 1 and 3
awk '{print $1}' file.txt      # Print first column
awk -F: '{print $1}' /etc/passwd  # Custom delimiter

# Sort and unique
sort file.txt           # Sort lines
sort -r file.txt        # Reverse sort
sort -n file.txt        # Numeric sort
uniq file.txt           # Remove duplicates
sort file.txt | uniq    # Sort then unique
sort file.txt | uniq -c # Count occurrences

# Search and replace
sed 's/old/new/g' file.txt      # Replace all occurrences
sed -i 's/old/new/g' file.txt   # In-place replacement
sed -n '5,10p' file.txt         # Print lines 5-10
sed '1,5d' file.txt             # Delete lines 1-5

# Word count
wc file.txt             # Lines, words, bytes
wc -l file.txt          # Count lines
wc -w file.txt          # Count words

# Piping and redirection
command1 | command2     # Pipe output
command > file.txt      # Redirect to file (overwrite)
command >> file.txt     # Append to file
command 2>/dev/null     # Discard errors
command 2>&1            # Stderr to stdout

Phase 5: Permissions and Ownership

Manage file access control:

# View permissions
ls -l file.txt          # Show permissions
# Format: -rwxrwxrwx (type, owner, group, others)

# Change permissions (numeric)
chmod 755 file.txt      # rwxr-xr-x
chmod 644 file.txt      # rw-r--r--
chmod 777 file.txt      # rwxrwxrwx (dangerous!)
chmod 600 file.txt      # rw------- (secure)

# Change permissions (symbolic)
chmod +x file.txt       # Add execute for all
chmod u+x file.txt      # Add execute for owner
chmod g+w file.txt      # Add write for group
chmod o-r file.txt      # Remove read for others
chmod u=rw,g=r file.txt # Explicit assignment

# Change ownership
chown user file.txt           # Change owner
chown user:group file.txt     # Change owner and group
chown -R user directory/      # Recursive ownership
chgrp group file.txt          # Change group only

# Special permissions
chmod 4755 file.txt     # SUID (setuid)
chmod 2755 directory    # SGID (setgid)
chmod 1755 directory    # Sticky bit

Permission values:

• 4 = Read (r)
• 2 = Write (w)
• 1 = Execute (x)

Phase 6: Network Management

Configure and analyze network settings:

# View network interfaces
ifconfig                # All interfaces (legacy)
ip addr                 # Modern alternative
ip link                 # Interface status

# Change IP address
ifconfig eth0 192.168.1.100 netmask 255.255.255.0
ip addr add 192.168.1.100/24 dev eth0

# Spoof MAC address
ifconfig eth0 down
ifconfig eth0 hw ether 00:11:22:33:44:55
ifconfig eth0 up
# Or: macchanger -r eth0

# DHCP client
dhclient eth0           # Request IP from DHCP

# DNS resolution
dig example.com         # DNS lookup
dig example.com mx      # Mail servers
dig example.com ns      # Name servers
nslookup example.com    # Alternative lookup

# Change DNS server
echo "nameserver 8.8.8.8" > /etc/resolv.conf

# Host file mapping
nano /etc/hosts
# Add: 192.168.1.100 fake.domain.com

# Test connectivity
ping -c 4 target.com    # 4 ping packets
traceroute target.com   # Trace route
netstat -tuln           # Listening ports
ss -tuln                # Modern alternative

Phase 7: Process Management

Control running processes:

# View processes
ps                      # Current session
ps aux                  # All processes, all users
ps aux | grep nmap      # Filter by name
top                     # Interactive process view
htop                    # Enhanced interactive view

# Process control
kill <PID>              # Terminate process
kill -9 <PID>           # Force kill
killall processname     # Kill by name
pkill -f pattern        # Kill by pattern

# Background processes
command &               # Run in background
jobs                    # List background jobs
fg %1                   # Bring job 1 to foreground
bg %1                   # Resume job 1 in background
Ctrl+Z                  # Suspend current process

# Priority management
nice -n 10 command      # Start with lower priority
nice -n -10 command     # Start with higher priority (root)
renice 10 -p <PID>      # Change running process priority

Phase 8: Software Management

Install and manage packages:

# Debian/Ubuntu (apt)
apt update              # Update package lists
apt upgrade             # Upgrade packages
apt install <package>   # Install package
apt remove <package>    # Remove package
apt purge <package>     # Remove with config files
apt search <keyword>    # Search packages
apt-cache show <package> # Package info

# RHEL/CentOS (yum/dnf)
yum update              # Update packages
yum install <package>   # Install package
yum remove <package>    # Remove package
dnf install <package>   # Modern alternative

# From source/GitHub
git clone https://github.com/user/repo.git
cd repo
pip install -r requirements.txt
python setup.py install

Phase 9: Bash Scripting Basics

Create automation scripts:

#!/bin/bash
# Basic script structure

# Shebang - tells system to use bash
#!/bin/bash

# Comments
# This is a comment

# Variables
name="World"
echo "Hello, $name"

# User input
echo "Enter target IP:"
read target
echo "Scanning $target"

# Command substitution
current_date=$(date)
ip_address=$(hostname -I)

# Conditional statements
if [ -f /etc/passwd ]; then
    echo "File exists"
else
    echo "File not found"
fi

# Loops
for i in 1 2 3 4 5; do
    echo "Number: $i"
done

for file in *.txt; do
    echo "Processing: $file"
done

# While loop
while [ $count -lt 10 ]; do
    echo $count
    count=$((count + 1))
done

Example scanner script:

#!/bin/bash
# Simple network scanner

echo "Enter target network (e.g., 192.168.1):"
read network

echo "Scanning $network.0/24..."

for ip in {1..254}; do
    ping -c 1 -W 1 $network.$ip > /dev/null 2>&1
    if [ $? -eq 0 ]; then
        echo "[+] Host alive: $network.$ip"
    fi
done &

echo "Scan running in background"

Phase 10: Environment Variables

Manage system environment:

# View variables
env                     # All environment variables
echo $PATH              # Specific variable
set | more              # All variables

# Set variables (session)
export MYVAR="value"    # Set and export
PATH=$PATH:/new/path    # Append to PATH

# Permanent variables
echo 'export MYVAR="value"' >> ~/.bashrc
source ~/.bashrc        # Reload

# Important variables
$HOME                   # Home directory
$PATH                   # Executable search path
$USER                   # Current username
$SHELL                  # Current shell
$PWD                    # Current directory
$HISTSIZE               # History size

Quick Reference

Essential Commands

pwd

ls -la

cd

cat

grep

find

chmod

ps aux

kill

File Permissions

Network Commands

ifconfig

ip addr

netstat -tuln

dig

ping

Constraints and Limitations

Permission Requirements

• Many commands require root/sudo
• File access depends on permissions
• Network operations may need elevated privileges

Best Practices

• Always backup before modifying system files
• Use test environments for learning
• Document changes made to systems
• Understand commands before executing

Troubleshooting

Permission Denied

Solutions:

1. Use sudo for elevated privileges
2. Check file permissions:

   ls -la

3. Verify user group membership
4. Check for immutable attributes

Command Not Found

Solutions:

1. Check if package is installed
2. Verify PATH includes command location
3. Use full path to binary
4. Install missing package