/

/boot /home /proc /dev /sbin /usr

Kernel User View of Special Binaries
image directories internal device files
kernel data /sbin
More
binaries
/root /etc /mnt /sys /bin /lib /bin /lib
Superuser’s System General- Kernel’s Binaries Libraries More More
home configuration purpose view of the binaries libraries
directory files mount point hardware

Figure 1-4: The Linux filesystem

The root (/) of the filesystem is at the top of the tree, and the following
are the most important subdirectories to know:
/root The home directory of the all-powerful root user
/etc Generally contains the Linux configuration files—files that con-
trol when and how programs start up
/home The user’s home directory
/mnt Where other filesystems are attached or mounted to the
filesystem
/media Where CDs and USB devices are usually attached or mounted
to the filesystem
/bin Where application binaries (the equivalent of executables in
Microsoft Windows or applications in macOS) reside
/lib Where you’ll find libraries (shared programs that are similar to
Windows DLLs)
We’ll spend more time with these key directories throughout this book.
Understanding these first-level directories is important to navigating through
the filesystem from the command line.
It’s also important to know before you start that you should not log in
as root when performing routine tasks, because anyone who hacks your
system (yes, hackers sometimes get hacked) when you’re logged in as root
would immediately gain root privileges and thus “own” your system. Log in
as a regular user when starting regular applications, browsing the web, run-
ning tools like Wireshark, and so on. For the practice you’ll do in this book,
staying logged in as root should be fine.

Basic Commands in Linux

To begin, let’s look at some basic commands that will help you get up and
running in Linux.

Getting Started with the Basics 5

 Finding Yourself with pwd
Unlike when you’re working in a graphical user interface (GUI) environ-
ment like Windows or macOS, the command line in Linux does not always
make it apparent which directory you’re presently in. To navigate to a new
directory, you usually need to know where you are currently. The present
working directory (or print working directory) command, pwd, returns your
location within the directory structure.
Enter pwd in your terminal to see where you are:

kali >pwd
/root

In this case, Linux returned /root, telling me I’m in the root user’s
directory. And because you logged in as root when you started Linux, you
should be in the root user’s directory, too, which is one level below the top
of the filesystem structure (/).
If you’re in another directory, pwd will return that directory name
instead.

Checking Your Login with whoami

In Linux, the one “all-powerful” superuser or system administrator is named
root, and it has all the system privileges needed to add users, change pass-
words, change privileges, and so on. Obviously, you don’t want just anyone
to have the ability to make such changes; you want someone who can be
trusted and has proper knowledge of the operating system. As a hacker,
you usually need to have all those privileges to run the programs and com-
mands you need (many hacker tools won’t work unless you have root privi-
leges), so you’ll want to log in as root.
If you’ve forgotten whether you’re logged in as root or another user, you
can use the whoami command to see which user you’re logged in as:

kali >whoami
root

If I had been logged in as another user, such as my personal account,

whoami would have returned my username instead, as shown here:

kali >whoami
OTW

Navigating the Linux Filesystem

Navigating the filesystem from the terminal is an essential Linux skill. To
get anything done, you need to be able to move around to find applications,
files, and directories located in other directories. In a GUI-based system,
you can visually see the directories, but when you’re using the command

6 Chapter 1
line interface, the structure is entirely text based, and navigating the file-
system means using some commands.

Changing Directories with cd

To change directories from the terminal, use the change directory command,
cd. For example, here’s how to change to the /etc directory used to store con-
figuration files:

kali >cd /etc

kali:/etc >

The prompt changes to root@kali:/etc, indicating that we’re in the /etc

directory. We can confirm this by entering pwd :

kali:/etc >pwd
/etc

To move up one level in the file structure (toward the root of the file
structure, or /), we use cd followed by double dots (..), as shown here:

kali:/etc >cd ..
kali >pwd
/
kali >

This moves us up one level from /etc to the / root directory, but you can
move up as many levels as you need. Just use the same number of double-
dot pairs as the number of levels you want to move:

x You would use .. to move up one level.

x You would use ../.. to move up two levels.
x You would use ../../.. to move up three levels, and so on.

So, for example, to move up two levels, enter cd followed by two sets of
double dots with a forward slash in between:

kali >cd ../..

You can also move up to the root level in the file structure from any-
where by entering cd /, where / represents the root of the filesystem.

Listing the Contents of a Directory with ls

To see the contents of a directory (the files and subdirectories), we can use
the ls (list) command. This is very similar to the dir command in Windows.

kali >ls
bin initrd.img media run var

Getting Started with the Basics 7

 boot initrd.img.old mnt sbin vmlinuz
dev lib opt srv vmlinuz.old
etc lib64 proc tmp
home lost+found root usr

This command lists both the files and directories contained in the
directory. You can also use this command on any particular directory, not
just the one you are currently in, by listing the directory name after the
command; for example, ls /etc shows what’s in the /etc directory.
To get more information about the files and directories, such as their
permissions, owner, size, and when they were last modified, you can add
the -l switch after ls (the l stands for long). This is often referred to as
long listing. Let’s try it here:

kali >ls -l
total 84
drw-r--r-- 1 root root 4096 Dec 5 11:15 bin
drw-r--r-- 2 root root 4096 Dec 5 11:15 boot
drw-r--r-- 3 root root 4096 Dec 9 13:10 dev
drw-r--r-- 18 root root 4096 Dec 9 13:43 etc
--snip--
drw-r--r-- 1 root root 4096 Dec 5 11:15 var

As you can see, ls -l provides us with significantly more information,

such as whether an object is a file or directory, the number of links, the
owner, the group, its size, when it was created or modified, and its name.
I typically add the -l switch whenever doing a listing in Linux, but to
each their own. We’ll talk more about ls -l in Chapter 5.
Some files in Linux are hidden and won’t be revealed by a simple ls or
ls -l command. To show hidden files, add a lowercase –a switch, like so:

kali >ls -la

If you aren’t seeing a file you expect to see, it’s worth trying ls with the
a flag When using multiple flags, you can combine them into one, as we’ve
done here with -la instead of -l -a.

Getting Help
Nearly every command, application, or utility has a dedicated help file in
Linux that provides guidance for its use. For instance, if I needed help
using the best wireless cracking tool, aircrack-ng, I could simply type the
aircrack-ng command followed by the --help command:

kali >aircrack-ng --help

Note the double dash here. The convention in Linux is to use a double
dash (--) before word options, such as help, and a single dash (-) before
single-letter options, such as –h.

8 Chapter 1
 When you enter this command, you should see a short description of
the tool and guidance on how to use it. In some cases, you can use either -h
or -? to get to the help file. For instance, if I needed help using the hacker’s
best port-scanning tool, nmap, I would enter the following:

kali >nmap -h

Unfortunately, although many applications support all three options

(--help, -h, and -?), there’s no guarantee the application you’re using will.
So if one option doesn’t work, try another.

Referencing Manual Pages with man

In addition to the help switch, most commands and applications have a
manual (man) page with more information, such as a description and syn-
opsis of the command or application. You can view a man page by simply
typing man before the command, utility, or application. To see the man page
for aircrack-ng, for example, you would enter the following:

kali >man aircrack-ng

NAME
aircrack-ng - a 802.11 WEP / WPA-PSK key cracker
SYNOPSIS
aircrack-ng [options] <.cap / .ivs file(s)>
DESCRIPTION
aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking program.
It can recover the WEP key once enough encrypted packets have been
captured with airodump-ng. This part of the aircrack-ng suite deter-
mines the WEP key using two fundamental methods. The first method is
via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage
of the PTW approach is that very few data packets are required to
crack the WEP key. The second method is the FMS/KoreK method. The
FMS/KoreK method incorporates various statistical attacks to dis-
cover the WEP key and uses these in combination with brute forcing.
Additionally, the program offers a dictionary method for determining
the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file
or stdin) or an airolib-ng has to be used.

This opens the manual for aircrack-ng, providing you with more
detailed information than the help screen. You can scroll through this
manual file using the ENTER key, or you can page up and down using the
PG DN and PG UP keys, respectively; you can also use the arrow keys. To exit,
simply enter q (for quit), and you’ll return to the command prompt.

Finding Stuff
Until you become familiar with Linux, it can be frustrating to find your way
around, but knowledge of a few basic commands and techniques will go a
long way toward making the command line much friendlier. The following
commands help you locate things from the terminal.

Getting Started with the Basics 9

 Searching with locate
Probably the easiest command to use is locate. Followed by a keyword denot-
ing what it is you want to find, this command will go through your entire
filesystem and locate every occurrence of that word.
To look for aircrack-ng, for example, enter the following:

kali >locate aircrack-ng

/usr/bin/aircrack-ng
/usr/share/applications/kali-aircrack-ng.desktop
/usr/share/desktop-directories/05-1-01-aircrack-ng.directory
--snip--
/var/lib/dpkg/info/aircrack-ng.md5sums

The locate command is not perfect, however. Sometimes the results of

locate can be overwhelming, giving you too much information. Also, locate
uses a database that is usually only updated once a day, so if you just created
a file a few minutes or a few hours ago, it might not appear in this list until
the next day. It’s worth knowing the disadvantages of these basic commands
so you can better decide when best to use each one.

Finding Binaries with whereis

If you’re looking for a binary file, you can use the whereis command to
locate it. This command returns not only the location of the binary but
also its source and man page if they are available. Here’s an example:

kali >whereis aircrack-ng

aircarck-ng: /usr/bin/aircarck-ng /usr/share/man/man1/aircarck-ng.1.gz

In this case, whereis returned just the aircrack-ng binaries and man page,
rather than every occurrence of the word aircrack-ng. Much more efficient
and illuminating, don’t you think?

Finding Binaries in the PATH Variable with which

The which command is even more specific: it only returns the location of
the binaries in the PATH variable in Linux. We’ll look more closely at the
PATH variable in Chapter 7, but for now it’s sufficient to know that PATH holds
the directories in which the operating system looks for the commands you
execute at the command line. For example, when I enter aircrack-ng on
the command line, the operating system looks to the PATH variable to see
in which directories it should look for aircrack-ng:

kali >which aircrack-ng

/usr/bin/aircrack-ng

Here, which was able to find a single binary file in the directories listed
in the PATH variable. At minimum, these directories usually include /usr/bin,
but may include /usr/sbin and maybe a few others.

10 Chapter 1