What is Linux?​

The Linux kernel was created by Linus Torvalds in 1991. What makes it an operating system are the additions to the kernel such as a package manager, desktop environment, a shell, and a bootloader, among other components.

Because Linux is open-source, there are many customisations that have been made to the operating system. Each specific combination of customisations is called a distribution or distro for short.

There are over hundreds, if not thousands of distros in the world. Each of them has been optimised for a specific purpose, or simply for fun by people just like you and me.

Some famous distros are:

  1. Ubuntu (Most common)
  2. Elementary OS (One of the most beautiful)
  3. Debian (Neat and classy)
  4. Arch Linux (For linux bosses)
  5. Red Hat Enterprise Linux (Commercial and costly )
Linux is the choice OS of many hackers. Why, you may ask? Because it’s open-source, less prone to malware, lightweight, portable, and very compatible with multiple hacking tools.

Windows is a somewhat closed system so there are many things it doesn’t allow a hacker to do. Mac OS also isn’t that great either because of a lot of proprietary software. Linux has many distros to choose from and most can be modified as the user pleases without any restrictions.

A number of distros commonly used by hackers are Kali Linux, Parrot, BlackArch, and Archstrike. But don’t stop there, the options are unlimited.

As I mentioned earlier, Linux is also highly customisable. A great example of this feature is the desktop environment, which is a fancy name for how the desktop looks.

In Windows, there’s the basic taskbar, start menu, and a background with icons. It's nice that you can make slight modifications, and the feel changes with every new Windows version, especially with Windows 11. But Microsoft’s steps pale in comparison to the massive strides the Linux community has made when it comes to the way a desktop really looks and feels.

Common desktop environments include:

1. Gnome
2. KDE Plasma
3. Xfce
4. Mate

If you are into programming, you could build upon a current desktop environment released under the GNU license or develop your own desktop environment to suit your needs.

Tip: If you’re completely new to Linux, you might want to hold off a little before you replace your default OS. Many users are used to a GUI (Graphical User Interface) to carry out activities. But Linux users tend to use the CLI (Command Line Interface) more. This is simply because Linux is targeted towards developers and scientists, not the average user.

Linux File Structure​

The Linux OS has a directory tree just like Windows. At the very top (or bottom, depending on your perspective), we have the ‘/’ folder. This would be like your C: drive in Windows. It houses all your directories, files and apps. Below it are other folders which are summarised in the pic below


Some important directories to take note of are:

  1. /bin : binary or executable programs (nice place for keeping persistent scripts)
  2. /etc : system configuration files (an awesome place to obtain credentials)
  3. /home : home directory (the default current directory when you open up the terminal)
  4. /opt : optional or third-party software
  5. /tmp : temporary space, usually cleared on reboot (a great place to store enumeration scripts)
  6. /usr : User related programs
  7. /var : log files (the perfect place to frustrate a forensic analyst)
There is a lot more about Linux file structure and it probably deserves its own article, but this will do for now.

Now let's get a lot more hands-on experience in the terminal, and run some basic commands every hacker should know.

Intro to the Linux Shell​

A shell is a text-based interface for controlling a Linux computer. Similar to Microsofts’ Powershell or cmd, it is the interface between the user and the kernel, aside from the GUI (Graphical User Interface).

There are various types of shells, each made with improvements based off previous ones, or optimised for a particular goal.

Shells are used a lot by hackers because they are the fastest and most efficient way to deliver instructions to a computer. The GUI is fine, but can be rather limited because some features cannot be accessed graphically, or the tool you want to use simply doesn’t have a graphical interface.

Some common shells include:

  1. The Bourne shell (sh)
  2. The GNU-Bourne Again shell (bash)
  3. The Z shell (zsh)
  4. The C shell (csh)
  5. The Korn shell (ksh)
Quick lesson: The words ‘terminal’ and ‘shell’ are used interchangeably in the cybersecurity world and throughout this article. But, they are different. The terminal is the program that lets you access the shell via a graphical interface.

Basic Linux Shell Commands​

In this article, we’ll go through the following commands: whoami, pwd, ls, cd, touch, cat, nano, mv and cp, mkdir, rm and rmdir, stat, echo, grep, the ‘help’ flag and man pages.

the whoami command​

You use this command to check which user you are. On a personal computer, you are most likely to have only two accounts: the one created when installing the OS and root. If you are in the terminal as a normal user (account), you can try it out.

the pwd command​

The Present Working Directory (pwd) command informs you of where you currently are in the directory tree. By default this usually is the home directory.

the ls command​

You use the ls command to list the contents of a directory. It lets you know what files are inside a directory without a GUI.

When used with flags, it’s a Swiss army knife, with various ways of showing what’s in the directory.

Common flags you might want to take note of are -l (long listing), -a (all aka show hidden files), and -c (show recently modified).ls

the cd command​

You use the Change Directory (cd) command to transverse across the directory tree.

the cat, more, and less commands​

All the commands above are output commands. You use them to display the content of files to the terminal.

But there are notable differences here. cat is commonly used for files with small amounts of text. less and more are likely to be used for files with large amounts of text and output can be controlled with the arrow keys.

You will notice that cat prints the output directly to your terminal, while more and less allow you to use the arrow keys. Output commands are used to gather information and credentials from compromised systems.

the touch command​

You use the touch command to create files. You can write to these files in a number of ways, such as using a text editor or piping input into it (more on that later).

the nano command​

Nano is a popular built-in text editor in Linux. It’s very common because it's easy to use and it's supported in many CLI environments.

the mv and cp commands​

These are two commands that are quite similar but have notable differences. You use mv to move a file to another location. You use cp to copy a file to another location.

the mkdir command​

The mkdir command makes directories. You could use this to make a custom directory that only you can access on a compromised system to keep scripts or tools for persistence.

the rm and rmdir commands​

You might be able to figure this one out yourself. rm is the command to remove files, and rmdir is the command to remove directories.

the stat command​

You use the stat command to give information about a file.

the echo command​

You use the echo command to print out input. Let’s use an example to make things clearer.

the grep command​

Let’s take things up a notch. You use the grep command to extract specified text from a file using the pipe operator.

the ‘help’ flag and man pages​

Last on our list are ‘help’ and man. The ‘help’ flag isn’t necessarily a command but it is a great aid if you are confused about an app or tool. Simply use the following:

Update Your Linux​

This entire section can actually be done with a single command but let’s break it down to understand the whole thing. The task: update your OS. In order to achieve the objective, you need to do two things.

  1. Update the local repository info: Think of this like checking for updates before actually downloading and installing them.
  2. Upgrade the system: As it says, we download the updates, and then install the updates.
The first command to run is:

sudo apt update

  • sudo: To indicate we are running the command with higher permissions
  • apt: The package manager
  • update: To tell the computer to update its local information about the repository
  • Worked
Reactions: MRX2077