Linux Fundamentals

Files & Navigation

Move and manipulate the filesystem: ls, cd, cp, mv, rm, mkdir, find, and locate - fast.

Easy 18 minfilesfindnavigation

You can't do anything useful in a terminal if you can't move around and manage files - and a surprisingly large portion of real security work is exactly that: finding things, moving things, and understanding what's where.

Practice on Your Own Systems

The commands in this lesson can permanently delete files (rm), overwrite data (cp, mv), and cause real damage if misused. Practice on your own virtual machine. Never run untested commands on a production system or any system you don't own.

Where Am I? - pwd

pwd (print working directory) tells you your current location in the filesystem. Run it when you're disoriented.

kali@vr4cs: ~

Simple, but you'll use it constantly - especially after cd-ing through several directories and losing track.

Listing Files - ls

ls lists directory contents. On its own it's fine; with flags it becomes essential.

kali@vr4cs: ~

The key flags:

FlagEffect
-lLong format: permissions, owner, size, date
-aShow hidden files (names starting with .)
-hHuman-readable file sizes (K, M, G instead of bytes)
-la or -alLong format + hidden files (most useful combo)
-lhLong format + human-readable sizes
-ltSort by modification time, newest first
-lRRecursive - list all subdirectories too

Hidden Files Are Not Security

Files starting with . are hidden from plain ls but visible with ls -a. They're hidden for convenience (to reduce clutter), not security. When you gain access to a system, always run ls -la - you'll find .bash_history, .ssh directories, config files, and potentially credentials that a plain ls wouldn't show.

Changing Directory - cd

kali@vr4cs: ~

Essential shortcuts:

CommandGoes to
cd ~ or just cdYour home directory
cd ..Parent directory
cd -Previous directory (toggle back and forth)
cd /Root of the filesystem

cd - is incredibly useful when you're jumping between two directories repeatedly - bouncing between /etc/ssh and /var/log while investigating, for example.

Copying Files - cp

cp source destination
kali@vr4cs: ~

Key flags:

  • -r - recursive, required to copy directories
  • -p - preserve timestamps, ownership, and permissions
  • -i - interactive, asks before overwriting (good habit)
  • -v - verbose, shows what's being copied

cp Overwrites Without Warning by Default

cp file.txt /tmp/file.txt will silently overwrite /tmp/file.txt if it exists. Use -i to get a confirmation prompt, or check first with ls. This is especially important on production systems.

Moving and Renaming - mv

mv both moves files and renames them. It's the same command:

mv oldname newname        # rename in same directory
mv file.txt /tmp/         # move to /tmp/
mv file.txt /tmp/new.txt  # move AND rename
kali@vr4cs: ~

Unlike cp, mv doesn't leave the original behind. It also has -i for interactive mode and -v for verbose.

Deleting Files and Directories - rm

This is where people cause themselves real pain. rm is permanent - Linux has no Recycle Bin by default.

rm file.txt            # delete a single file
rm -r directory/       # delete a directory and everything inside it
rm -f file.txt         # force delete (no error if file doesn't exist)
rm -rf directory/      # force recursive delete - THE DANGER COMMAND

rm -rf Is Irreversible

rm -rf /some/path will delete everything at that path recursively with no confirmation. There are legendary stories of engineers accidentally running rm -rf / (deletes the entire system) or rm -rf ./ (deletes the current directory) due to a misplaced space. Before running any rm -r, double-check your path with pwd and ls first. Consider using trash-cli as a safer alternative that moves to a trash folder.

kali@vr4cs: ~

The -i flag (interactive) on rm -ri asks before deleting each item. Slower, but safer when you're not 100% sure of what's there.

Creating Directories - mkdir

mkdir dirname                  # create one directory
mkdir -p path/to/nested/dir    # create all intermediate directories
mkdir -m 700 private_dir       # create with specific permissions
kali@vr4cs: ~

The -p flag is invaluable for creating organized pentest directory structures without multiple commands.

Creating Empty Files - touch

touch was designed to update a file's timestamp, but its most common use is creating empty files:

touch newfile.txt              # create empty file (or update timestamp if exists)
touch file1.txt file2.txt      # create multiple files

In security work, touch is often used in scripts to create marker/lock files, or to update timestamps to hide when files were modified.

Finding Files - find

find is one of the most powerful commands for security research. It searches the filesystem with flexible criteria:

find [where] [what] [action]
kali@vr4cs: ~

That last command - find / -perm -4000 - finds SUID files. We'll dig into what SUID means in the Permissions lesson, but this is one of the first commands run during privilege escalation research.

Common find patterns for security work:

# Find world-writable directories
find / -type d -perm -o+w 2>/dev/null
 
# Find files modified in the last 10 minutes (find recent changes/uploads)
find / -type f -mmin -10 2>/dev/null
 
# Find files owned by root that are world-readable
find / -user root -perm -o+r -type f 2>/dev/null
 
# Find config files that might contain credentials
find / -name "*.conf" -o -name "*.config" -o -name "*.cfg" 2>/dev/null | head -20
 
# Find all files containing a string (combine with grep)
find /var/www -type f -name "*.php" -exec grep -l "password" {} \;

The 2>/dev/null at the end suppresses "Permission denied" errors. Without it, find floods your terminal with errors when it tries to enter directories you can't read.

The find -exec Flag

-exec command {} \; runs a command on each found file, where {} is replaced by the filename. -exec grep -l "password" {} \; would search inside each PHP file for the word "password". This combination is extremely powerful for recon.

Faster File Location - locate

locate is faster than find because it searches a pre-built database (updated daily via updatedb):

locate passwd            # find all paths containing "passwd"
locate -i readme         # case-insensitive
updatedb                 # update the database (run as root)
kali@vr4cs: ~

The downside: locate won't find files created after the last updatedb run. For recently created files, use find.

Finding Binaries - which and whereis

which python3            # show the full path of a command
which nmap
whereis nmap             # find binary, source, and man page locations
kali@vr4cs: ~

which is essential for understanding which version of a tool you're running when multiple versions are installed, and for verifying that a tool is in your PATH.

Wildcards and Globbing

The shell expands special characters before passing them to commands. This is called globbing (or filename expansion):

PatternMatches
*Zero or more characters
?Exactly one character
[abc]One character: a, b, or c
[a-z]One character in range a through z
[!abc]Any character EXCEPT a, b, or c
{txt,log,cfg}Brace expansion: each listed option
kali@vr4cs: ~

That last example - cp /etc/{passwd,shadow,group} /tmp/ - copies three files in one command using brace expansion. This is a common pattern in scripts and one-liners.

The Shell Expands Globs, Not the Program

When you run ls *.txt, the shell expands *.txt to a list of matching filenames before ls ever runs. ls receives individual filenames, not the glob pattern. This matters when you use wildcards in scripts, with find, or when quoting is needed to prevent expansion.

Putting It Together: Recon One-Liner

Here's a realistic snippet you might use immediately after getting a shell on a target:

# Quick situational awareness after gaining shell access
pwd && whoami && id
ls -la ~
ls -la ~/.ssh/ 2>/dev/null
find /home -name "*.txt" -o -name "*.cfg" -o -name "*.conf" 2>/dev/null | head -20
find / -perm -4000 -type f 2>/dev/null

Each of these commands is something you've now learned. That's how fast knowledge compounds in the terminal.

Key Takeaways

  • pwd shows where you are; cd moves you around. cd - toggles between two locations.
  • ls -la is the most useful variant - shows permissions, hidden files, owners, and sizes.
  • cp copies, mv moves/renames, rm deletes - and rm is permanent with no undo.
  • mkdir -p creates nested directories in one shot; touch creates empty files.
  • find is the power tool for security recon: find SUID files, world-writable dirs, recently modified files, and config files containing credentials.
  • which locates binaries in your PATH; locate searches a cached index quickly.
  • Wildcards (*, ?, [], {}) let the shell expand patterns before commands run - master them to work efficiently.

Previous

The Filesystem Hierarchy

Next

Viewing & Editing Files