SEC406 Lab Commands

COMMAND EXPLANATION

ssh labD.L Begin a Lab “L” from Day “D”

ssh del_labD.L Reset the specified lab to start over Linux Essentials Cheat Sheet v1.0
#? Repeat the question for the current task This guide was created by Mark Baggett
#hint Get a hint on how to complete the task Twitter: @markbaggett | sans.org/sec406

Bash Keyboard Shortcuts Windows User Quick Reference

KEY COMBO EXPLANATION WINDOWS UBUNTU LINUX
COMMAND EQUIVALENT WHAT IT DOES
Control L Clear the screen
dir ls -la A directory listing with sizes and dates
Control C Kill the currently running Program
ipconfig.exe ifconfig or ip Show you network interfaces and
Control S Squelch (Pause the output) addresses

Control Q Un-squelch (Unpause the output) ipconfig/release dhclient -r Release your DHCP ip address

Control A Go to the beginning of the line ipconfig /renew dhclient Request a new IP from DHCP server

Control E Go to the end of the lin cd <new dir> cd <new dir> Change directories to new directory

Control R Recall a command by searching history cd<enter> pwd Tell you the current working directory

Up Arrow Recall the previous command from history tasklist ps List processes running

Down Arrow Go to next command in the command history type cat Show the contents of a file

findstr grep Search output for a matching string

copy cp Copy a file from the file system

echo echo Echo output to the screen

del rm Delete a file from the file system

rename mv Rename a file

 File System Commands Network Commands Other Important Commands
COMMAND EXPLANATION EXAMPLE COMMAND EXPLANATION EXAMPLE COMMAND EXPLANATION EXAMPLE

ls List files in directory; current $ ls ~/Desktop ping Send ICMP ECHO_REQUEST to a $ ping 10.1.1.1 chmod Change the permissions (mode) $ chmod +w file.txt
directory is used if no directory network host to test connectivity of a file or directory
is supplied
netstat Display TCP & UDP connection $ netstat -na stat View detailed information about a file $ stat file.txt
cd Change the current working $ cd /home/me/ info (deprecated)
directory passwd Change a user’s password, or your $ passwd [username]
ss Display socket statistics; $ ss –l4t own if no username is specified
pwd Print the current working directory $ pwd replaces netstat
/home/me/ kill Terminate or send a signal to a $ kill 8573
ifconfig Display information about your $ ifconfig running process by process ID (PID)
cp Copy a file $ cp orig.txt copy.txt network interfaces, such as
your IP address (deprecated) ln Create a hard or symbolic link to a file $ ln [file] [link]
mv Move or rename a file $ mv a.txt Desktop/b.txt
ip Display/manipulate routing, $ ip a show [interface] sort Sort the contents of a file or STDIN $ sort /etc/passwd
rm Delete a file $ rm file.txt network devices, interfaces, $ ip address show ens33 $ cat numlist.txt |
and tunnels; replaces ifconfig sort –n
mkdir Create a directory $ mkdir examples/
uniq Remove duplicate lines from a $ uniq mylist.txt
rmdir Delete a directory (must be empty) $ rmdir examples/ sorted file or sorted STDIN $ cat mylist.txt | uniq

File Examination Commands which Identify which program on your drive $ which python
find Search the file system for files $ find / -name “myfile.txt”
executes when you run a command /usr/bin/python
COMMAND EXPLANATION EXAMPLE
chmod Change file permissions $ chmod 755 myfile.txt
cat Print one or more files to STDOUT $ cat file.txt
Touch Create an empty file $ touch new_empty_file $ cat file1 file2 file3 >
allfiles HFS Common Locations
grep Search for text within a file or STDIN $ grep 10.10.1.1
/var/log/apache/* / Root of the file system
User Switching Commands
file Identify the file type $ file image.jpg /etc “etcetera” folder holds configuration files
COMMAND EXPLANATION EXAMPLE
image.jpg: JPEG Image Data
/var “variable” folder holds files that change frequently
su su – otheruser Switch to otheruser and use their user head Display the first 10 lines of a file, $ head /etc/passwd
environment by default (use “-n X” to display $ head -n 5 /etc/passwd /usr “Universal System Resources” is a Distributed mount
first X lines) folder that holds binaries (installed programs)
su su otheruser Switch to otheruser and keep your existing
environment tail Display the last 10 lines of a file, $ tail /var/log/syslog /opt “options” folder is usually where compiled pages not
by default (use “-n X” to display $ tail -n 5 .bashrc installed by a package manager go
sudo sudo <cmd> Run command as another user, when no last X lines)
user is specified it assumes root /dev “devices” is a dynamic folder for accessing system
tail -F Display new data as it’s appended $ tail -F /var/log/messages hardware devices
whoami whoami Tell you the name you are running to the end of a file (useful for
processes as watching logs; aka follow a file) /root The root users home folder

id id Display the user information including user less Display text from STDIN or a file, $ less /etc/passwd /home All other users home folders
number and group number one screen at a time; $ cat file | less
text disappears from console
visudo visudo Edit the /etc/sudoers file to define who can
run what as other users (root only) more Display text from STDIN or a file, $ more /etc/passwd
one screen at a time; $ cat file | more
text remains on console