Kali Linux Practical

Commands: A Hands-On
Guide
This comprehensive guide provides cybersecurity students and professionals with
practical, command-line examples and detailed explanations for mastering Kali
Linux. From fundamental file operations to advanced system management and
essential penetration testing tools, we'll dive deep into the commands that
empower effective security operations and analysis.
 Core System Operations

File & Directory Management

Effective file and directory management is foundational to working with any Linux system, including Kali. These commands allow you to navigate the filesystem,
create, move, copy, and delete files and directories efficiently. Mastery of these commands is crucial for organizing your tools and data during penetration tests
and security operations.

Navigating the Filesystem Creating & Deleting Copying & Moving

pwd: Prints the current working directory. mkdir [directory_name]: Creates a new cp [options] [source] [destination]: Copies
directory. Use -p to create parent directories if files or directories. Use -r for directories.
ls [options] [path]: Lists directory contents.
they don't exist.
Common options include -l (long format), -a (all mv [source] [destination]: Moves or renames
files, including hidden), -h (human-readable touch [file_name]: Creates an empty file or files/directories. This command is essential for
sizes). updates the timestamp of an existing file. organizing your workspace.

cd [directory]: Changes the current directory. rm [options] [file/directory]: Removes files or ln [options] [target] [link_name]: Creates links
Use cd .. to go up one level, cd ~ or cd to go to directories. Use -r for directories (recursive) (hard or symbolic). Symbolic links (-s) are often
your home directory. and -f (force) to bypass prompts. used to create shortcuts to files or directories.
 System Security & Control

Permissions & Ownership

Understanding and managing file permissions and ownership is critical for maintaining system security and controlling access to sensitive data in Kali Linux.
Incorrect permissions can lead to significant vulnerabilities, allowing unauthorized access or modification of files.

File Permissions Explained Managing Permissions: chmod Managing Ownership: chown &
Linux permissions are represented by a 9- chmod [permissions] [file/directory]: chgrp
character string (e.g., rwxrw-r--), divided into Changes file permissions. chown [user][:group] [file/directory]:
three sets: owner, group, and others. Changes file owner and/or group. Only root
Symbolic mode: u+x (add execute for
or the current owner can change ownership.
r (read): Allows viewing file contents or user), go-w (remove write for
listing directory contents. group/others). chgrp [group] [file/directory]: Changes file
w (write): Allows modifying file contents Octal mode: Permissions are group ownership.
or creating/deleting files within a represented by numbers (r=4, w=2, x=1). Example: chown kali:kali mydata.txt
directory. Sum them for each set. E.g., 755 (rwx for changes the owner and group to 'kali'.
x (execute): Allows running a file as a owner, rx for group/others), 644 (rw for
program or entering a directory. owner, r for group/others).
Example: chmod 700 myscript.sh makes
a script executable only by its owner.
 System Diagnostics & Information Gathering

File Searching & Filtering

Efficiently locating specific files and extracting relevant information from text output are indispensable skills in Kali Linux. Whether you're searching for
configuration files, log entries, or specific data patterns, these commands streamline your workflow and enhance your analytical capabilities.

Searching Files: find Locating Commands: whereis & which

find [path] [expression]: Searches for files in a directory hierarchy. whereis [command]: Locates the binary, source, and manual page files
for a command.
By name: find . -name "*.log" (finds all log files in current directory
and subdirectories). which [command]: Shows the full path of (shell) commands.

Filtering Text: grep

By type: find /etc -type f (finds all files in /etc).

By size: find /home -size +1G (finds files larger than 1GB).
grep [options] 'pattern' [file]: Searches for patterns in files.
Executing commands on found files: find . -name "*.bak" -delete
(deletes all .bak files). Case-insensitive: grep -i 'error' /var/log/syslog.

Count matches: grep -c 'failed' /var/log/auth.log.

Invert match: grep -v 'info' app.log (shows lines that do NOT contain
'info').
 Maintaining Your Kali Environment

Package Management with APT

APT (Advanced Package Tool) is the primary command-line tool for managing software packages on Kali Linux. It handles the installation, removal, and upgrading of software, ensuring your system is up-to-date and
stocked with the necessary tools for cybersecurity tasks.

Updating Package Lists

sudo apt update: Resynchronizes the package index files from their sources. This is crucial to do before installing or upgrading any packages to ensure you have information on the latest available versions.

Upgrading Installed Packages

sudo apt upgrade: Installs the newest versions of all packages currently installed on the system from the sources configured in /etc/apt/sources.list. This does not remove existing packages or install new ones
to satisfy dependencies.

sudo apt full-upgrade: Performs a more comprehensive upgrade, handling dependency changes intelligently and potentially removing obsolete packages or installing new ones to satisfy dependencies.
Recommended for major system upgrades.

Installing New Packages

sudo apt install [package_name]: Installs a new package and its dependencies. Example: sudo apt install nmap.

Removing Packages
sudo apt remove [package_name]: Removes the specified package but may leave configuration files behind.

sudo apt purge [package_name]: Removes the package and its associated configuration files. This is useful for a clean removal.

Cleaning Up
sudo apt autoremove: Removes packages that were automatically installed to satisfy dependencies for other packages and are now no longer needed.

sudo apt clean: Clears out the local repository of retrieved package files (.deb files). This can free up disk space.
 Network Configuration & Troubleshooting

Networking Essentials
Networking commands are indispensable in Kali Linux for reconnaissance, vulnerability assessment, and exploiting network services. They allow you to understand
network topology, identify active hosts, and diagnose connectivity issues.

Network Interface Information

ip a (or ip addr show): Displays IP addresses and network interface
information. This is the modern replacement for ifconfig.
ip route: Shows the kernel routing table.
netstat -tulnp: Displays active network connections, listening ports, and
associated process IDs/names. Essential for understanding what services are
running and accessible.

Connectivity Testing
ping [host]: Tests network connectivity to a host by sending ICMP echo
requests.
traceroute [host]: Traces the route packets take to reach a host, showing
intermediate hops. Useful for identifying network bottlenecks or firewall rules.
nslookup [domain] / dig [domain]: Query DNS servers for domain name
resolution. dig is more advanced and often preferred for DNS reconnaissance.

Scanning & Reconnaissance

nmap [options] [target]: The industry standard for network discovery and
security auditing. Used for port scanning, OS detection, and service version
detection.
arp -a: Displays the ARP cache, showing IP-to-MAC address mappings of
devices on the local network.

Packet Sniffing
tcpdump [options]: Command-line packet analyzer. Captures and displays
network traffic. E.g., tcpdump -i eth0 host 192.168.1.1 and port 80.
 Managing Running Applications & Services

Process & System Monitoring

Effective process and system monitoring is crucial for understanding system behavior, diagnosing performance issues, and identifying
suspicious activity in Kali Linux. These commands provide insights into resource utilization, running processes, and system load.

Monitoring Processes Managing Processes System Performance Metrics

ps aux: Displays a snapshot of all kill [PID]: Sends a signal (by default, free -h: Displays the amount of free and
currently running processes. SIGTERM) to a process to terminate it used memory (RAM and swap) in
gracefully. human-readable format.
top: Provides a dynamic, real-time view
of running processes. Shows CPU, killall [process_name]: Kills processes df -h: Reports file system disk space
memory, and swap usage. Press 'q' to by name. usage in human-readable format.
quit.
pkill [pattern]: Kills processes based on du -sh [directory]: Estimates disk usage
htop: An enhanced interactive process a pattern matching the process name. of files and directories (summary,
viewer (often not pre-installed, but human-readable).
nice -n [priority] [command]: Runs a
highly recommended). Provides a more
command with a modified scheduling uptime: Shows how long the system has
user-friendly interface than top.
priority (-20 is highest, 19 is lowest). been running, number of logged-in
users, and system load averages.
 Data Handling & System Information

Archiving, Compression & Info

Efficiently handling large files, archiving data, and accessing system and hardware information are common tasks for cybersecurity professionals. These
commands simplify data management and provide quick insights into your Kali Linux environment.

Archiving & Compression System & Hardware Information

tar [options] [archive_name] [files/directories]: The versatile 'tape archiver' uname -a: Displays all system information (kernel name, hostname, kernel
for creating and extracting archives. version, etc.).

Create archive: tar -cvf archive.tar /path/to/files lshw -short: Lists hardware configuration (requires root privileges). Provides
Extract archive: tar -xvf archive.tar detailed info on CPU, memory, disks, network interfaces, etc.

Create compressed archive (tar.gz): tar -czvf archive.tar.gz lsblk: Lists information about all available block devices (disks, partitions, and
/path/to/files their mount points).
Extract compressed archive: tar -xzvf archive.tar.gz
lspci: Lists all PCI devices (graphics cards, network cards, etc.).
gzip [file] / gunzip [file.gz]: Compresses/decompresses single files.
lsusb: Lists all USB devices.
zip [archive.zip] [files] / unzip [archive.zip]: For ZIP archives, common across
hostname -I: Shows all local IP addresses of the system.
OSs.
whoami: Displays the effective username of the current user.
 Advanced Topics & Essential Tools

Linux Security & Pentesting Tools

Kali Linux is renowned for its extensive suite of penetration testing and security auditing tools. While mastering each tool requires dedicated practice, understanding their basic
usage and purpose is fundamental for any aspiring cybersecurity professional. This card highlights some of the most frequently used categories and their primary commands.

Network Scanners Vulnerability Analysis

Nmap: nmap -sV -p- [target] (Service version detection across all ports). OpenVAS (GVM): Comprehensive vulnerability scanner. Run gvm-check-setup
to set up.
Masscan: Ultra-fast port scanner. masscan -p1-65535 [ip_range].
Nikto: Web server scanner. nikto -h [website].

Password Attacks Web Application Tools

John the Ripper: Password cracker. john --wordlist=rockyou.txt Burp Suite: Intercepting proxy for web app testing.
password_hashes.txt. Dirb / Dirbuster: Web content scanner for hidden directories/files.
Hashcat: Advanced password recovery. hashcat -m 0 -a 0 hashes.txt SQLMap: Automatic SQL injection and database takeover tool. sqlmap -u
wordlist.txt. "http://example.com/vulnerable?id=1" --dbs.

Exploitation Frameworks Wireless Attacks

Metasploit Framework: Comprehensive exploitation framework. Launch with Aircrack-ng suite: Tools for Wi-Fi security assessment. airmon-ng start wlan0.
msfconsole.