Linux and the Linux Terminal
This exercise is composed of several parts.
Click here to view exercise as a PDF instead.
This exercise will provide a brief introduction to the Unix -- and Linux -- command line interface (CLI). Linux is a derivative of Unix and the CLI for both are essentially the same. Kali is the Linux distribution that we use on our VMs. This manual will refer to Unix, but take Unix and Linux to be synonymous for CLI purposes. .
Although graphical user interfaces (GUIs) have obviated the need for CLIs in many cases, there are still some applications that require the use of the CLI for many reasons, not the least of which is that a CLI program uses less system memory than a GUI program that would perform the same function. For computer forensics, cybersecurity, or other incident response applications that must run on a suspect system, it is desirable to minimally impact the state of the computer.
In any case, many long-time users of computers are unfamiliar -- and, therefore, uncomfortable -- with the command line and Windows/DOS users, in particular, unfamiliar with Unix. This exercise will guide those users through some of the rudimentary functions of Unix.
In this exercise, you will:
1. Gain comfort and familiarity with the Linux Command Line Interface (CLI).
2. Gain comfort and familiarity with some of the basic Linux commands
1. Start your Kali VM.
2. Locate the Unix folder in the Resources folder of this exercise.
Open up the Linux Terminal, also called the Command Line Interpreter (CLI), by clicking on the Terminal Icon on the Kali desktop.
The Unix equivalent of the DOS help command is man.
Using the man command, look up the format and options for the ls (list) command. Find the options for creating long format (-l), all files (-a), human readable (-h) output.
At the command line, type: "man ls"
Points to note: Note the message at the bottom of the screen. The man program only displays one screen at a time. Press the q key to quit man, the
Using the options from the prior task, list out the contents of the Desktop directory.
Note: this Kali VM doesn’t have anything on the desktop, therefore no directory
To move to a different directory, use the cd (change directory) command. Note that cd .. will change to the parent directory of the current working directory and cd ~ moves to the user's home directory.
In the command sequence above, the following actions occurred:
The command line shows that we are in the ~ directory and the pwd command verifies that we are in the /root directory (denoted ~).
The cd .. command move us up one directory level; the following pwd command verifies that we are in the / directory.
The cd /etc command moves us to the /etc directory; the following pwd command verifies that we successfully moved to that directory.
The cd ~ command moves us back to our home directory and the following pwd command verifies that we are back in the /root directory.
The cat (concatenate) command is used to print out a file and is similar to the DOS type command. In this example, we display the etc/hosts file.
As an aside, the hosts file shown here has two fields; an Internet Protocol (IP) address followed by a host name. The first block of addresses (e.g., 127.0.0.1) are IP version 4 (IPv4) and the second block (e.g., fe00::0) are IP version 6 (IPv6) addresses.
Put all of this together and do the following tasks: Using cd, change into the ~/Downloads/Unix directory, find a file with a .txt file extension, and then display its contents. Hint: Try using the following commands:
ls -lah *.txt
(READ ONLY. There's no action to take at this step.) Note the # prompt sign at the Kali command line. This indicates that you are a privileged user, which is true on the VMs because you are logged in as root. A $ prompt sign denotes a regular user level of privilege. At times, a regular user needs to assume root level access. To become a root, or superuser, you can issue the su command. Alternatively, you can execute the sudo -s command, which puts you into a shell for the superuser. In either case, you need to know the system's root password. When you are at root access, the prompt changes to a # sign. You can leave root level access by using the exit command.
NOTE: The superuser has access to all system resources and there are few protections within a Unix system to prevent the superuser from executing any command that they want -- including making inadvertent, irreversible changes to the system! For that reason, users are urged to enter superuser mode only when absolutely necessary and to leave that mode when they don't need that level of privileged access. Running as root for routine tasks is a potential problem waiting to happen.
When using the ls -l commands, there are 10 characters at the beginning of each line in the display. The first character is generally a d to indicate a directory or a - to indicate a file.
The next nine characters denote the permissions that have been assigned to the file; the first three refer to the user's permissions, the next three to the user's group, and the last three to the entire system (aka world or other). The three characters that might appear in each group are r (read), w (write), or x (execute).
In the screen shot above, note that:
evidence is the name of a directory; Kali shows these in blue.
The four files (with the .txt and .jpg extensions) are set to owner (read, write), group (read), and world (read).
The three sets of access privileges are sometimes denoted numerically by thinking of the three positions in each set as a binary (or octal) number; e.g., rw- can be interpreted as a binary 110, or decimal 6. With that nomenclature, the access rights for refs.txt would be denoted as 644 and the access rights for the evidence directory as 755.
NOTE: File names that begin with a dot (.) are hidden files. Hidden files will not appear without the -a switch on the ls command.
Blah (OPTIONAL) Access privileges are changed used the chmod (change mode) command. See the man chmod entry for all of the variations on the command; two examples are provided below.
In one variant of the chmod command, the user specifies the access privileges by specifying the three-digit octal value denoting the three sets of privileges to be assigned to the file. For example, to reset the access for the file refs.txt to owner (read, write, execute), group (read, write), and world (read), you could use the chmod 764 refs.txt command.
Alternatively, you can set the access privileges by using letters. First you specify whether the command refers to the owner (aka user, or u), group (g), or world (aka others, or o). Next you specify whether you are adding (+) or taking away (-) a privilege. Finally, you list the privileges as r (read), w (write), or x (execute). So, to set the same privileges for tanks.txt as we just did for refs.txt, we would need three commands:
chmod 764 refs.txt
chmod u+x tanks.txt
chmod g+w tanks.txt
Blah You can copy a file from one place to another using the cp (copy) command and you can move a file to new location (or rename a file) using the mv (move) command. In the example below, we are copying the refs.txt file to a new file called refs_OLD.txt and renaming the MikeNelson.jpg file to SeaHunt.jpg.
Files can be deleted using the rm (remove) command. In the example below, we delete the refs_OLD.txt file.
Directories can be created using the mkdir (make directory) command. In the example below, we create a subdirectory named testdives, copy the file tanks.txt to the new directory, and move SeaHunt.jpg to the new directory.
The ps (process) command lists running processes. In this case, it shows that the bash command shell and ps process are the only running processes.
The strings command prints out any printable character strings that are found in a file. As an example, try out the strings measurements.jpg command.
As the screen shot above shows, the output from strings can be quite long. There are two controls that will help manage the amount of output that is displayed. First, by default, strings will display any string of four or more printable characters; the minimum string length can be set by the -n command parameter. Second, the output can be "piped" to another command called more that will display one screen at a time. In the example below, we find strings of a minimum length of six characters and pipe the output to more.
To control the output from more, use
NOTE: An alternative to more is less, which is actually a more powerful tool than more. You have to use these two tools to see why less is more.
The output from strings can display the location within the file where the first byte of each string can be found. To display the byte offset of the strings in hex, use the -t x parameter; use -t d to display the offset in decimal.
The output from strings can be sent to a file for further processing by using the redirect (>) switch on the command line. The more command displays the file a screen at a time.
CyberExplorations Exercises by Glenn S. Dardick is licensed under a Creative Commons Attribution 4.0 International License.