An Introduction to Linux Commands in Kali

Keatron Evans
July 24, 2015 by
Keatron Evans



FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.

We are going to be looking at some of the basics of Linux.. This is really just to get you started - to get you prepared - to give you some prep work to do in Linux, to get you wrapped up for the Ethical Hacking or any of our technical security classes for that matter.

So once you follow the set of instructions and you actually have Kali installed, you are going to immediately go to this icon which is the Terminal icon. And you click on it and it brings up a terminal. So, I am gonna close this one out and just start over.

Click that, and it brings up a terminal here. This is where we will do most of our work from. I'm going to maximize this window and make my text a little bigger so you can see clearly what I'm typing here.

One of the most basic and fundamental things when it comes to Linux is knowing where you are and what is in the current directory that you're in. To find out what your current working directory is,  is just PWD:  which is short for “print working directory.”

As you can see, by default, we're actually in the root directory. Now, keep in mind this is the home profile or the home directory of the root account. It is not the same as being at the root of the drive. For example, if I did a cd /, that actually takes me to the root of the drive. And if we look at what's in there, we do PWD this time, it just shows us /.

Now, also, if I do a ls, there are lots of other sub-directories inside this directory. On the other hand, if I go back to where we were - root, you can see that there are different files. These are files that I've created and things like that. As you're looking through your directory, you will be able to see the difference there.

Another thing I introduced was the ls command. You saw me quickly do that, and it is simply ls, and it shows you the contents of your directory. Now if I did the command ls -a, it shows me all files including hidden files. And one thing in Linux you'll note is anytime you see a file that begins with the dot, it means it is a hidden file. Now if I added an l to that:  if I did -la instead of just a, the l stands for long file format. We're saying to give us the long file format, and to show us all files. The long file format includes extensions and everything else related to the file.

We can see that. We see all the attributes, permissions, things like that show up as well when we do the -la. So that is the basics of looking around in, first of all: figuring out what your current directory is, and then looking into what is in that current directory.

Also, it becomes important for us to look at running processes. We can do that by issuing the ps -A command and that shows us what our running processes are.

Now, another thing I want to introduce at this point is grep. You will use this throughout the course; grep is a way for you to basically filter on output and typically we use grep by piping output from 1 command to grep as input.

And the way that we do that, for example, let's create a list. If I did ls -la, that shows me all the files in this directory. If I only want to see just hidden files -  if I did ls -la, and then did the pipe - and said grep dot, what that means is - we're simply saying list everything and then take whatever the result of that command is, pipe it to grep and grep for just the string dot.

Let's see what happens if we do that. What we see is every file that's got a dot in it. Now, on the other hand, we can see there are several files that I've created in here that have the word dns in it. So, if I did a grep for dns, that lists everything; and then grep for dns, then we only see the files that have the string dns in it. That's part of how we can utilize grep for lots of different things.

Furthermore, I'm gonna start up the iceweasel web browser here, and I'm gonna minimize that.  Now, we do ps -A again to look at running processes. Remember that it shows us all the running processes. I can also grep for just iceweasel, which is the web browser we just started up here. So, if I'd have say ps -A, pipe that to grep, and I'm simply going to grep for iceweasel like so. And, instead of seeing all processes, I just see the iceweasel process.

And introducing another command here: stopping processes. In Linux, we typically use the kill command or the killall command. That's 2 ways I can kill it. I can just do a kill -9 and specify the pid for iceweasel which in this case is 14020. And, as we can see, iceweasel is running down here. But when I issue this kill command, you see iceweasel down here is now gone away. We can also kill by process.

So if I start iceweasel again, and minimize it, I can do killall –v and specify iceweasel, and you see iceweasel go away again as a result of that. So, there are several different ways to go about killing processes and how to manipulate things in Linux - there are a couple of ways to do that.

Another command that you will utilize quite a bit is the cat command. You typically use it in short for concatenation. Now, first off, we are going to use it here to create a file. So, I'm just going to create a file named Keatron. And you can do this to create a file of your own name. Actually, I'll create something called demolinux. You can just use your name as your filename. So, when we use cat and use the is-greater-than symbol, it puts us in interactive cat mode. So we're creating a file named demolinux, and it's going to put us in interactive mode which means we are able to modify or add to that file. So, if we hit Enter on that, I'm going to type a line, enter, and then type another line. And then enter, and then Control-D is how you break out of that. That is again Control-D that breaks us out.

So, now if we just read this file with the cat command without the is-greater-than, you can see the results which is basically what we type into the file up here. If I want to add a line to that or add another line, I can use two is-greater-than's, and it universally means append. Hit Enter, and then a Control-D again to close out. Now we cat demolinux. We see that the third line is also added to this file as well. What if I said cat this file and grep out just the line or lines that have the word Keatron? We can do that by saying cat the filename, sending it to grep via a pipe and then I'm going to grep for the string Keatron. And it shows those 2 lines.

One thing I need to point out here is that Linux is extremely case sensitive.  So, if I'd have to repeat that command and I grep for Keatron with all lower case, what you'd get back is nothing, and that is because of the case sensitivity of Linux. So, what I'd literally have to do is either a) make sure I match case, or with the grep command - I'm just going to up-arrow to repeat that - I could pass a -i flag which essentially says ignore case, and as you can see. we still see the lines that we are looking for in this instance.

So, that's some of the basics of getting around on the command-line, some of the things you will utilize as you go through this course. Moving right along, let's take a look at some of the basic networking stuff. First off, one of the first things you want to check is to find out what your current IP address is. And, we do that by simply type in the command ifconfig, and it shows us what our current IP address is.

Now, in my case, it is this. If you have a fresh install of Kali, you might not even have an IP address yet. And, speaking of that, the very next thing that I want to show you is how to get one. Once you start up Kali, it might not do a dhcpdiscover by default. But to force that, you want to just enter the command dhclient, and go ahead and hit Enter on that. Now, what you'll see is as a result of you doing that, if you enter ifconfig, and when it finishes, you succeeded, you've now come back and gotten yourself an IP address.

As you go through the course, an instructor asks you to switch your network configuration in VMWare from nat to bridge, or vice versa. Then, what you will find out is you will need to go and do this dhclient command to get Linux to go out and get a new IP address based on you switching to a new network. And that is one of the things that challenges people as we go through the course.

Alright, a couple of other important things to note here: what I want you to do is to do this with me. We're going to create a directory using the mkdir command. I want you to name that directory InfosecInstituteToolsandFiles. And I want you to case it exactly like I have. Capital I in Infosec,  Capital I in Institute, Capital T under Tools, and a Capital F for Files. Go ahead and make that directory. Now, do me a favor. We are going to change that directory, and to do that we use the cd command - just like in DOS. But, instead of typing this all the way out, like so, go ahead and just type Infos with a Capital I, and then from that point just hit your Tab key. And if you notice, Tab auto-completed the rest of it for you without you having to spell it out.

That is an important skill to master because it's going to make the difference in how fast or how slow you go about completing your labs. Auto-complete is the key to navigate the filesystem even if you don't know where things are. For example, let's say I want to go into a file that began with dn but I don't know the name. I can read that file with cat and just do dn  and hit the Tab key. And hitting the Tab key a couple of times gets Linux to show me every possibility or every file that I can possibly be trying to communicate with.

So now I see there are several options. Maybe the one I want to look at is dnsdemo. I can complete that or start finishing it. Just do demo and hit Tab again. And it auto-completes the sh part for me. So, Tab completion is your friend and it is going be one of the most important parts of getting through these labs without having any issue as far as getting through them pretty quickly.

Another thing that also happens is I'm the king of typos. What I've learned is using Tab takes out the human element of committing typos lots of times. So that is another good reason to utilize Tabs instead of actually trying to type these long paths and these long filenames all the way out completely.

So those are some basic little things that you need to know going into the Ethical Hacking course. A couple of other things that we want to point out is basically looking back at some of the things you've typed. You can always type the history command - and this is in just about every Linux distro and hit Enter - and it shows you the history of everything you typed since you started this terminal session.

When you're done with the course, you can literally go back and do history and see everything you've typed throughout the course. Now, if I want to run a specific command again, for example, if I want to run cat demolinux, I can do that with an exclamation and then that command number, in this case, 1014. And it repeats cat demolinux. It repeats that command. So, a few little shortcuts there.

Now what I recommend you do is literally go through each of these commands 10 times until you get it, until you understand it, and you kind of commit it to memory, because these are some of the key commands that are going to be important to you going through the rest of the course. Now, there is a second part to this video that I'm going to have you look at as well where we get into some more advanced Linux command-line stuff, and it just walks you through, adding on to what you just learned here. Just to give you a little bit more leg up and a little bit more advanced skill set to come into the class with.

Thanks for watching this video. I'm certain it'll help you out, to get over those Linux bugs. Those of you who are new to Linux when you start the first day of Ethical Hacking. I look forward to seeing you in the class.

FREE role-guided training plans

FREE role-guided training plans

Get 12 cybersecurity training plans — one for each of the most common roles requested by employers.


Keatron Evans
Keatron Evans

Keatron Evans is a cybersecurity and workforce development expert with over 17 years of experience in penetration testing, incident response and information security management for federal agencies and Fortune 500 organizations. He is VP of Portfolio and Product Strategy at Infosec, where he empowers the human side of cybersecurity with cyber knowledge and skills to outsmart cybercrime. Keatron is an established researcher, instructor and speaker — and lead author of the best-selling book, Chained Exploits: Advanced Hacking Attacks from Start to Finish. He regularly speaks at major industry events like RSA and serves as a cybersecurity subject matter expert for major media outlets like CNN, Fox News, Information Security Magazine and more.

Keatron holds a Bachelor of Science in Business Information Systems and dozens of cybersecurity certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Cloud Security Professional (CCSP) and Licensed Penetration Tester (LTP). When not teaching, speaking or managing his incident response business, KM Cyber Security LLC, Keatron enjoys practicing various martial arts styles, playing piano and bass guitar, and spending time with his family.