🔴 Day 3 — Linux Terminal – Linux commands for Ethical Hacking
Day 100 — Professional Pentester
03
Here’s the truth nobody tells you about the Linux command line: within two weeks of using it daily, you will not want to go back to clicking through menus. The terminal is faster, more powerful, and once you’re comfortable — genuinely satisfying to use.
Every single security tool we’ll use over the next 97 days — Nmap, Metasploit, Burp Suite, Nikto, Hydra — runs from or interacts with the terminal. This is the language of ethical hacking. Today we start speaking it.
I’ve structured today’s lesson around seven categories of commands. Instead of throwing 40 commands at you as a random list to memorise, I want you to understand why each group exists and when you’ll reach for it during a real assessment. That context is what makes commands stick.
📥
Free Cheat Sheet: 40 Essential Linux Commands
Printable one-page reference — all 40 commands from today’s lesson with syntax and use case. Keep it next to your screen for the first 30 days.
Download Free →
Understanding the Terminal Before You Type Anything
Open a terminal in Kali Linux now. What you see is called a prompt. Before typing a single command, I need you to understand what you’re looking at — because this context makes everything else click into place.
The anatomy of a terminal prompt
kali@kali:~$ _
kali
Your username — who you are logged in as
kali (after @)
Hostname — the name of this machine
~
Current directory (~ = your home folder)
$ vs #
$ = regular user | # = root (admin)
That $ vs # distinction matters enormously. When you see # in the prompt or in a tutorial, it means root privileges. On Kali, you’ll often use sudo before commands that need elevated access. On Day 1 of discovering you have root on a target machine during a pentest, seeing that # prompt will feel very different. Remember it.
CATEGORY 1
Navigation — Moving Around the Filesystem
Before you can attack or defend anything, you need to know where you are in the filesystem and how to move around. These are the commands you will type hundreds of times every single day.
Navigation commands — run these in your Kali terminal right now
# 1. pwd — Print Working Directory (where are you right now?)
pwd
/home/kali
# 2. ls — List files and folders in current directory
ls
ls -l # Long format — shows permissions, size, date
ls -la # Long format INCLUDING hidden files (starting with .)
ls -lh # Human-readable sizes (KB, MB, GB)
ls /etc # List contents of a specific path
# 3. cd — Change Directory (how you move around)
cd /etc # Go to /etc (absolute path)
cd Desktop # Go to Desktop folder (relative path)
cd .. # Go up one directory level
cd ../.. # Go up two levels
cd ~ # Go back to your home directory, always
cd – # Go back to previous directory (like browser back)
# 4. file — Tell me what type a file is (by content, not extension)
file suspicious_file # Is this actually a JPEG or an ELF binary?
suspicious_file: ELF 64-bit LSB executable ← this matters in CTFs
# 5. tree — Visual directory structure (install first)
sudo apt install tree -y
tree /etc/passwd # See folder structure at a glance
💡 Pro tip: Use the Tab key to auto-complete file and directory names. Type cd Des then press Tab — it auto-completes to cd Desktop/. This saves you thousands of keystrokes and eliminates typos. Use it constantly.
CATEGORY 2
File Operations — Creating, Moving, Copying, Deleting
During a penetration test you’ll constantly create notes, move payloads, copy evidence files, and clean up traces. These commands are your file management toolkit.
File operation commands
# Create files and directories
touch notes.txt # Create an empty file
mkdir myfolder # Create a directory
mkdir -p a/b/c # Create nested directories at once
# Copy and move
cp file.txt backup.txt # Copy file
cp -r folder/ backup/ # Copy entire folder (-r = recursive)
mv file.txt /tmp/ # Move file to /tmp/
mv old.txt new.txt # Rename a file (move to new name)
# Delete — BE CAREFUL, no Recycle Bin in Linux
rm file.txt # Delete a file — permanent
rm -r folder/ # Delete a folder and all contents
rm -rf / # ← NEVER RUN THIS. Deletes everything. Shown as warning only.
# Write to files
echo “my notes” > notes.txt # Write (overwrites existing content)
echo “more notes” >> notes.txt # Append (adds to existing content)
# Find files anywhere on the system
find / -name “*.txt” 2>/dev/null # Find all .txt files (2>/dev/null hides errors)
find /home -name “passwords*” # Hunt for files named “passwords” anything
find / -perm -4000 2>/dev/null # Find SUID files — important for privilege escalation!
⚠️ No undo in Linux: rm permanently deletes files immediately — there is no Recycle Bin. Always double-check before running rm -r. When in doubt, move the file to /tmp/ instead of deleting it — /tmp/ clears on reboot, giving you a safety window.
CATEGORY 3
Viewing & Searching Text — The Hacker’s Most Used Skill
Reading config files, searching scan output for passwords, analysing log files — security work involves a lot of reading text. These are the commands that make that fast and powerful.
Text viewing and searching commands
# Reading files
cat /etc/passwd # Print entire file to screen
less /var/log/syslog # Scroll through long files (q to quit)
head -20 file.txt # Show first 20 lines
tail -20 file.txt # Show last 20 lines
tail -f /var/log/auth.log # Follow log in real-time (-f = follow)
# grep — THE most important text search command in security
grep “password” file.txt # Find lines containing “password”
grep -i “Password” file.txt # Case-insensitive search
grep -r “admin” /var/www/ # Search all files in a directory
grep -n “error” logfile.txt # Show line numbers
grep -v “comment” file.txt # Show lines that DON’T match (-v = invert)
grep -E “user|pass|login” file # Match multiple patterns (regex)
# Piping — chain commands together (very powerful)
cat /etc/passwd | grep “bash” # Find users with bash shell
ls -la | grep “rw” # Find files with rw permissions
ps aux | grep “root” # Find processes running as root
# wc — count lines, words, characters
wc -l /usr/share/wordlists/rockyou.txt
14344391 /usr/share/wordlists/rockyou.txt
# 14 million passwords. You’ll use this file a lot.
# cut — extract specific fields from output
cut -d: -f1 /etc/passwd # Extract just the usernames from /etc/passwd
cat /etc/passwd | cut -d: -f1,3 # Username and UID
💡 The pipe | is one of Linux’s most powerful ideas: It takes the output of one command and feeds it as input to the next. cat file.txt | grep "password" | head -5 reads a file, finds lines with “password”, and shows only the first 5 results. Chaining commands with pipes is how professionals process large outputs quickly.
CATEGORY 4
Permissions & Ownership — The Key to Privilege Escalation
Linux permissions control who can read, write, and execute files. Misconfigurations here are one of the most common paths to privilege escalation on a target system. You need to understand this both for attacking and for hardening.
Understanding and changing permissions
# Reading permissions from ls -l output:
ls -l script.sh
-rwxr-xr– 1 kali kali 1024 Mar 21 script.sh
# │││││││└─ other: read only
# ││││└──── group: read + execute
# │└──────── owner: read + write + execute
# └──────── file type (- = file, d = directory)
# chmod — change permissions (numeric mode)
chmod 755 script.sh # rwxr-xr-x (owner: full, others: read+exec)
chmod 644 file.txt # rw-r–r– (owner: rw, others: read only)
chmod 777 file # rwxrwxrwx (everyone: full access — dangerous!)
chmod +x script.sh # Add execute permission (symbolic mode)
chmod -w file.txt # Remove write permission
# chown — change file owner
chown root:root file # Change owner and group to root
chown kali:kali file # Give back to kali user
# sudo — run a single command as root
sudo apt update # Run as root, then return to normal user
sudo -l # List what commands this user can run as root
# sudo -l is a CRITICAL privilege escalation check on targets
sudo su # Switch to full root shell
# id / whoami — check your current privileges
whoami # Your username
id # Your UID, GID, and all groups
uid=0(root) gid=0(root) ← this is what you want to see post-exploitation
| Octal | Symbolic | Meaning | Common Use |
|---|
| 777 | rwxrwxrwx | Everyone can do everything | ⚠️ Dangerous — often a misconfiguration |
| 755 | rwxr-xr-x | Owner: all | Others: read+exec | Scripts, executables |
| 644 | rw-r–r– | Owner: rw | Others: read only | Config files, documents |
| 600 | rw——- | Owner: rw only | Others: nothing | SSH private keys |
| 4755 | rwsr-xr-x | SUID set — runs as owner’s privileges | 🎯 Privesc target when misconfigured |
CATEGORY 5
Networking — Your Reconnaissance Toolkit
Ethical hacking is fundamentally about networks. These commands let you see the network around you, test connectivity, and begin the reconnaissance phase of any assessment.
Networking commands — use these in your Kali VM
# Your network interfaces — what’s YOUR IP?
ifconfig # Classic — shows all interfaces, IPs, MAC
ip a # Modern equivalent — more detail
ip route # Routing table — how traffic is sent
# Testing connectivity
ping 8.8.8.8 # Is this host reachable? (Google DNS)
ping -c 4 192.168.1.1 # Send exactly 4 packets (-c = count)
ping -i 0.2 target # Faster ping (0.2 second interval)
# DNS — resolving domain names
nslookup google.com # What IP does this domain resolve to?
dig google.com # Detailed DNS query — more info than nslookup
dig google.com MX # Query specific record types (MX, TXT, NS)
host securityelites.com # Simple IP lookup
# Active connections and open ports
netstat -tuln # Show all listening ports and services
ss -tuln # Modern netstat replacement
ss -tnp # Established connections with process names
# Route tracing — map the path to a target
traceroute google.com # Show every hop between you and target
# wget / curl — download files from command line
wget https://example.com/file.txt # Download a file
curl https://example.com # Fetch content (flexible, used in scripting)
curl -I https://example.com # Show HTTP headers only — great for recon
Server: Apache/2.4.29 (Ubuntu) ← server type revealed in headers
CATEGORY 6
Processes & System — Seeing What’s Running
Process and system commands
# Viewing running processes
ps aux # All running processes — full details
ps aux | grep root # Only processes running as root
top # Live process monitor (q to quit)
htop # Better top — visual, interactive (install: apt install htop)
# Killing processes
kill 1234 # Kill process with PID 1234
kill -9 1234 # Force kill (SIGKILL — cannot be ignored)
pkill firefox # Kill all processes named “firefox”
# Background / foreground jobs
command & # Run in background (add & to any command)
jobs # List background jobs
fg 1 # Bring job 1 to foreground
# System information
uname -a # Kernel version + architecture
cat /etc/os-release # OS name and version
df -h # Disk usage (human-readable)
free -h # RAM usage
uptime # How long system has been running
history # All commands you’ve run — great for reviewing your work
CATEGORY 7
Package Management — Installing and Updating Tools
APT — the package manager for Kali Linux (Debian-based)
# The essential four
sudo apt update # Refresh the package list — do this first, always
sudo apt upgrade -y # Upgrade all installed packages
sudo apt install nmap -y # Install a package
sudo apt remove nmap # Remove a package
sudo apt autoremove # Remove packages no longer needed
# Searching and information
apt search gobuster # Search for a package by name
apt show metasploit-framework # Info about a package
dpkg -l | grep nmap # Is this tool already installed?
# Run this after every fresh Kali install or once a week
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -y
# The && runs the next command only if the previous succeeded
⚡ Terminal Pro Tips — Work 3× Faster
These aren’t extra commands — they’re keyboard shortcuts and tricks that professional pentesters use hundreds of times a day. Learning them now will compound over 100 days into a massive productivity difference.
Tab
Auto-complete filenames and commands. Double-Tab shows all options. Use it constantly — it also prevents typos.
↑ / ↓ arrow keys
Scroll through command history. Press ↑ to bring back your last command and edit it — faster than retyping.
Ctrl + C
Stop a running command immediately. Use when a scan takes too long or you made a mistake mid-command.
Ctrl + L
Clear the terminal screen — same as typing clear. Keeps your workspace clean when it gets cluttered.
Ctrl + R
Reverse search through command history. Press Ctrl+R then type any part of a past command to find it instantly.
command –help
Every tool has a --help flag. When you forget a flag, type nmap --help before searching Google — it’s faster.
man command
The full manual for any command. man nmap, man grep, man chmod. Press q to quit. Underused by beginners.
command > out.txt
Save any command’s output to a file. nmap target > scan.txt. Essential for saving evidence during a pentest.
📋 Quick Reference — All 40 Commands at a Glance
Bookmark this section. This is the cheat sheet you’ll come back to during the first 30 days of this course. Every command covered today in one scannable table.
| Command | What It Does | Category |
|---|
| pwd | Show current directory | Navigate |
| ls -la | List all files incl. hidden | Navigate |
| cd <path> | Change directory | Navigate |
| file <name> | Identify file type by content | Navigate |
| touch <file> | Create empty file | Files |
| mkdir -p <path> | Create directories recursively | Files |
| cp -r <src> <dst> | Copy file or folder | Files |
| mv <src> <dst> | Move or rename | Files |
| rm -r <path> | Delete file or folder (permanent) | Files |
| find / -name <x> | Find files by name system-wide | Files |
| echo “x” >> file | Append text to a file | Files |
| cat <file> | Print file contents | Text |
| less <file> | Scroll through large files | Text |
| head / tail -n | First/last N lines of file | Text |
| grep -ri <pat> | Search files for pattern | Text |
| cmd | grep <x> | Pipe output to search | Text |
| cut -d: -f1 | Extract field from output | Text |
| wc -l | Count lines in file | Text |
| chmod 755 <file> | Change file permissions | Perms |
| chown user:grp | Change file ownership | Perms |
| sudo <command> | Run command as root | Perms |
| sudo -l | List allowed sudo commands | Perms |
| id / whoami | Show current user and groups | Perms |
| ifconfig / ip a | Show network interfaces + IPs | Network |
| ping -c 4 <host> | Test host reachability | Network |
| dig / nslookup | DNS lookup | Network |
| netstat -tuln | Show listening ports | Network |
| curl -I <url> | Fetch HTTP headers | Network |
| wget <url> | Download file from URL | Network |
| traceroute | Trace route to target | Network |
| ps aux | Show all running processes | Process |
| kill -9 <pid> | Force-kill a process | Process |
| uname -a | Kernel and OS version | System |
| df -h / free -h | Disk and RAM usage | System |
| history | All past commands | System |
| apt update | Refresh package list | Packages |
| apt install <x> -y | Install a package | Packages |
| apt search <x> | Search for available tools | Packages |
| dpkg -l | grep <x> | Check if tool is installed | Packages |
| man <command> | Full manual for any command | Help |
🎯 Day 3 Practical Task
📋 YOUR MISSION — COMPLETE IN KALI TERMINAL
1
Navigate the filesystem from / to your home in 3 commands
Start from root (cd /), explore with ls, then find your way back to home. Use pwd to confirm where you are at each step.
2
Read /etc/passwd and find all users with a bash shell
cat /etc/passwd | grep “bash”
Look at what you get. These are the real user accounts on your Kali system. Now extract just the usernames with: cut -d: -f1 /etc/passwd
3
Create a “Day3” folder and save your terminal session
mkdir ~/Day3
history > ~/Day3/day3_commands.txt
cat ~/Day3/day3_commands.txt
You just saved your work. This is the documentation habit that separates professionals from amateurs.
4
Find all SUID files on your system — note what you see
find / -perm -4000 2>/dev/null
This is a real privilege escalation check you’ll run on every target system. On your Kali VM it’s expected — on a target machine, unexpected SUID binaries are gold.
⭐ BONUS CHALLENGE
How many lines are in the rockyou.txt password wordlist? Find it, count it, and tell us in the Telegram community. First hint: it’s in /usr/share/wordlists/. You may need to unzip it first. Figure it out — this is your first real problem-solving challenge.
ls /usr/share/wordlists/ # Start here
💻
The terminal is no longer foreign territory.
You live here now.
40 commands. Seven categories. One goal: fluency. Come back to this page whenever you forget a command — it’s here. Day 4 covers the Linux file system in depth — understanding /etc, /var, /tmp, and why every directory matters to a hacker.
Day 4: Linux File System →
Frequently Asked Questions — Day 3
What is the difference between sudo and su in Linux?
sudo runs a single command with elevated privileges then drops back to your user. su switches your entire session to another user (default: root). Modern Kali Linux recommends sudo for individual commands — staying in a permanent root shell is considered a security risk even in a lab environment. Use sudo -l on any target to see what it can run.
Why does grep need -r to search directories?
grep by default reads individual files. The -r flag tells it to be recursive — to enter directories and search every file inside. Without -r, giving grep a directory path produces an error or empty result. Use grep -ri (recursive + case-insensitive) as your default when searching for credentials or keywords across a directory tree.
Why is /etc/passwd readable by everyone — doesn’t that expose passwords?
Great question — /etc/passwd contains usernames and user information but not passwords on modern Linux systems. Actual password hashes are stored in /etc/shadow which is only readable by root. Historically, /etc/passwd did contain passwords (in the “password field” column) but they were moved to shadow in the 1980s for exactly this reason. The x you see in the password column of /etc/passwd means “password is in shadow.”
How do I stop a command that’s running too long?
Ctrl+C sends an interrupt signal to the foreground process and stops it. This is safe for almost all commands. If Ctrl+C doesn’t work (some processes trap it), try Ctrl+Z to suspend the process, then kill %1 to kill the suspended job. For runaway background processes, use ps aux | grep <name> to find the PID and then kill -9 <pid>.
ME
Mr Elite
Founder, SecurityElites.com | 15+ Years Offensive Security
I still remember the day the terminal “clicked” for me — when it stopped being intimidating and started feeling like a superpower. That usually happens around Day 5–10 for most students. You’re closer than you think. Keep going.
