Lesson 2 - Basic Commands Part 2
Lesson 2 - Basic Commands Part 2 (30/10/25)
Linux Mini-Cheatsheet
Collected and clean for quick reference: man, cat, file, du, find, grep, sort, uniq, strings, base64, tr, tar, gzip, bzip2, xxd.
Table of Contents
- man
- cat
- file
- du
- find
- grep
- sort
- uniq
- strings
- base64
- tr
- tar
- gzip
- bzip2
- xxd
- Time-saving Combinations
- Security Notes
man
Documentation for commands/libraries.
man grep # grep manual
man 5 crontab # section 5 (files/formats)
man -k archive # search terms (apropos)cat
Display/concatenate files.
cat notes.txt
cat -n script.sh # number lines
cat -A data.bin # show "non-printable" characters
cat part1.txt part2.txt > all.txt # merge files
cat > todo.txt << 'EOF'
- setup lab VM
- update packages
EOFfile
Identify file type regardless of extension.
file mystery.bin
file -i sample.png # MIME type
file * # batch on multiple filesdu
Disk usage by files/folders.
du -sh . # human-readable sizes
du -h -d 1 | sort -h # how "heavy" each subdirectory
du -sh /var/log
du -h -d 2 | sort -h | tail -n 10 # top 10 heaviestfind
Locate files with criteria + execute commands.
find . -type f -name 'config.php'
find /var/log -type f -name '*.log' -size +10M
find . -type f -mtime -1 # modified last 24h
find /var/www -type f -perm -o=w # world-writable (dangerous)
find . -type f -name '*.pcap' -exec ls -lh {} \;
find . -type f -print0 | xargs -0 grep -n 'API_KEY'Be careful with
-delete. Test first with-ls.
grep
Search text/regex.
grep 'ERROR' app.log
grep -i 'login failed' server.log # case-insensitive
grep -R -n 'API_KEY' . # recursive + line number
grep -R -n -C 2 'Exception' . # context: 2 lines before/after
grep -E -n 'admin|root' /etc/passwd # extended regex
grep -Rl 'Bearer ' . # file names only
grep -v '^#' settings.conf # negative match
grep -oE 'AKIA[0-9A-Z]{16}' config/* # show only matching partsort
Sort lines of text.
sort data.txt # alphabetical
sort -n numbers.txt # numerical
sort -r data.txt # reverse
sort -u data.txt # unique (removes duplicates)
sort -k2 -n file.txt # by 2nd column (numerical)
sort -t: -k3 -n /etc/passwd # by UID (3rd field, : delimiter)
du -h -d 1 | sort -h # by human-readable sizesuniq
Remove/count duplicates (requires sorted input).
sort data.txt | uniq # remove adjacent duplicates
sort data.txt | uniq -c # count occurrences
sort data.txt | uniq -d # show only duplicates
sort access.log | uniq -c | sort -rn | head # top IPs/requestsstrings
Extract readable text from binary files.
strings binary.exe # all readable text
strings -n 10 firmware.bin # minimum length 10
strings suspicious.dll | grep -i 'http' # look for URLs
strings core.dump | grep -i 'password' # memory dump forensicsbase64
Encode/decode base64.
echo 'secret' | base64 # encode
echo 'c2VjcmV0' | base64 -d # decode
base64 image.png > image.b64 # encode file
base64 -d encoded.txt > decoded.bin # decode to filetr
Character translation/deletion.
echo 'HELLO' | tr '[:upper:]' '[:lower:]' # to lowercase
cat file.txt | tr -d '\r' # remove carriage returns
echo 'a,b,c' | tr ',' '\n' # comma to newline
cat data.txt | tr -s ' ' # squeeze spacestar
Archive creation/extraction.
tar -czf backup.tar.gz /home/user/docs # create compressed archive
tar -xzf backup.tar.gz # extract
tar -xzf backup.tar.gz -C /tmp # extract to specific dir
tar -tzf backup.tar.gz # list contents
tar -xzf backup.tar.gz file.txt # extract specific filegzip
Compress/decompress files.
gzip largefile.log # compress (creates .gz)
gzip -d largefile.log.gz # decompress
gzip -k largefile.log # keep original
zcat largefile.log.gz # view without extracting
zgrep 'ERROR' largefile.log.gz # grep in compressedbzip2
Better compression (slower).
bzip2 bigfile.tar # compress (creates .bz2)
bzip2 -d bigfile.tar.bz2 # decompress
bzcat bigfile.tar.bz2 # view without extractingxxd
Hexdump/binary viewer.
xxd file.bin # hex dump
xxd -p file.bin # plain hex (no formatting)
xxd -r dump.hex > restored.bin # reverse (hex to binary)
xxd -l 100 file.bin # first 100 bytes only
xxd -g 1 file.bin # group by 1 byteTime-saving Combinations
# Top 10 largest files in directory
find . -type f -exec du -h {} \; | sort -rh | head -10
# Find and remove empty files
find . -type f -empty -delete
# Search for pattern in compressed logs
zgrep -h 'ERROR' /var/log/*.gz | sort | uniq -c | sort -rn
# Extract unique IPs from log
grep -oE '\b([0-9]{1,3}\.){3}[0-9]{1,3}\b' access.log | sort -u
# Find files modified today
find /var/www -type f -mtime 0
# Count lines in all .txt files
find . -name '*.txt' -exec wc -l {} \; | awk '{sum+=$1} END {print sum}'
# Find duplicate files by content
find . -type f -exec md5sum {} \; | sort | uniq -w32 -D
# Quick backup with timestamp
tar -czf "backup-$(date +%Y%m%d-%H%M%S).tar.gz" /important/dir
# Search for sensitive data
grep -R -i -E '(password|api[_-]?key|secret)' /var/www --include='*.php'
# Find world-writable files (security risk)
find /var/www -type f -perm -o=w -lsSecurity Notes
Dangerous Patterns to Watch For
# World-writable files
find / -type f -perm -o=w 2>/dev/null
# SUID binaries (can escalate privileges)
find / -type f -perm -u=s 2>/dev/null
# Files owned by specific user
find /home -user www-data -ls
# Recently modified system files
find /etc -type f -mtime -1
# Large files (might be logs or suspicious)
find / -type f -size +100M 2>/dev/nullForensics & Analysis
# Extract strings from binary
strings suspicious.exe | grep -i 'http\|ftp\|password'
# Find hidden files
find / -name ".*" -type f 2>/dev/null
# Check for base64 encoded data
grep -E '^[A-Za-z0-9+/]{20,}={0,2}$' file.txt | base64 -d
# Find files with no extension
find . -type f ! -name "*.*"
# List files by modification time
find /var/log -type f -printf '%T+ %p\n' | sortTips for Pentesters
- Always redirect errors: Use
2>/dev/nullto avoid noise - Test before acting: Use
-printbefore-delete - Combine tools: Pipe commands for powerful searches
- Check permissions: Look for writable dirs/files
- Search logs: Often contain sensitive information
- Look for backups:
.bak,.old,.backupfiles - Check for configs:
config.*,*.conf,.envfiles