Master Linux, Master Cybersecurity
Welcome! The secret behind every elite hacker, pentester, and CTF champion isn't just a suite of fancy tools—it's a deep, fundamental mastery of the Linux command line. This guide transforms you from a beginner into a command-line pro, equipping you with the essential skills to conquer TryHackMe, dominate CTF challenges, and launch your cybersecurity career.
Interactive Man Page Lookup
Get quick, concise explanations for any Linux command. Type a command below and hit Enter to see its purpose and cybersecurity context, just like a real man page!
Type a command above to see its details.
The Command Line Toolkit
The command line is where the real magic happens. These are your essential tools for navigating systems, manipulating files, and uncovering secrets. Use the filters below to explore commands by category, then click on any command to reveal its purpose and why it's critical in a cybersecurity context.
The System Map: File Hierarchy
A Linux system isn't a random collection of folders; it's a logical map. Knowing this map is crucial for finding config files, logs, and potential vulnerabilities. Hover over any directory below to learn its purpose.
- / Root directory. The absolute top-most directory. All other directories and files reside beneath it. bin Essential user command binaries (e.g.,
ls,cp). Accessible to all users. sbin System administration binaries (e.g.,fdisk,reboot). Typically require root privileges. etc System-wide configuration files and scripts (e.g.,passwd,sshd_config). A CTF goldmine! home User home directories. Each standard user has a personal directory here. user root Dedicated home directory for the root user. tmp Temporary files used by programs. Often world-writable, data typically deleted on reboot. var Variable data files, including system logs (/var/log), databases, and web content. Crucial for forensic analysis. usr User programs and data, including installed software, libraries, and documentation. dev Device files, representing hardware devices as files (e.g.,/dev/sda). proc Virtual file system providing real-time information about running processes. Excellent for reconnaissance. sys Virtual file system providing information about kernel-related device details.
Permissions Unlocked: The Locks & Keys
File permissions control who can read, write, and execute files and directories. Misconfigurations are a primary path to privilege escalation in CTFs and real-world attacks. Use the interactive calculator below to master the chmod command.
Understanding Read, Write, Execute (rwx)
- For Files:
r(read): Allows viewing the file's content.w(write): Permits modification or deletion of the file's content.x(execute): Enables running the file as a program or script. - For Directories:
r(read): Allows listing the contents of the directory.w(write): Permits adding, removing, or renaming files within the directory.x(execute): Grants the ability to enter the directory and access its contents.
Permissions are assigned to three categories: the file's Owner, the file's Group, and Others (everyone else on the system).
Special Permissions: SUID, SGID, and Sticky Bit
- SetUID (SUID): When set on an executable file, it allows the file to be run with the permissions of its owner, regardless of who executes it. This is a common target for privilege escalation (e.g., the
passwdcommand runs as root to modify/etc/passwd). - SetGID (SGID): For executable files, it runs with the group permissions of the file. For directories, new files created within that directory inherit the directory's group, rather than the primary group of the user who created them.
- Sticky Bit: Applied only to directories, it ensures that only the owner of a file (or the directory owner, or root) can delete or rename files within that directory. This is commonly seen on public directories like
/tmpto prevent users from deleting each other's temporary files.
WARNING: Using chmod 777 (read, write, execute for everyone) is a significant security risk and should almost never be used on sensitive files!
Interactive chmod Calculator
Resulting Command:
chmod 755 filename
-rwxr-xr-x
Cybersecurity Tool Usage
A quick look at which tools are frequently used in CTF reconnaissance phases.
Process Management: What's Running?
Understanding processes is key to monitoring system health, identifying suspicious activity, and terminating unwanted programs. Simulate managing processes below.
Simulated Process Monitor (ps, top, kill)
| PID | USER | CPU% | MEM% | COMMAND | ACTION |
|---|
Package Management: Installing & Removing Software
For Garuda Linux users, pacman is your package manager. Learn how to install, remove, and update software, a fundamental skill for setting up your hacking lab or managing tools on a target.
Pacman Command Simulator
Simulated pacman output will appear here.
Scheduled Tasks: Understanding Crontab
cron is used to schedule commands to run periodically. Understanding crontab entries is vital for identifying persistent backdoors or scheduled malicious activities on a compromised system.
Crontab Entry Visualizer
Crontab Entry:
0 0 1 1 0
This command will run at 00:00 on the 1st day of January, and on every Sunday.
Service Management: Controlling Daemons
systemctl is the primary command for managing system services (daemons). Knowing how to start, stop, enable, and disable services is crucial for both defensive and offensive operations.
Systemctl Service Simulator
| SERVICE | STATUS | ACTION |
|---|
Put it to Practice: Mini CTF Scenario
Theory is great, but practice is everything. Let's walk through a simple CTF challenge to see how these commands work together. This scenario will give you a taste of what you'll encounter on platforms like TryHackMe, which offers structured learning paths like the "Linux Fundamentals" module and specific rooms for privilege escalation and web exploitation.
user@ctf-box:~$ # You've gained initial access to a web server! Your goal: find the flag hidden in a configuration file.Start Scenario