These are my Week 2 notes frtheom CAT Reloaded entry-level program, based on Linux Basics for Hackers by OccupyTheWeb. Chapters 11, 15, and 17 were skipped per the program.
Chapter 1 — Basic Commands
1. Navigation
pwd — Show current directory
- Prints full path of current location.
- Use before modifying files.
whoami — Show current user
- Confirms if you’re
root or another user. - Critical for privilege-dependent tools.
cd — Change directory
.. → Up one level/ → Filesystem root
ls — List contents
1
2
3
4
| ls
ls -l
ls -la
ls -a
|
-l → Long format (permissions, owner, size, date)-a → Show hidden files
2. Help & Documentation
1
2
3
| tool --help
tool -h
man toolname # q to quit
|
3. Search & Locate
1
2
3
4
5
| locate filename # Fast, database-based, may miss recent files
whereis toolname # Binary + man page location
which toolname # Executable in $PATH only
find / -type f -name filename # Precise, slow
find /etc -type f -name apache2.*
|
Wildcards: * = any chars, ? = one char, [ab] = listed chars
4. Processes & Filtering
1
2
| ps aux # List all processes
ps aux | grep apache2 # Filter by name
|
5. File Creation
1
2
3
| cat > file # Create/overwrite (CTRL+D to save)
cat >> file # Append
touch file # Create empty file
|
6. File & Directory Management
1
2
3
4
5
6
7
| mkdir dir
cp source destination
mv old new
mv file /path/
rm file
rmdir dir # Only empty directories
rm -r dir # Deletes everything inside (dangerous)
|
Key Distinctions:
locate = fast, indexedfind = slow, powerful> overwrites, >> appendsrm -r can wipe entire trees
Chapter 2 — Text Manipulation
Viewing Files
1
2
3
4
5
6
7
8
| cat file # Dump entire file (bad for large files)
head file # First 10 lines
head -20 file # First 20 lines
tail file # Last 10 lines
tail -20 file # Last 20 lines
nl file # Number lines
more file # Page-by-page (ENTER = next, q = quit)
less file # Scroll up/down + search with /keyword
|
Filtering Text
1
2
3
| grep keyword file
cat file | grep keyword
ps aux | grep apache2
|
1
2
| nl file | grep "pattern"
tail -n+507 file | head -n6 # Start from line 507, show 6 lines
|
Find & Replace with sed
1
2
3
| sed 's/mysql/MySQL/g' file > newfile # Replace all
sed 's/mysql/MySQL/' file > newfile # Replace first only
sed 's/mysql/MySQL/2' file > newfile # Replace 2nd match only
|
Structure: s/old/new/g — s = substitute, g = global
| Command | Best For |
|---|
cat | Quick full output |
head | Beginning of file |
tail | End of file / logs |
nl | Line references |
grep | Filtering lines |
sed | Replace text |
more | Basic paged viewing |
less | Scrolling + search |
grep is your primary filter. less is your primary viewer. Use pipes (|) to chain commands.
Chapter 3 — Analyzing & Managing Networks
View Network Interfaces
1
2
| ifconfig # Shows IP, MAC, netmask, broadcast
iwconfig # Wireless details (mode, ESSID, signal)
|
Key Interfaces: eth0 = Wired, wlan0 = Wireless, lo = Loopback (127.0.0.1)
Change Network Configuration
1
2
| ifconfig eth0 192.168.1.10 # Assign static IP
ifconfig eth0 192.168.1.10 netmask 255.255.0.0 broadcast 192.168.1.255
|
Spoof MAC Address
1
2
3
| ifconfig eth0 down
ifconfig eth0 hw ether 00:11:22:33:44:55
ifconfig eth0 up
|
MAC spoofing requires: interface down → change → up.
DHCP Management
1
| dhclient eth0 # Request new DHCP address
|
Sends DHCPDISCOVER → receives DHCPOFFER → assigns IP. Note: DHCP logs can be used for forensic tracing.
DNS Reconnaissance
1
2
| dig example.com ns # Find nameservers
dig example.com mx # Find mail servers
|
Change DNS Server
1
| echo "nameserver 8.8.8.8" > /etc/resolv.conf
|
File: /etc/resolv.conf — order matters (top = queried first). DHCP may overwrite this.
Hosts File Manipulation
1
2
| leafpad /etc/hosts
# Add: 192.168.1.10 example.com
|
File: /etc/hosts — overrides DNS locally. Use for traffic redirection, local testing, DNS spoofing scenarios.
| Tool | Purpose |
|---|
ifconfig | View/modify IP, MAC, netmask |
iwconfig | Wireless interface info |
dhclient | Request DHCP IP |
dig | DNS intelligence |
/etc/resolv.conf | Set DNS servers |
/etc/hosts | Manual domain-IP mapping |
Chapter 4 — Adding & Removing Software
1
2
3
4
5
6
| apt-cache search <keyword> # Search packages
apt-get install <package> # Install
apt-get remove <package> # Remove (keep config)
apt-get purge <package> # Remove + config
apt-get update # Update package list
apt-get upgrade # Upgrade installed packages
|
Add repositories: Edit /etc/apt/sources.list → run apt-get update
Install from GitHub:
1
| git clone https://github.com/user/project.git
|
Use apt first. Git when it’s not in repos.
Chapter 5 — Controlling File & Directory Permissions
Permission Basics
| Each file has 3 sets: **owner | group | others** — each set = r w x |
1
2
3
| ls -l
# Example output: -rw-r--r--
# - = file, rw- = owner, r-- = group, r-- = others
|
Change Ownership
1
2
| chown user filename
chgrp group filename
|
Numeric Permissions (Fastest)
| rwx | Value |
|---|
--- | 0 |
--x | 1 |
-w- | 2 |
-wx | 3 |
r-- | 4 |
r-x | 5 |
rw- | 6 |
rwx | 7 |
1
2
| chmod 774 file # owner=rwx, group=rwx, others=r--
chmod 755 tool # owner=rwx, group=r-x, others=r-x
|
Symbolic Permissions (UGO)
1
2
3
| chmod u-w file # Remove write from owner
chmod u+x,o+x file # Add execute to owner and others
chmod +x tool # Make executable
|
Default Permissions — umask
Base: Files=666, Directories=777. System subtracts umask.
1
2
| umask # Check current (typically 022 on Kali)
umask 007 # Set temporarily
|
Kali default result: Files → 644, Directories → 755
Special Permissions
SUID (4000) — Runs with owner’s privileges:
1
2
| chmod 4644 file # Shows as -rwsr-xr-x
find / -user root -perm -4000 # Find SUID files (privesc hunting)
|
SGID (2000) — Runs with group privileges:
Sticky Bit (1000) — Used on /tmp — prevents users from deleting others’ files.
Bad permissions = easy privilege escalation. Loose SUID/SGID = attack surface.
Chapter 6 — Process Management
1
2
3
4
| ps # Basic view
ps aux # Full system view (PID, %CPU, %MEM, COMMAND)
ps aux | grep msfconsole # Filter for specific process
top # Live view, sorted by CPU (q=quit, k=kill, r=renice)
|
Priority (nice / renice)
Range: -20 (highest) to +19 (lowest). Default = 0. Only root can go negative.
1
2
| nice -n -10 command # Start with priority
renice 19 PID # Change running process
|
Kill a Process
1
2
3
| kill PID # Clean stop
kill -9 PID # Force kill
killall -9 processname
|
Background & Scheduling
1
2
3
4
| command & # Run in background
fg # Bring back to foreground
at 1:00am # Schedule one-time (then type command, CTRL+D)
# Formats: "at now + 20 minutes", "at 7:30pm", "at tomorrow"
|
Chapter 7 — Environment Variables
1
2
3
4
5
6
| env # Show environment variables
set | more # Show everything
set | grep HISTSIZE # Filter for one
HISTSIZE=0 # Change session only
export HISTSIZE # Make persistent
unset MYVAR # Delete variable
|
PATH (Critical)
1
2
3
| echo $PATH
PATH=$PATH:/root/newtool # Correct — always append
# PATH=/root/newtool # Wrong — breaks system commands
|
Change Shell Prompt (PS1)
1
2
3
| PS1="Hacker:# "
export PS1='C:\w> ' # Windows-style
# Placeholders: \u=user, \h=hostname, \W=current dir
|
Chapter 8 — Bash Scripting
1
2
| #!/bin/bash
echo "Hello, World!"
|
1
2
| chmod 755 script.sh
./script.sh
|
1
2
3
4
| #!/bin/bash
echo "What is your name?"
read name
echo "Welcome $name!"
|
Port Scanner Example
1
2
3
4
5
| #!/bin/bash
# Basic MySQL scanner
nmap -sT 192.168.1.0/24 -p 3306 > /dev/null -oG scan
cat scan | grep open > results
cat results
|
Advanced (user-driven):
1
2
3
4
5
6
7
| #!/bin/bash
echo "Start IP:"; read FirstIP
echo "End IP:"; read LastIP
echo "Port:"; read port
nmap -sT $FirstIP-$LastIP -p $port > /dev/null -oG scan
cat scan | grep open > results
cat results
|
Built-ins
| Command | Purpose |
|---|
echo | Print |
read | Input |
export | Persist variable |
unset | Remove variable |
test / [ ] | Condition checks |
jobs | List background tasks |
bg / fg | Background / foreground |
Chapter 9 — Compressing & Archiving
1
2
3
4
5
6
7
8
9
| tar -cvf L4H.tar file1 file2 # Archive (c=create, v=verbose, f=filename)
tar -tvf L4H.tar # List contents
tar -xvf L4H.tar # Extract
gzip L4H.tar → L4H.tar.gz # Compress (fast, common)
gunzip L4H.tar.gz # Decompress
bzip2 L4H.tar → L4H.tar.bz2 # Best compression, slower
bunzip2 L4H.tar.bz2
|
One-step (real-world way):
1
2
| tar -czvf L4H.tar.gz Linux4Hackers* # gzip
tar -cjvf L4H.tar.bz2 Linux4Hackers* # bzip2
|
Forensic Copy — dd
1
| dd if=/dev/sdb of=/root/flashcopy bs=4096 conv=noerror
|
Bit-for-bit copy including deleted data. Very slow. Use only for full physical clones.
Chapter 10 — Filesystem & Storage Device Management
Drive Naming
sda → first drive, sdb → second, sda1 → first partition on first drive
1
2
| lsblk # List drives (device, size, type, mount)
fdisk -l # Detailed partition view (root required)
|
Mount / Unmount
1
2
3
| mount /dev/sdb1 /mnt # Mount
umount /dev/sdb1 # Unmount before removal (no 'n'!)
df -h # Check disk space
|
Check Filesystem
1
2
| umount /dev/sdb1
fsck -p /dev/sdb1 # Auto-fix. Never run on mounted drives.
|
| Task | Command |
|---|
| List drives | lsblk |
| See partitions | fdisk -l |
| Check space | df -h |
| Mount | mount |
| Unmount | umount |
| Check errors | fsck |
| Clone drive | dd |
Chapter 12 — Using & Abusing Services
1
2
| service <name> start/stop/restart
systemctl start/stop/restart/status <name>
|
Apache HTTP Server
1
2
3
4
| apt install apache2
service apache2 start
# Test: http://localhost
# Edit: /var/www/html/index.html
|
OpenSSH
1
2
3
| service ssh start
ssh user@IP
ssh pi@192.168.1.101
|
Used for: remote control, secure admin access, pivoting after compromise.
MySQL
1
2
3
4
5
6
7
8
| service mysql start
mysql -u root -p
show databases;
use mysql;
show tables;
SELECT * FROM table_name;
ALTER USER 'root'@'localhost' IDENTIFIED BY 'newpassword';
|
PostgreSQL + Metasploit
1
2
3
4
| service postgresql start
msfconsole
msfdb init
db_status
|
Without PostgreSQL → Metasploit has limited functionality.
What each service does:
- Apache = serve web content
- SSH = remote control
- MySQL = web app data
- PostgreSQL = Metasploit backend
Chapter 13 — Becoming Secure & Anonymous
How You Get Tracked
- IP address tags every packet
- ISPs log everything
- Sites fingerprint your browser
1
| traceroute google.com # See every hop your traffic takes
|
Tor Browser
Routes traffic through volunteer relays with multi-layer encryption. Hides origin IP from destination.
Reality: Slower. Exit nodes can see unencrypted traffic. Nation-state agencies target it. Good for basic tracking avoidance — not bulletproof.
Proxy Chains
1
2
3
| proxychains firefox example.com
# Config: /etc/proxychains.conf
# Modes: dynamic_chain, strict_chain, random_chain
|
Free proxies log you. Many sell data. If it’s free, you’re the product.
VPNs
Encrypts traffic and replaces your IP. VPN provider still sees your real IP — logs = exposure. Good for ISP privacy and public Wi-Fi, not true anonymity.
What Actually Improves Privacy
- VPN + Tor combined
- Encrypted email (ProtonMail)
- Hardened browser
- Separate identities per activity
- Never mix real-world info with anonymous ops
Chapter 14 — Understanding & Inspecting Wireless Networks
Wi-Fi Basics
- SSID — network name
- BSSID — AP MAC address
- Channel — frequency slot (1–11 US)
- Security — WEP (broken), WPA, WPA2-PSK
- Modes — managed (normal), master (AP), monitor (sniffing)
- Frequency — 2.4GHz / 5GHz
Core Commands
1
2
3
4
| ifconfig / iwconfig # Check interfaces
iwlist wlan0 scan # Scan nearby APs (raw)
nmcli dev wifi # Scan (cleaner output)
nmcli dev wifi connect SSID password PASSWORD
|
Wi-Fi Recon with aircrack-ng
1
2
| airmon-ng start wlan0 # Enable monitor mode → wlan0mon
airodump-ng wlan0mon # Capture traffic (BSSID, channel, encryption, clients)
|
Monitor mode = see all traffic, not just yours.
Bluetooth Recon
1
2
3
4
5
6
| hciconfig # Check adapter
hciconfig hci0 up
hcitool scan # Scan discoverable devices
hcitool inq
sdptool browse MAC # Get service details
l2ping MAC # Test reachability
|
Enumeration comes first. Exploitation comes later.
Chapter 16 — Automating Tasks with Job Scheduling
cron — Time-Based Execution
1
2
| crontab -e # Edit user cron
# Config: /etc/crontab
|
Format: M H DOM MON DOW USER COMMAND
1
2
3
4
5
| Minute 0–59
Hour 0–23
Day/Month 1–31
Month 1–12
Day/Week 0–7 (0 & 7 = Sunday)
|
Examples:
1
2
3
| 30 2 * * 1-5 root /root/myscript.sh # 2:30 AM Mon–Fri
00 15 * * 3 user /usr/share/script.sh # Wednesday 3 PM
00 0 10 4,6,8 * user /usr/share/script.sh # 10th day April/June/Aug
|
Shortcuts:
1
| @daily @weekly @monthly @yearly @reboot
|
Services at Boot (systemd)
1
2
3
4
| systemctl enable postgresql # Start at boot
systemctl disable postgresql # Disable
systemctl status postgresql # Check
update-rc.d postgresql defaults # Old method
|
Always use absolute paths in cron scripts. Test manually before scheduling.
If you have any questions, feel free to reach out on LinkedIn or Discord
