Linux Fundamentals Part 2

beginner35 minWriteup

More Linux commands and operators

Learning Objectives

  • Use operators (>, |, &)
  • Transfer files with SSH
  • Understand permissions deeply
  • Use common utilities

Building on Linux Fundamentals Part 1, this room covers operators, SSH, advanced permissions, and common utilities. Think of operators as the glue that lets you combine commands into powerful one-liners. These skills are essential for efficient command-line work and scripting.

Prerequisites

Make sure you've completed Linux Fundamentals Part 1 first. This room builds directly on those concepts.

Shell Operators

bash
1606070;"># Linux Shell Operators
2 
3606070;"># Redirect output to file (overwrite)
4echo 606070;">#a5d6ff;">"Hello" > file.txt
5ls -la > directory_list.txt
6 
7606070;"># Redirect output to file (append)
8echo 606070;">#a5d6ff;">"World" >> file.txt
9 
10606070;"># Pipe output to another command
11cat file.txt | grep 606070;">#a5d6ff;">"pattern"
12ls | wc -l                    606070;"># Count files
13 
14606070;"># Run command in background
15long_running_command &
16 
17606070;"># Run multiple commands sequentially
18command1 && command2          606070;"># Run command2 only if command1 succeeds
19command1 || command2          606070;"># Run command2 only if command1 fails
20command1 ; command2           606070;"># Run both regardless of success
21 
22606070;"># Redirect errors
23command 2> errors.txt         606070;"># Send errors to file
24command 2>&1                  606070;"># Merge stderr into stdout
25command > output.txt 2>&1     606070;"># Capture all output
26 
27606070;"># Examples
28cat /etc/passwd | grep 606070;">#a5d6ff;">"root"
29find / -name 606070;">#a5d6ff;">"*.txt" 2>/dev/null | head
30nmap 10.10.10.10 > scan.txt 2>&1 &

Hiding Errors

Redirecting errors to /dev/null (a black hole) is useful during enumeration: "find / -name secret 2>/dev/null" shows results without permission denied spam.

SSH (Secure Shell)

bash
1606070;"># SSH - Secure Remote Access
2 
3606070;"># Basic SSH connection
4ssh user@hostname
5ssh user@10.10.10.10
6ssh -p 2222 user@host        606070;"># Custom port
7 
8606070;"># SSH with password (will prompt)
9ssh tryhackme@10.10.10.10
10 
11606070;"># SSH with private key
12ssh -i id_rsa user@host
13chmod 600 id_rsa             606070;"># Key must have restricted permissions!
14 
15606070;"># Execute remote command
16ssh user@host 606070;">#a5d6ff;">"whoami"
17ssh user@host 606070;">#a5d6ff;">"cat /etc/passwd"
18 
19606070;"># Copy files with SCP
20scp file.txt user@host:/path/         606070;"># Upload
21scp user@host:/path/file.txt ./       606070;"># Download
22scp -r folder/ user@host:/path/       606070;"># Copy directory
23 
24606070;"># SCP with key
25scp -i id_rsa file.txt user@host:/tmp/
26 
27606070;"># Port forwarding (tunneling)
28ssh -L 8080:localhost:80 user@host    606070;"># Local forward
29ssh -D 9050 user@host                 606070;"># SOCKS proxy

Common Utilities

bash
1606070;"># Essential Linux Utilities
2 
3606070;"># wget - Download files
4wget http:606070;">//example.com/file.txt
5wget -O renamed.txt http:606070;">//example.com/file.txt
6wget -q http:606070;">//example.com/file.txt   # Quiet mode
7 
8606070;"># curl - Transfer data
9curl http:606070;">//example.com
10curl -o file.txt http:606070;">//example.com/file.txt
11curl -s http:606070;">//example.com            # Silent
12curl -I http:606070;">//example.com            # Headers only
13curl -X POST -d 606070;">#a5d6ff;">"data" http://example.com
14 
15606070;"># Text processing
16sort file.txt                         606070;"># Sort lines
17uniq file.txt                         606070;"># Remove duplicates
18wc file.txt                           606070;"># Count lines/words/chars
19wc -l file.txt                        606070;"># Count lines only
20cut -d: -f1 /etc/passwd               606070;"># Extract field
21tr 606070;">#a5d6ff;">'a-z' 'A-Z' < file.txt             # Transform text
22awk 606070;">#a5d6ff;">'{print $1}' file.txt             # Print first column
23sed 606070;">#a5d6ff;">'s/old/new/g' file.txt            # Find and replace
24 
25606070;"># System information
26uname -a                              606070;"># System info
27hostname                              606070;"># Machine name
28id                                    606070;"># Current user/groups
29whoami                                606070;"># Current username
30uptime                                606070;"># System uptime
31df -h                                 606070;"># Disk space
32free -h                               606070;"># Memory usage

Special Permissions

bash
1606070;"># Special Permission Types
2 
3606070;"># SUID (Set User ID) - Run as owner
4606070;"># File with SUID runs as the file owner, not the user executing it
5ls -l /usr/bin/passwd
6606070;"># -rwsr-xr-x  ← 's' in owner execute position
7 
8606070;"># Find SUID files (privilege escalation!)
9find / -perm -4000 2>/dev/null
10find / -perm -u=s -type f 2>/dev/null
11 
12606070;"># SGID (Set Group ID) - Run as group
13606070;"># File runs with group's permissions
14ls -l /usr/bin/wall
15606070;"># -rwxr-sr-x  ← 's' in group execute position
16 
17606070;"># Find SGID files
18find / -perm -2000 2>/dev/null
19 
20606070;"># Sticky Bit - Only owner can delete
21606070;"># Common on /tmp - everyone can write but only delete own files
22ls -ld /tmp
23606070;"># drwxrwxrwt  ← 't' at the end
24 
25606070;"># Setting special permissions
26chmod u+s file        606070;"># Set SUID
27chmod g+s file        606070;"># Set SGID
28chmod +t directory    606070;"># Set sticky bit
29chmod 4755 file       606070;"># SUID + 755
30chmod 2755 file       606070;"># SGID + 755
31chmod 1755 dir        606070;"># Sticky + 755

SUID = Potential Privesc

SUID binaries are prime targets for privilege escalation. If a SUID binary owned by root has a vulnerability, you can escalate to root. Always enumerate SUID files on target systems!

Room Walkthrough

Linux Fundamentals Part 2 Tasks

1
SSH IntroductionLearn SSH syntax. Connect to the provided machine using credentials.
2
OperatorsPractice >, >>, |, &&, and &. Chain commands together.
3
File TransferUse SCP to copy files between machines. Practice wget/curl downloads.
4
Permissions Deep DiveIdentify SUID files. Understand special permission bits.

Knowledge Check

Quick Quiz
Question 1 of 3

What operator sends a command's output to a file, overwriting existing content?

Key Takeaways

  • > overwrites files, >> appends, | pipes between commands
  • SSH provides secure remote access with password or key authentication
  • SUID files run as owner - critical for privilege escalation
  • wget/curl download files, SCP copies files over SSH
  • 2>/dev/null hides error messages during enumeration