Welcome back, my budding hackers!
I began this series on Linux basics because several of you have expressed befuddlement at working with BackTrack on Linux. As a hacker, there is no substitute for Linux skills.
Linux beginners are often faced with the issue of how to find files and programs, especially considering the radically different directory structure as compared to Mac OS or Windows. Beginners sometimes get frustrated trying to find the necessary files or binaries, so I'm dedicating this tutorial to finding stuff in Linux.
Before we dive in, make sure to check out my previous guides on Linux basics (1, 2, and 3) to get current on our lessons.
Step 1: Finding Files in a Directory (Find)
The first command I want to show you is find. As you probably guessed, find is able to find stuff by looking in a directory for the file you're hunting for. By default, it's recursive, which means it will look in all sub-directories and display a list of everywhere it finds the file. For instance, if we are looking for aircrack-ng, we could type:
- bt > find -name aircarck-ng
Note that we need to tell Linux that we want to search by name (-name) and then the name of the file we're searching for.
It then returns the full path of every place where it finds aircrack-ng. We can be more specific and ask Linux to only tell us where it finds aircrack-ng in the /pentest directory. We can do this by typing:
- bt > find /pentest -name aircrack-ng
This command says, "look in the pentest directory and all its sub-directories and tell me where you find something called aircrack-ng".
Now, Linux only returns those paths to files that are in the directory /pentest or its sub-directories, such as /pentest/wireless/aircrack-ng and the others.
Step 2: Finding Binaries in Path Variables (Which)
The next searching command we want to look at is which. This command allows us to search for binaries that are in our path variable. Hmm...even I think that's a lot of techo-googlygoop. Let's try to make some sense of it.
Binaries are the files that are the equivalent of executables in Windows. These are files that do something like echo, ls, cd, mv, etc. Our path variable is the variable that keeps the directory path to our binaries. Usually, our binaries are in the /bin (bin is short for binaries) or /sbin directory and that's reflected in our path variable. Our path variable setting can be checked by asking Linux to echo the value in the variable. We do this by typing:
- bt > echo $PATH
Linux responds with the value in our path variable. These are the places that which will search for binaries. So when we type:
- bt > which ls
It returns the path to that binary. If we use which to search for aircrack-ng:
- bt > which aircrack-ng
Then we can see that Linux returns /usr/local/bin/aircrack-ng. If aircrack-ng were not in a directory that was in our path, it would not be able to help us.
Step 3: Finding Any File in Any Directory (Whereis)
Unlike which, whereis is not limited to finding binaries in our path. It can locate files in any directory, and in addition, it also locates the files manual or man pages. So, when we type:
- bt > whereis aircrack-ng
We can see that whereis returns the path to multiple locations of aircrack-ng including the man pages.
Step 4: Finding Files Using the Database (Locate)
The locate command can also be used to find files and usually is much faster than either which or whereis. The difference is that locate uses a database of all the files in the file system and searches therefore take place much faster.
The drawback to locate is that new files will NOT be found by locate as the database is typically only updated daily, usually scheduled in the middle of the night when activity on the system is light as updating this database can be CPU intensive.
- locate aircrack-ng
You can see in the screenshot above that locate returns a path every time it encounters any file with aircrack-ng in it, binary or not.
Hope this helps you in finding what you need in BackTrack Linux, therefore making you a better hacker. Make sure to check out the first three parts of this series (1, 2, and 3), and if you have any questions, ask away in the comments below or hit up the Null Byte forum for more help.
Come back for my next Linux basics tutorial, and we'll look at how to install new software!
Just updated your iPhone? You'll find new features for TV, Messages, News, and Shortcuts, as well as important bug fixes and security patches. Find out what's new and changed on your iPhone with the iOS 17.6 update.
28 Comments
Thnx gud article.... Continue this series
Please keep up the series. Great work and it is appreciated.
could you please explain binary. i didn't understood it
Criss:
As I use the term here, it means the built-in programs that are called when you type commands like ls, echo, cd, and cp. These programs are stored in the /bin directory, short for binary.
OTW
OTW
After I have used the find command in the root directory it comes up with a blank line underneath the command that I have typed but does nothing after that. I can also type on this blank line.
Gumskull:
What you type after find.
OTW
What did you type after the "find" command?
OTW
Sorry for wasting your time, I closed the terminal and then opened a new one and it worked fine.
i have the same issue "After I have used the find command in the root directory it comes up with a blank line underneath the command that I have typed but does nothing after that. I can also type on this blank line." i also closed the terminal and reopened a new and still the same thing happens.(also im using kali)
Can you send a screenshot?
i used my phone hopefully u can see it clearly enough
Antonio:
You didn't follow the directions. Go back and read the directions. You need to tell Linux where to start looking.
OTW
sorry for the annoyance still a newb, trying to get a full understanding so i wont with theses problems but this is what i got, my lil brother got a hold of my computer i have no idea what he did
You need to put the path the directory you want to search.
ok got it my bad for wasting your time
i had the same permission denied problem . I think it is because your not running as root so try sudo find -name aircrack-ng. However this will still not work if your profile does not have superuser priveledges, im pretty new to this also so i could be wrong. Good luck
i understand that the binaries are the commands that you run in the terminal but i am very confused at what you mean by path variable.
it is where the binaries are stored, but why is it called a variable?
Chris:
It is an environment variable that stores the path to the binaries. It is a variable called PATH. In it are a list of paths to the binaries.
hello sir ,
I really love your guides and i am currently reading them and i would like to ask you 2 questions
when i try running find /pentest -name aircrack-ng i get a blank line,
but works ok on backtrack,, i am thinking changes were made during the transition from backtrack to kali,correct me if im wrong...
Why this error and as you can see I m using it from USB will it be able to use LAN card or it will have same problem as VM(using external ones)
Hi, i am new to Null-byte. And these articles are really helpful. Thank you for these great articles.
I am new in Null byte. but Im using Kali linux I have some problem with these command. I read comment but i didnt get anything ?
You are in your home directory. You have to switch to the root directory (cd /) and execute this command again.
whats up if i move a file in a unexist directory? how may i recover that file? or how may i know if in my computer are file in un exist directories? thnks
None of these work for me.. Im on Kali linux
Jenny, you are probably in your home directory. Go to root (previous parts will help) by typing CD / and then try to look for files.
new commands for the list!
never saw this in any other tutorial.
ty,
keep going!
Share Your Thoughts