WTF is the Linux Shell?

September 21, 2020

by Dennis

_______________

If you already use the shell every day, you don’t need to be here. For everyone else, let’s take a practical look at why we even want anything to do with the Linux shell (Linux shell not included. Use AWS or.

The shell was always a mystery to me. Let’s start by answering the most common questions surrounding the shell before we look at the more technical aspects of “how to”. If you want to skip to the how-to, click here.

What is the shell?

The shell is most easily compared to that which we are more familiar with: the GUI or graphical user interface. The GUI is made up of the mouse, the icons, the desktop, the top or bottom bar (often containing time, other info, and some useful apps). So when we use the GUI, we may click on the ‘X’ button to close a program. In the shell, you can get the exact same results by running the following command in the commandline:

pkill [Application]

So in short, the shell is just a way that we interact with the computer hardware. It allows us to pass along inputs such as typed commands to perform useful actions on the computer. Both the GUI and the shell are ways to send commands and execute programs on a computer. Without either, you just have a hunk of metal and plastic.

So… Why don’t I just click on the buttons instead of typing out commands in the shell? Why the shell?

When starting with the shell, it is easy to feel like it is slow, cumbersome, and useless. In the beginning, this may be true. Yet using the shell has huge number of benefits compared to the GUI. For one, you will gain a much better understanding of the way programs work and how to troubleshoot them. For those interested in either red teaming or computer forensics and incident response, understanding at this level will become a key part of any job when you have to go off the beaten path to find solutions or explain something to a client. In addition to this, using a text-based commandline:

  • Results in fewer mistakes. You can very easily misclick and cause major issues (clicking shutdown instead of sleep or logoff. Now imagine that problem on a vital piece of networking equipment at a large company). In contrast, typing out a command is very explicit, and typos will more likely result in an error message.
  • Uses far less resources than a GUI. Most graphical user interfaces will need to consume nearly a gigabyte of memory just to start up. Those resources can be used on far more important tasks.
  • It is actually faster. When you need to sort through thousands of lines or files, the shell will save you hours of mouse drags, clicking checkboxes, and other painfully redundant tasks.

It also looks cool. You open the terminal up and everybody assumes you’re getting work done. And yes it is still very relevant.


The what and how

With that, we can move onto the what we do and how we do it. Linux servers often provide a variety of services including but not limited to web servers, VPN servers, databases, and file shares. Most of what you will do, as a result of that, is managing services and editing their configurations to best fit your needs (basically, this is changing text files that are read each time the application starts. In many GUI applications, the front-end settings app will actually just change values in a text file).

Moving Around

In order to get to managing those files, finding the configurations, and just getting an idea of where everything is, we will need to figure out where we are.

First thing is first. Before running commands, you need to know what kind of system you are on (what OS and other stuff like architecture when you start to understand/care about that). You can’t just type commands into the void and hope the correct operating system is there to execute your commands.

$ uname -a
Linux ip-172-31-26-241 5.3.0-1033-aws #35-Ubuntu SMP Wed Aug 5 15:47:17 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

Uname is short for unix-name (so a kind of legacy naming scheme) and prints some info about the shell. The ‘-a’ flag stands for ‘all’ and it prints all of the available information that can come from this command.

This command was run on an AWS VPS or virtual private server (if you don’t know what this is, look it up!). There is a lot to look at, but the gist is that it is Ubuntu Linux and that it is running on an x8664 architecture_. Basically, your Linux commands should work! As with any command, feel free to look it up for more context. Let’s move on.

In Linux, there is the concept of the working directory (the folder you are currently in. Folders will now be called directories though). In order to see what directory you are in, run the following command:

$ pwd
/home/ubuntu

Pwd stands for print working directory. It is useful to get an idea of where you are in the filesystem, and it will print out the full path to your current directory. The full path starts from the root directory ’/‘. This directory is the heart of the Linux filesystem and will contain everything in the system. If you see a file path starting with ’/’, it is most likely the full path. This means it will describe a location starting from the root directory.

To see all the files/subdirectories in the current directory, we can run:

$ ls

For more information and to see hidden files (files starting with a dot; files that general users don’t need to see), run:

$ ls -la

The ‘-l’ flag means long print, where it will print additional information associated with each file such as permissions and ownership. The ‘-a’ flag means show all files.

To change our working directory to another directory (“move” into another directory), we can use the following command:

$ cd /absolute/path/to/directory

or

$ cd relative/path/to/directory

In contrast to a full or absolute path, the relative path does not start with the root directory ’/‘. Instead, it is relative to your current working directory. Take for example, the following file tree.

exampleFS

If your ‘pwd’ command returns /home/Movies, then to get to Action, you can type one of the following:

$ cd /home/Movies/Action
$ cd Action

It is a bit like if I was giving you directions to an address, I could give you the full address; but if you are already on that street, you would do just as well with just the house number or just the next couple turns.

Creating and Editing Files

This is not popular opinion but I am going to start you off with Vim, a powerful modal text editor. Many people claim it is too complicated, but it really isn’t and I don’t see any reason why you should start learning Linux with tools (like nano) that you will simply outgrow. Using vim has greatly increased my speed and effectiveness at work.

To create a new file, type:

$ vim newFile.txt

Where newFile can be any filename you want. If the name of that file already exists in your current directory, vim will simply open the file.

Now when you first open a file in vim, it will look something like this:

Screenshot of iTerm2 (9-25-20, 8-02-41 PM)

There are 3 modes in vim. Normal, insert, and command mode. Normal mode is used for navigating a file and editing it; insert mode is specifically for typing stuff in (this is the mode most people are used to after using notepad or MS Word), and command mode is used to execute a variety of commands, e.g. saving and quitting. search and replace, running actual shell commands, etc.

We start in normal mode. To enter insert mode, press ‘i’ and you can start typing. When you are done, we return to normal mode by pressing the escape key ‘esc’. From there you can move around and press ‘i’ to enter insert mode as needed. When you are ready to save and quit, make sure you are in normal mode by pressing ‘esc’. Then enter command mode by typing ’:’

You should see the cursor move to the bottom like this:

Screenshot of iTerm2 (9-25-20, 8-07-46 PM)

After the colon, type ‘wq’ and press enter to save and quit. ‘w’ stands for write, or save. ‘q’ stands for quit.

To see some cool things you can do with vim, see this youtube video (skip to around halfway when he actually starts to demo vim).

A pattern you may have noticed is

command fileOrDirectory

This structure is common to command line interfaces, and the object after the command is generally called the parameter. Commands you type will be made up of the command, flags that adjust how the command runs, and the parameters the command might need. But sometimes just the command is fine, like with ‘poweroff’.

Moving, Renaming, and Copying Files

Finally there are the ‘mv’ and ‘cp’ commands for moving and copying respectively.

To copy a file:

$ cp file.txt /some/other/location/newName.txt

If you do not specify a file like this:

$ cp file.txt /some/other/location/

Then the command will simply create a copy of the same name in that other location. The move command works in the exact same way. If you want to rename a file, then simply use the ‘mv’ command in the same directory like so:

$ mv file.txt newName.txt

Conclusion and Review

So let’s do a quick recap. The Linux operating system generally has services running and most of our work has to do with editing files to ensure the services have the correct settings.

Here are the commands we learned:

uname: Print information about the operating system
pwd: Print working directory
ls: List segments, or list. Will list files and directories
cd: Change directory
vim: text editor
cp: Copy files
mv: Move files 

Next time, we will look at the sudo command, pipes and redirectors, wildcards, searching, and package managers. Good luck and happy hacking!


Recent Posts


WTF is the Linux Shell?

DNS for Out-of-Band Exfiltration

nVis Custom Red Teaming Platform for CPTC

Hello Swift