Testing
CompTIA PenTest+ PT0-003 | Essential Command Line Skills
Why These Commands Matter for Pentesters
You don't just use ls to list files - you use it to spot writable directories, SUID binaries, and hidden config files.
These four commands (ls, cd, cat, pwd) form the foundation of post-exploitation enumeration on Linux systems.
● ls: Discover attack surfaces (permissions, timestamps, hidden files)
● cd: Navigate file systems methodically during exploitation
● cat: Extract credentials, configs, and sensitive data
● pwd: Maintain situational awareness in complex directory structures
Quick Reference Table
Command Purpose Key Security Use Case
ls List directory contents Find SUID binaries, writable files, hidden configs
cd Change directory Navigate to /tmp, /etc, /var for enumeration
cat Display file contents Read /etc/passwd, SSH keys, DB credentials
pwd Print working directory Verify current location during exploitation chain
Command #1: ls (List Directory Contents)
What It Does
Lists files and directories. But for pentesters, it's a reconnaissance tool that reveals permissions, timestamps,
ownership, and hidden files.
Essential Flags for Security Work
ls -la # Long format + hidden files
ls -lh # Human-readable sizes
ls -lt # Sort by modification time
ls -lR # Recursive listing
Security-Focused Examples
● Find SUID binaries:
ls -la /usr/bin | grep rws
Why: SUID binaries run with owner's privileges - potential privesc vectors
● Check writable directories:
ls -la /tmp /var/tmp /dev/shm
Why: Writable directories can host malicious payloads or temporary exploits
● Spot hidden config files:
ls -la ~/
Why: .ssh/, .bash_history, .mysql_history may contain credentials
● Identify recently modified files:
ls -ltr /var/log
Why: Recent modifications indicate active services or admin activity
, What Pentesters Look For
● Permissions: Look for world-writable files (777) or SUID/SGID bits
● Timestamps: Recent changes suggest active services worth exploiting
● Hidden files: Start with . (dot) - often contain credentials or configs
● Ownership: Files owned by root but writable by others = privilege escalation
Command #2: cd (Change Directory)
What It Does
Navigates the file system. For pentesters, it's about methodically moving through target directories during
enumeration.
Essential Shortcuts
cd ~ # Home directory
cd / # Root directory
cd .. # Parent directory
cd - # Previous directory
cd /path # Absolute path
cd folder # Relative path
Security-Focused Navigation Patterns
● Enumeration workflow:
cd /etc && ls -la # System configs
cd /var/www && ls -la # Web roots
cd /home && ls -la # User directories
cd /tmp && ls -la # Temp/writable space
● Quick pivots:
cd - # Jump back to previous location
Why: Quickly return to working directory after checking another location
● Root access confirmation:
cd /root # Try to access root's home
Why: If successful, you have root privileges
Critical Directories for Pentesters
● /etc: Configuration files (passwd, shadow, ssh configs)
● /var/log: Log files (may reveal usernames, services, errors)
● /tmp: World-writable temp directory (upload payloads here)
● /home: User directories (look for .ssh, .bash_history)
● /var/www: Web server root (source code, config files)
● /opt: Third-party applications (often misconfigured)
Command #3: cat (Concatenate and Display Files)
What It Does
Displays file contents to the terminal. For pentesters, it's the primary tool for extracting credentials, configs, and
sensitive data.
Security-Focused Examples