If you’re stepping into the world of ethical hacking, the very first skill you need to master is Linux. Most professional hackers, penetration testers, and cybersecurity experts rely on Linux because it offers flexibility, transparency, and powerful command-line utilities.
In this guide, you’ll learn why Linux is essential for hackers, get familiar with the Linux file system, explore basic commands, and follow hands-on exercises you can practice right now in your lab.
Why Hackers Use Linux
Ethical hackers prefer Linux over Windows because:
- Most servers run on Linux – meaning you need Linux knowledge to test them.
- Preloaded security tools – Distros like Kali Linux come with tools such as Nmap, Metasploit, and Burp Suite.
- Efficient command-line – Automating tasks with scripts is faster than GUIs.
- Open-source transparency – You can see, modify, and customize everything.
👉 Hacker Tip: If you’re new, start with Kali Linux because it’s beginner-friendly and widely used in penetration testing.
Popular Linux Distributions for Ethical Hacking
- Kali Linux – Industry standard for penetration testing.
- Parrot Security OS – Lightweight, privacy-focused pentesting distro.
- Ubuntu / Debian – Good for scripting and tool installation for beginners.
Understanding the Linux File System
Linux organizes everything into a tree-like hierarchy starting from / (the root directory).
Here’s a simplified breakdown with examples hackers often interact with:
/→ The root of the file system./home/→ Contains user directories. Example:/home/kali/root/→ Home for the root (administrator) user./etc/→ System configuration files. Example:/etc/passwd(stores user info)./var/log/→ System and security logs. Example:/var/log/auth.log(login attempts)./bin/→ Essential system binaries (commands likels,cat)./tmp/→ Temporary files (sometimes exploited by hackers).
👉 Hacker Tip: During penetration tests, checking /etc/passwd and /var/log/ is one of the first steps attackers take to enumerate users and investigate logs.
Essential Linux Commands for Hackers
Here are some must-know commands with practical examples:
| Command | Purpose | Example | Output |
|---|---|---|---|
pwd | Show current directory | pwd | /home/kali |
ls | List files | ls -la | Shows hidden files with permissions |
cd | Change directory | cd /etc | Moves into /etc |
cat | View file contents | cat /etc/passwd | Displays system users |
grep | Search text | grep root /etc/passwd | Finds “root” entry |
chmod | Change file permissions | chmod 755 script.sh | Makes script executable |
ip a | Show network interfaces | ip a | Lists IP addresses |
ping | Test connectivity | ping 8.8.8.8 | Sends packets to Google DNS |
sudo | Run as root | sudo apt update | Updates system packages |
Hands-On Linux for Hackers: Step-by-Step
Now let’s get practical. Open your Kali Linux terminal and try these exercises:
1. Exploring the File Sy
pwd
ls -la /pwdshows your current directory.ls -la /lists all files in the root directory, including hidden ones.
You are sure to get an output in your command line that is similar to mine:
┌──(ehis㉿ehis)-[/]
└─$ pwd
/
┌──(ehis㉿ehis)-[/]
└─$ ls -la
total 80
drwxr-xr-x 19 root root 4096 Feb 11 2024 .
drwxr-xr-x 19 root root 4096 Feb 11 2024 ..
lrwxrwxrwx 1 root root 7 Dec 26 2023 bin -> usr/bin
drwxr-xr-x 3 root root 4096 Feb 11 2024 boot
.......
drwxrwxrwt 20 root root 4096 Sep 6 00:00 tmp
drwxr-xr-x 15 root root 4096 Feb 11 2024 usr
drwxr-xr-x 12 root root 4096 Feb 17 2024 var
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz -> boot/vmlinuz-6.1.0-kali9-amd64
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz.old -> boot/vmlinuz-6.1.0-kali9-amd64
┌──(ehis㉿ehis)-[/]
└─$
✅ Try navigating to /etc and view its contents:
──(ehis㉿ehis)-[/]
└─$ cd /etc
┌──(ehis㉿ehis)-[/etc]
└─$ ls -la
total 1576
drwxr-xr-x 184 root root 12288 Sep 5 23:11 .
drwxr-xr-x 19 root root 4096 Feb 11 2024 ..
-rw-r--r-- 1 root root 3040 Mar 8 2023 adduser.conf
drwxr-xr-x 3 root root 4096 Dec 26 2023 alsa
drwxr-xr-x 2 root root 24576 Mar 11 2024 alternatives
drwxr-xr-x 8 root root 4096 Dec 26 2023 apache2
drwxr-xr-x 2 root root 4096 Dec 26 2023 apparmor
┌──(ehis㉿ehis)-[/etc]
└─$
2. Investigating User Accounts
Check the list of system users:
cat /etc/passwd
- Each line represents a user account.
- Example entry:
root:x:0:0:root:/root:/bin/bash- root → Username
- /root → Home directory
- /bin/bash → Default shell
👉 Exercise: Use grep to filter specific users:
┌──(ehis㉿ehis)-[/]
└─$ pwd
/
┌──(ehis㉿ehis)-[/]
└─$ ls -la
total 80
drwxr-xr-x 19 root root 4096 Feb 11 2024 .
drwxr-xr-x 19 root root 4096 Feb 11 2024 ..
lrwxrwxrwx 1 root root 7 Dec 26 2023 bin -> usr/bin
drwxr-xr-x 3 root root 4096 Feb 11 2024 boot
.......
drwxrwxrwt 20 root root 4096 Sep 6 00:00 tmp
drwxr-xr-x 15 root root 4096 Feb 11 2024 usr
drwxr-xr-x 12 root root 4096 Feb 17 2024 var
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz -> boot/vmlinuz-6.1.0-kali9-amd64
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz.old -> boot/vmlinuz-6.1.0-kali9-amd64
┌──(ehis㉿ehis)-[/]
└─$
3. Checking Network Interfaces
As a hacker, you need to know your IP before scanning or exploiting targets. Run the command: ip a
Output
┌──(ehis㉿ehis)-[/etc]
└─$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 00:0c:29:b4:74:49 brd ff:ff:ff:ff:ff:ff
inet 192.168.71.131/24 brd 192.168.71.255 scope global dynamic noprefixroute eth0
valid_lft 1501sec preferred_lft 1501sec
inet6 fe80::20c:29ff:feb4:7449/64 scope link noprefixroute
valid_lft forever preferred_lft forever
In the above output, i am still in my etc so that works, in case you are wondering
Look for your IP address under eth0 or eth0.
👉 Exercise: Ping Google DNS to test connectivity, try this command: ping -c 4 8.8.8.8
┌──(ehis㉿ehis)-[/etc]
└─$ ping -c 4 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=128 time=45.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=128 time=45.5 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=128 time=32.5 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=128 time=34.0 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3041ms
rtt min/avg/max/mdev = 32.512/39.259/45.458/6.022 ms
4. Exploring Logs
System logs reveal user activities and attacks. List the log directory: ls /var/log
┌──(ehis㉿ehis)-[/]
└─$ pwd
/
┌──(ehis㉿ehis)-[/]
└─$ ls -la
total 80
drwxr-xr-x 19 root root 4096 Feb 11 2024 .
drwxr-xr-x 19 root root 4096 Feb 11 2024 ..
lrwxrwxrwx 1 root root 7 Dec 26 2023 bin -> usr/bin
drwxr-xr-x 3 root root 4096 Feb 11 2024 boot
.......
drwxrwxrwt 20 root root 4096 Sep 6 00:00 tmp
drwxr-xr-x 15 root root 4096 Feb 11 2024 usr
drwxr-xr-x 12 root root 4096 Feb 17 2024 var
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz -> boot/vmlinuz-6.1.0-kali9-amd64
lrwxrwxrwx 1 root root 30 Dec 26 2023 vmlinuz.old -> boot/vmlinuz-6.1.0-kali9-amd64
┌──(ehis㉿ehis)-[/]
└─$
5. File Permissions & Privileges
Linux uses a permission system (read r, write w, execute x).
Check permissions:
-rwxr-xr-- 1 kali kali script.sh- Owner can read/write/execute.
- Group can read/execute.
- Others can read.
👉 Exercise: Make a script executable:
echo "echo Hello Hacker!" > script.sh
chmod +x script.sh
./script.shFinal Thoughts
Linux is the foundation of ethical hacking. By learning its file system, commands, and basic scripting, you build the skills necessary to use powerful hacking tools and exploit real-world systems.
In this guide, you practiced:
- Navigating the Linux file system.
- Reading sensitive files like
/etc/passwd. - Checking network details with
ip a. - Exploring logs in
/var/log/. - Managing permissions and running your own script.
✅ The more you practice these basics, the more natural Linux will feel — and soon you’ll be ready for advanced hacking techniques like privilege escalation and exploit development.
I’m Emmanuel Okaiwele, a Secure Web Developer, Offensive Security Engineer, Member Cybersecurity Experts Association of Nigeria – CSEAN, and the founder of Nebitex Africa — a platform dedicated to making cybersecurity simple, practical, and accessible for Africans.
