CLI Magic

These are the commands I reach for when things get real.

cd
ls
find
tree
du
df
pwd
readlink

System Info & Process Control

top
htop
ps
lsof
uptime
free
vmstat
dmesg

File & Text Manipulation

cat
less
head
tail
cut
sort
uniq
awk
sed
wc
xargs
tee

Permissions & Users

chmod
chown
usermod
whoami
groups
sudo
passwd

Networking

ping
ip
ss
ssh
netstat
dig
nslookup
curl
wget
traceroute
nmap
nc

Archives & Packages

tar
zip
unzip
dpkg
apt
rpm
dnf
pacman

Dangerous but Useful

rm -rf
dd
mkfs
mount
umount
kill
pkill
reboot
shutdown

Misc & Meta

alias
history
!
man
which
type
time
yes

cat

What it does: It shows what is inside the file you append.

Example: I use it all the time to read out the flag on some CTF's.

Tip: Awesome for any automation, where you want to work with some text inside a file.
Just use cat | secondCommand.
That also makes it perfect for searching through large files, like logs, together with grep

cd

What it does: Lets you move to the directory of your choosing.

Tip: Don't forget about the special use cases:

.. move up the file structure
~ move to home directory of the current user
/ move to root, but also lets you move anywhere you want, as long as you know the path

chmod

What it does:
Used to change permissions of a file.

Real use case:
Whenever you make a script so you are actually able to run it.

Example:
In the example above, making a file executable, it would like that chmod -x [file]

Tip:
Learning the number codes is extremely helpful. First number for the user, second for the group, and last for others. Each digit represents a combination of read (4), write (2), and execute (1).

dd

What it does:
Used to copy data from one place to another. The interesting thing about it is that is does that raw - byte by byte. That is why it is often used for cloning drives, making bootable usb drives, or secure deletion by overwriting existing data.

Real use case: I use dd to make bootable usb drives for setting up new machines fast.

Example: Creating a bootable USB from an .iso:

sudo dd if=/path/to/image.iso of=/dev/sdX bs=4M status=progress
sync

Replace sdX with your actual USB device (not a partition like sdX1).
sync ensures everything is fully written before you remove it.

Tip: - Be absolutely sure about your of= target — dd will happily overwrite your entire system without asking.
- You can also use dd to clone drives (if=/dev/sda of=/dev/sdb) or back up partitions to image files.
- Adjust bs= (block size) for speed; 4M or 8M are safe defaults.
- Combine it with gzip or pv for compression or progress display. Example:

sudo dd if=/dev/sda | pv | gzip > backup.img.gz

du

What it does:
Calculates actual disk space used by files and directories.

Real use case: Good to identify how the space is used in case of low disk space.

Tip:
You can pipe it through sort -rh to sort it by biggest size first.

find

What it does:
Used to search for files in a specified directory. You can search for all kinds of properties that you already know about it.

Real use case:
I used it to find the flag while playing OWT Bandit. For the level you got the size and some of the properties of the flag, and had to find it.

Example: find / -user bandit7 -group bandit6 -size 33c 2>/dev/null
That is how I found the specific flag. Tip:
I really want to remember the 2>/dev/null part for throwing out stderr.

htop

What it does:
An enhanced, interactive version of top with better visuals and controls.

Real use case:
Quickly kill, renice, or inspect processes without needing multiple commands

Tip:
It is really important to learn the short cuts and ways to use it to be effective.

ls

What it does:
Shows the inside of the current directory.

Tip:
Best used with a -al flag to list all files in long format.

nc

What it does:
Used for everything concerning connections via TCP or UDP.
You can do so much with it that it would probably be too much for this little section, and I need to make a whole page for netcat in the future.

Real use case: Mainly to set up listeners to get a reverse shell. That would look something like this:
nc -l 1234
Also netcat can be used to connect to some port and set it something manually or in a script.

ping

What it does:
Sends an ICMP echo request to a target host.

Real use case:
Perfect to test if there is a connection. Either to the target on the way in, or from the machine on the way out (by pinging something that is always reachable)

Example:
ping 8.8.8.8 to try to ping the google DNS server, which should always work if you have connection to the internet.

Tip: Is often used to monitor server uptime from afar, by regularly sending a ping.

ps

What it does:
Prints out the current processes.

Real use case:
Audit running processes precisely, grep specific patterns, or script behavior.

Tip:
ps faux shows process hierachy, kind of like tree for files.
This really helps with finding out where everything is coming from.

ssh

What it does:
Creates a secure connection with access to the local terminal.

Real use case:
Maintaining remote servers where it is not reasonable to have direct access, and which might not have a GUI. Example:
Accessing the Bandit Wargame from OvertheWire:
ssh -p 2220 bandit0@bandit.labs.overthewire.org

top

What it does:
Real-time view of system processes and resource usage.

Real use case:
Monitor CPU and detect runaway processes.

Tip:
You can press M to sort instantly by memory usage.

tree

What it does:
It prints out a skeleton of file system you give it.
Awesome to get an overview of where everything lives and to better understand what you are working with.

uniq

What it does:
Filter adjacent matching lines. It is mostly used when you have to omit or report repeating lines. Really helpful to dense down loads of data.

Real use case:
For me it was also really helpful in one of the OTW Bandit levels. It was mainly designed to teach the uniq command, so I am really excited to find some more real world use cases.