Linux & Command Line

Answer: chmod changes Linux file permissions for user, group, and others (read/write/execute). Permissions matter because misconfigurations can expose sensitive files or allow unintended execution. Pentesters use chmod often when working with scripts and tools.

Tip: Be ready to explain 755 vs 644.

Answer: chown changes the ownership of a file or directory. Ownership affects how permissions are applied and who can modify a file. Incorrect ownership can expose or break security controls.

Tip: Example: sensitive configs should be owned by root.

Answer: grep searches files or output for text patterns. It’s useful for finding credentials, API keys, endpoints, or configuration values quickly. Pentesters use it constantly during enumeration and log review.

Tip: Mention piping and recursive searches if asked.

Answer: SSH provides encrypted remote access to systems. Pentesters use it for legitimate remote sessions in labs and real engagements. Weak passwords, exposed SSH, or key misuse can be security risks.

Tip: Key-based auth is safer than password auth.

Answer: Cron schedules tasks to run automatically. Attackers may abuse cron for persistence if they gain write access. Pentesters review cron configs and user crontabs for misconfigurations.

Tip: Check /etc/crontab, /etc/cron.*, and user crontabs.

Answer: SUID allows a binary to run with the permissions of its owner, often root. If a SUID binary is vulnerable or unexpected, it can enable privilege escalation. Pentesters commonly search systems for unusual SUID files.

Tip: Common check: find / -perm -4000 -type f 2>/dev/null

Answer: They show active connections and listening ports. This helps identify what services are running and whether unexpected ports are exposed. It’s a basic but important enumeration step.

Tip: Mention ss -tulpn as a useful command.

Answer: It lists user accounts and metadata such as UID, home directory, and default shell. It usually does not contain password hashes today, but it helps identify users and service accounts. It’s commonly used in enumeration.

Tip: Look for users with interactive shells.

Answer: It contains password hashes and is typically readable only by root. If a normal user can access it, that’s a critical misconfiguration. Hashes may be cracked offline depending on strength and policy.

Tip: Call out “readable shadow file” as high severity.

Answer: Privilege escalation is gaining higher access than intended, like user to root/admin. It often happens through misconfigurations, weak permissions, or vulnerable software. Junior pentesters should understand common paths and validate safely.

Tip: Mention sudo misconfigs + SUID + outdated software.