2/03/2014

Finding Files in Backtrack

Welcome back, my dear friends 
I began this series on Linux( Specialy backtrack) basics because several of you have expressed befuddlement at working with BackTrack on Linux. As a hacker, there is no substitute for Linux skills. not only a hacker but also a programmer Linux is the best 
Linux beginners are often faced with the issue of how to find files and programs, especially considering the radically different directory structure as compared to Windows  Mac OS. Beginners sometimes get frustrated trying to find the necessary files or binaries, so I’m dedicating this tutorial to finding stuff in Linux.
But Before we dive in, make sure to check out my previous guides on Linux basics
  1. Basic of Backtrack
  2. Creating Directories and files in Backtrack 
  3. Managing Directories and files in Backtrack
to get current on our lessons. :) 

Step 1 : Finding Files in a Directory (Find)

The first command I want to show you is find. As you probably guessed, find is able to find stuff/ files  by looking in a directory for the file you’re hunting for. By default, it’s recursive, which means it will look in all sub-directories and display a list of everywhere it finds the file. For instance, if we are looking for aircrack-ng, we could type:
  • bt> find -name aircrack-ng
635068041646469104
 Note that we need to tell Linux that we want to search by name (-name) and then the name of the file we’re searching for.
It then returns the full path of every place where it finds aircrack-ng. We can be more specific and ask Linux to only tell us where it finds aircrack-ng in the /pentest directory. We can do this by typing:
  • bt> find/pentest -name aircrack-ng
635068041767057316
The command says the Backtrack that search the file in the name of aircrack-ng in the directory of pentest only ( that means it include all the sub-directories if pentest).
Now, backtrack/linux only returns those paths to files that are in the directory /pentest or its sub-directories, such as  /pentest /wireless /aircrack-ng and the others.

Step 2 : Finding Binaries in path Variables (Which) 

The next searching command we want to look at is which. This command allows us to search for binaries that are in our path variable. Hmm…even I think that’s a lot of techo-googlygoop. Let’s try to make some sense of it.
Binaries are the files that are the equivalent of executables in Windows. These are files that do something like echolscdmv, etc. Our path variable is the variable that keeps the directory path to our binaries. Usually, our binaries are in the /bin (bin is short for binaries) or /sbin directory and that’s reflected in our path variable. Our path variable setting can be checked by asking Linux to echo the value in the variable. We do this by typing:
  • bt> echo $PATH
635068041879065513
Linux responds with the value in our path variable. These are the places that which will search for binaries. So when we type:
  • bt> Which Is
635068041996221719
It returns the path to that binary. If we use which to search for aircrack-ng:
  • bt> Which aircrack-ng
635068042137401967
Then we can see that Backtrack/Linux returns /usr/local/bin/aircrack-ng. If aircrack-ng were not in a directory that was in our path, it would not be able to help us.

Step 3 : Finding Any Files in Any Directory (Whereis)

Unlike whichwhereis is not limited to finding binaries in our path. It can locate files in any directory, and in addition, it also locates the files manual or man pages. So, when we type:
  • bt> whereis aircrack-ng
635068042245354156
We can see that whereis returns the path to multiple locations of aircrack-ng including the man pages.

Step 4 : Finding Files Using the Database (Locate)

The locate command can also be used to find files and usually is much faster than either which or whereis. The difference is that locate uses a database of all the files in the file system and searches therefore take place much faster.
The drawback to locate is that new files will NOT be found by locate as the database is typically only updated daily, usually scheduled in the middle of the night when activity on the system is light as updating this database can be CPU intensive.
  • locate aircrack-ng
635068042352994345
You can see in the screenshot above that locate returns a path every time it encounters any file with aircrack-ng in it, binary or not.
Hope this helps you in finding what you need in BackTrack Linux, therefore making you a better hacker. Make sure to check out the first three parts of this series, and if you have any questions, ask away in the comments below.
Come back for my next backtrack/Linux tutorial, and we’ll look at how to install new software!