ShellSpells
  • 🧙‍♂️Welcome!
    • ShellSpells
    • FAQs
    • License & Disclaimer
  • 🐧Linux
    • System Ops
      • Transcripts
      • Help
      • System Info
        • Date/Time
        • System Details
        • Patches & Updates
        • Init System Identification
        • Hostname / Host ID
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Shares
        • Packages
        • Connected Devices
        • Kernel Modules (Drivers)
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Jobs
        • Enumerate
        • Modify
      • Processes
        • Enumerate
        • Modify
        • Custom Script and Shared Object
        • Process I/O Redirection
      • Services
        • Enumerate
        • Modify
        • Create a Service
      • Startup/Boot Scripts
        • Enumerate
        • Modify
      • Security
        • Antivirus
        • Firewall
        • SSH Keys
      • History & Logs
        • History
        • Logs
    • File Ops
      • Search
        • Filename
        • Content
        • Users (Owners)
        • Time
        • Size
        • Permission
        • Hidden Files
        • Inode
        • Find + Exec
        • Notes
      • Enumerate Metadata
      • Modify Metadata
      • Read Content
      • Modify Content
      • Extract Content
      • Sort / Compare / Count
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
    • Terminal Ops
      • Keyboard Shortcuts
      • Tmux Shortcuts
  • 🪟Windows
    • System Ops
      • Transcripts
      • Help
      • System Info
        • One-liners
        • Date/Time
        • System Details
        • Hotfixes
        • Domain or Workgroup
        • Data Execution Prevention
        • Variables
        • Hardware & Resources
      • Filesystem
        • Traverse & Enumerate
        • Drives & Partitions
        • Installed Software
        • Drivers
        • Shares
      • Registry
        • Enumerate
        • Modify
        • Forensically Relevant Keys
      • Users & Groups
        • Enumerate
        • Modify
      • Network
        • Enumerate
        • Modify
      • Scheduled Tasks
      • Processes
        • Enumerate
        • Modify
      • Services
        • Enumerate
        • Modify
      • Autorun / Startup
        • Enumerate
        • Modify
      • Security
        • Permissions
          • Enumerate
          • Page
        • Antivirus
        • Firewall
          • Enumerate
          • Modify
        • Audit Policies
        • Remoting
          • Enumerate
          • Modify
          • Registry Locations
        • Stored Credentials
      • Remote Command Execution
      • Active Directory
        • Enumerate
        • Modify
      • History & Logs
        • History
        • Logs
      • PowerShell Config
      • Scripting
      • WMIC Notes
    • File Ops
      • Search
        • Filename
        • Time
        • Size
        • Permissions
        • Attributes
        • Wildcarding
      • Enumerate Metadata
        • One Liners
        • Users (Owners)
        • Timestamps
        • Size
        • Permissions
        • Attributes
      • Modify Metadata
        • Change Owner
        • Timestamps
        • Size
        • Attributes
      • Read Content
      • Modify Content
        • Overwrite
        • Insert
        • Append
        • Replace / Remove
        • Convert Case
        • Alternate Data Streams
      • Extract Content
      • Sort / Compare / Count
        • Sort
        • Count
        • Compare
      • Move
      • Copy
      • Execute
      • Hash
      • Encode/Decode
      • Compress/Decompress
      • Working With Weird Filenames
      • Output Formatting / Filtering
      • File Formatting
      • Operators
  • ⛓️Network
    • Traffic Manipulation
      • iptables
        • Option List
        • General Commands
        • Filter Tables
        • NAT
        • Mangle
        • Filter for SSH Traffic (Example)
      • nftables
    • Packet Capture
      • Syntax
      • TCPDump Examples
    • Packet Analysis
      • Wireshark
  • 🚗Maneuver
    • SSH
    • Control Sockets
    • RDP
    • Windows Port Proxy
  • 🛩️Data Transfer
    • SCP
    • FTP
    • Netcat
      • Netcat Relays
    • Server Interactions
    • Alternate Methods
  • 🪄REGEX
    • Examples
Powered by GitBook
On this page
  • Commands
  • Identifying Symlinks and Hard Links
  • Permission Notes
  • Necessary Permissions by Action
  • Timestamp Notes
  • ls Options

Was this helpful?

  1. Linux
  2. File Ops

Enumerate Metadata

Commands

ls -lisa

File info

file [file]

Determine File Type.

stat [file]

Display Detailed File Information.

statvfs [directory_path]

Display Filesystem Information.

lsattr [filename]

Lists the attributes of the specified file.

getfacl [filename]

Displays the Access Control Lists (ACLs) of the specified file.

getcap [filepath]

Check a specific file for capabilities

getcap -r [filepath]

Recursive

namei /sbin/init

Shows available links to the file. D = dir, F = File, L = Link

namei -mo /sbin/init

Better, shows file permissions and owners

Identifying Symlinks and Hard Links

ls -l

Look at the third column:

Hard link: The number in this column represents the number of hard links pointing to the same data block. If it's greater than 1, it's a hard link.

Soft link: This column will display a hyphen (-) followed by the file size and filename of the file the link points to.

file

The output will tell you the file type.

Hard link: It will say something like "inode link to "

Soft link: It will say "symbolic link to "

stat

Look for the following differences:

Hard link: st_ino (inode number) will be the same for both the link and the original file.

Soft link: st_ino will be different for the link and the original file.

Permission Notes

+------------------------+
| Owner	| Group | Others |
| R W E	| R W E | R W E	 |
| 4 2 1	| 4 2 1 | 4 2 1	 |
+------------------------+

SUID (4): Execute with owner's permissions.

SGID (2): Execute with owning group's permissions.

Sticky Bit (1): Can't delete these files. Often root owned dirs. Only for dirs.

Necessary Permissions by Action

Actions			    Dir	    File
----------------------------------------
Read File		    X	    R
Modify File		    X	    W
Create File		    WX	
Delete File		    WX	
Move File		    WX	    WX
Dir Listing		    R	
Dir Listing w/ Metadata	    RX
Execute Binary		    X	    X
Execute Script		    X	    RX

Timestamp Notes

ctime = Inode change

mtime = Content change

atime = Access time

stat - View inode info and timestamps of a file

Inode: Metadata about a file. Has pointers to the data that the file holds. Keeps track of file meteadata.

Changing the owner of a file changes ctime Creating a file changes ctime

Anytime the content is changed, the ctime is also changed, because the size of the file changes

Anytime file is moved or copied the path changes so the ctime also changes.

Anytime file is opened or executed, atime is changed.

Testing:

If you...

Create a dir

Go in to that dir

Create a subdir

Run stat on the original dir

The atime and ctime does NOT change.

If you...

Create a dir

Do NOT go in to that dir

Create a subdir

Run stat on the original dir

ALL times change. Except birth time.

ls Options

-a or --all

-l or --long

-h or --human-readable

-R or --recursive

-t or --sort=time

-S or --sort=size

-r or --reverse

-i or --inode

-d or --directory

-g or --group

-o or --owner

-F or --classify

-p or --indicator-style=slash

--color

-c or --time=ctime

-u or --time=atime

-1 or --format=single-column

--group-directories-first

PreviousNotesNextModify Metadata

Last updated 1 year ago

Was this helpful?

🐧