DEV Community

Omri Bornstein
Omri Bornstein

Posted on • Edited on

TryHackMe The find Command

#security #cybersecurity #linux

TryHackMe The find Command

References

Be more specific

Find all files whose name ends with .xml

  • find / to search for items in the root directory
  • -type f to filter for files
  • -name "*.xml" to filter for items with a .xml as a suffix

Answer: find / -type f -name "*.xml"

Find all files in the /home directory (recursive) whose name is user.txt (case insensitive)

  • find /home to search for items in the /home directory
  • -type f to filter for files
  • -iname user.txt to filter for case insensitive name pattern of user.txt

Answer: find /home -type f -iname user.txt

Find all directories whose name contains the word exploits:

  • find / to search for items in the root directory
  • -type d to filter for directories
  • -name "*exploits*" to filter for items with exploits substring in their name

Answer: find / -type d -name "*exploits*"

Know exactly what you're looking for

Find all files owned by the user kittycat

  • find / to search for items in the root directory
  • -type f to filter for files
  • -user kittycat to filter for items owned by the user kittycat

Answer: find / -type f -user kittycat

Find all files that are exactly 150 bytes in size

  • find / to search for items in the root directory
  • -type f to filter for files
  • -size 150c to filter for items of size 150 bytes

Answer: find / -type f -size 150c

Find all files in the /home directory (recursive) with size less than 2 KiB and extension .txt

  • find /home to search for items in the /home directory
  • -type f to filter for files
  • -size -2k to filter items of size less than 2 KiB
  • -name "*.txt" to filter for items with a .txt as a suffix

Answer: find /home -type f -size -2k -name "*.txt"

Find all files that are exactly readable and writeable by the owner, and readable by everyone else (use octal format)

  • find / to search for items in the root directory
  • -type f to filter for files
  • -perm 644 (octal format) to filter for items that are exactly readable and writeable by the owner, and readable by everyone else

Answer: find / -type f -perm 644

Find all files that are only readable by anyone (use octal format)

  • find / to search for items in the root directory
  • -type f to filter for files
  • -perm /444 (octal format) to filter for items that are only readable by anyone

Answer: find / -type f -perm /444

Find all files with write permission for the group others, regardless of any other permissions, with extension .sh (use symbolic format)

  • find / to search for items in the root directory
  • -type f to filter for files
  • -perm -o=w (symbolic format) to filter items write permission for the group others, regardless of any other permissions
  • -name "*.sh" to filter for items with a .sh as a suffix

Answer: find / -type f -perm -o=w -name "*.sh"

Find all files in the /usr/bin directory (recursive) that are owned by root and have at least the SUID permission (use symbolic format)

  • find /usr/bin to search for items in the /usr/bin directory
  • -type f to filter for files
  • -user root to filter for items owned by the user root
  • -perm -u=s (symbolic format) to filter for items that have at least the SUID permission

Answer: find /usr/bin -type f -user root -perm -u=s

Find all files that were not accessed in the last 10 days with extension .png

  • find /usr/bin to search for items in the root directory
  • -type f to filter for files
  • -atime +10 to filter for items that were not accessed in the last 10 days
  • * -name "*.png" to filter for items with a .png as a suffix

answer: find / -type f -atime +10 -name "*.png"

Find all files in the /usr/bin directory (recursive) that have been modified within the last 2 hours

  • find /usr/bin to search for items in the /usr/bin directory
  • -type f to filter for files
  • -mmin -120 to filter for items that have been modified within the last 2 hours (120 minutes)

Answer: find /usr/bin -type f -mmin -120

Top comments (0)