Everything you need to go from zero to terminal-fluent. Built for beginners entering their first Capture the Flag competition.
Almost every CTF challenge lives on a Linux server, or hands you a file made on one. Learning the terminal is learning the home turf of every challenge author.
Forensics, pwn, web, crypto, misc — they all eventually put you at a command line. The terminal is the common thread.
Chain tools together. What takes 10 minutes of manual work collapses into one line: strings binary | grep flag{
The player who's fastest in the terminal often wins — not the smartest. Fluency is a skill you build with practice.
The commands every CTF beginner must know. ★ CTF marks the ones that appear most in real challenges.
| cat <file> | Print the entire contents of a file ★ CTF |
| less <file> | Scroll through large files — press q to quit |
| head -n 20 | Show the first 20 lines of a file |
| tail -n 20 | Show the last 20 lines of a file |
| cp src dst | Copy a file from source to destination |
| mv src dst | Move or rename a file |
| rm <file> | Delete a file — no undo, be careful |
| touch <file> | Create an empty file |
| wc -l | Count the number of lines in a file |
| file <file> | Detect the real file type — ignores the extension completely ★ CTF |
| strings <file> | Extract all readable text from any binary file ★ CTF |
| xxd <file> | Hex dump — inspect raw bytes and magic bytes |
| xxd -l 32 | Show only the first 32 bytes |
| base64 -d | Decode a base64-encoded string |
| base64 <file> | Encode a file to base64 |
| stat <file> | Show file size, timestamps, and full permissions detail |
| grep "text" | Search for a pattern in input ★ CTF |
| grep -r "text" . | Recursive search through all files in the current directory ★ CTF |
| grep -i | Case-insensitive match |
| grep -n | Show line numbers with every match |
| grep -v | Invert — show lines that do not match |
| find . -name "*.txt" | Find all .txt files from the current directory downward |
| find . -type f | List every file recursively — great for getting an overview ★ CTF |
| cmd1 | cmd2 | Pipe: send the output of cmd1 as input to cmd2 key |
| cmd > file | Redirect output to a file (overwrites) |
| cmd >> file | Append output to an existing file |
| sort | Sort lines alphabetically |
| uniq | Remove duplicate consecutive lines (use after sort) |
| uniq -c | Count how many times each line appears ★ CTF |
| cut -d: -f2 | Extract field 2, using : as delimiter — great for structured data |
| tr a-z A-Z | Translate characters — e.g. lowercase to uppercase, ROT13 decoding |
| ls -la | See permissions on all files including hidden ones |
| chmod +x file | Make a file executable |
| chmod 644 file | Owner read/write, everyone else read-only |
| chmod 777 file | Full read/write/execute for everyone |
| chown user file | Change the owner of a file |
| sudo <cmd> | Run a command as superuser (root) |
| id | Show your current user ID and group memberships |
| whoami | Print your current username |
The ideas behind the commands — understanding these makes every tool click.
The | symbol sends the output of one command directly into the next. This is the most powerful idea in Linux. You build complex operations by composing simple tools.
Any file or folder whose name starts with a . is hidden from normal ls. CTF challenges love hiding flags here. Always use ls -la first.
A file called image.jpg might actually be a ZIP, a text file, or a binary. The file command reads magic bytes to tell you the truth.
Compiled binaries are mostly non-readable bytes, but they always contain readable text: error messages, hardcoded strings, and sometimes flags. strings extracts all of it.
When a flag could be in any file inside a directory, grep -r searches every file recursively. One command, entire directory tree.
Base64 is just encoding — anyone can decode it instantly. CTF challenges often "encode" data with base64 and expect you to decode it. It looks random but isn't.
Where things live on a Linux system — knowing this helps you know where to look in a CTF.
Read the permission string from ls -la — critical for privilege escalation challenges.
| r | 4 | Read — can view file contents |
| w | 2 | Write — can modify the file |
| x | 1 | Execute — can run as a program |
| - | 0 | Permission not granted |
Hard-won advice for your first competition.
ls -laBefore doing anything else, list all files including hidden ones. Flags love hiding in .dotfiles and .hidden_directories. This takes 2 seconds and saves 20 minutes.
A file called photo.jpg might be a ZIP, an ELF binary, or a plain text file with a flag. Always run file <filename> before doing anything else with an unknown file.
strings | grep "flag{" is your Swiss Army knifeGot an unknown binary? Run strings binary | grep "flag{" immediately. You'd be surprised how often this is all it takes. Try it on everything — pcaps, images, executables.
If you see a long string of letters and numbers ending in =, it's probably base64. Decode it immediately with echo "string" | base64 -d. It's encoding, not security.
find . -type f to map the territoryWhen you land in an unknown directory, run find . -type f immediately. This gives you a complete list of every file everywhere — including files in hidden subdirectories.
Press Tab to autocomplete commands and file paths. Press ↑ to recall previous commands. Search command history with history | grep <something>. Speed matters in competition.
The best places to practice and go deeper.
Browser-based Linux terminal. No setup needed — ideal for beginners. Has a dedicated Linux fundamentals path.
↗Beginner-friendly CTF run by Carnegie Mellon. Challenges stay up permanently — great for self-paced learning.
↗The classic beginner Linux wargame. SSH into a server and use Linux commands to crack each level. Highly recommended.
↗Paste any bash command and it breaks down every flag and argument with documentation. Essential for learning unfamiliar commands.
↗The global CTF calendar. Find upcoming competitions, read writeups from past events, and track team rankings.
↗A web app for encoding, decoding, and transforming data. Base64, hex, ROT13, and hundreds more — all in a browser.
↗