Sandbox99 Chronicles

Reading Time: 8 minutes

Introduction: Mastering the Digital Terrain

In the vast and ever-evolving landscape of cybersecurity, a fundamental understanding of how to navigate and manipulate file systems is not just an advantage – it’s an absolute necessity. Whether you’re conducting a penetration test, performing incident response, or simply securing a system, interacting with files and directories is at the core of nearly every operation.

This cheatsheet serves as your concise guide to the most common file and directory management commands across four critical environments: Linux, the backbone of many servers and security tools; Windows Command Prompt (CMD), the classic interface for Windows systems; PowerShell, Microsoft’s powerful, object-oriented scripting shell; and Meterpreter, the advanced post-exploitation framework within Metasploit.

Why is this foundational knowledge crucial for aspiring cybersecurity professionals like you?

• Initial Reconnaissance: The first step in any assessment often involves understanding the target’s file structure, looking for configuration files, logs, or potentially sensitive data.
• Post-Exploitation: After gaining access, you’ll need to move, create, delete, or exfiltrate files. Knowing the right commands ensures you can efficiently achieve your objectives.
• Incident Response: When a breach occurs, quickly navigating directories to examine logs, quarantine malicious files, or gather forensic evidence is paramount.
• Cross-Platform Agility: Real-world environments are rarely homogenous. Fluency in commands across different operating systems allows you to adapt swiftly to diverse targets.
• Scripting Foundation: These basic commands are the building blocks for more complex scripts (Bash, Batch, PowerShell) that automate tasks and streamline operations.
• Efficiency and Precision: The command line offers unparalleled speed and precision compared to graphical interfaces, a critical factor when time is of the essence.

By internalizing these commands, you’re not just memorizing syntax; you’re learning the fundamental language of system interaction, a skill that will empower your cybersecurity journey.

Linux, CMD, PowerShell, & Meterpreter: File & Directory Cheatsheet

This cheatsheet provides a quick reference for common file and directory management commands across Linux, Windows Command Prompt (CMD), PowerShell, and Meterpreter. Use it to quickly find the equivalent commands you need, no matter your environment!

Description: List directory contents 📁

• 🐧 Linux:ls
  • Example: ls -l (lists contents in long format, showing permissions, owner, size, date, etc.)
  • Example: ls -a (lists all files, including hidden ones)
• 🖥️ CMD:dir
  • Example: dir /w (lists contents in wide format, multiple columns)
  • Example: dir /s (lists contents of the current directory and all subdirectories)
• 🚀 PowerShell:Get-ChildItem (or gci)
  • Example: Get-ChildItem -Path C:\Windows -Force (lists all items, including hidden/system files, in the specified path)
  • Example: Get-ChildItem -Recurse -File *.txt (finds all .txt files recursively)
• ☠️ Meterpreter:ls
  • Example: ls (lists current directory contents on the target system)
  • Example: ls C:\\Users (lists contents of a specified directory)

---

Description: Change directory 🚶‍♂️

• 🐧 Linux:cd
  • Example: cd /var/log (changes to the /var/log directory)
  • Example: cd .. (moves up one directory level)
• 🖥️ CMD:cd
  • Example: cd C:\Users\Public (changes to the Public folder on the C: drive)
  • Example: cd .. (moves up one directory level)
• 🚀 PowerShell:Set-Location (or cd)
  • Example: Set-Location C:\Program Files (changes to the Program Files directory)
  • Example: Set-Location .. (moves up one directory level)
• ☠️ Meterpreter:cd
  • Example: cd C:\\Users\\Admin\\Desktop (changes to the specified directory on the target)
  • Example: cd .. (moves up one directory level on the target)

---

Description: Print working directory 📍

• 🐧 Linux:pwd
  • Example: pwd (displays the full path of the current directory)
• 🖥️ CMD:cd (when typed without arguments)
  • Example: cd (displays the current directory path)
• 🚀 PowerShell:Get-Location (or pwd)
  • Example: Get-Location (displays the current directory path)
• ☠️ Meterpreter:pwd
  • Example: pwd (displays the current working directory path on the target system)

---

Description: Make a new directory ➕

• 🐧 Linux:mkdir
  • Example: mkdir my_new_folder (creates a directory named my_new_folder in the current location)
  • Example: mkdir -p /path/to/new/nested/directory (creates nested directories if they don’t exist)
• 🖥️ CMD:mkdir (or md)
  • Example: mkdir project_alpha (creates a directory named project_alpha in the current location)
  • Example: mkdir C:\Reports\2025\Q1 (creates directories and subdirectories if needed)
• 🚀 PowerShell:New-Item -ItemType Directory (or mkdir)
  • Example: New-Item -ItemType Directory -Name "Reports" (creates a directory named Reports)
  • Example: New-Item -ItemType Directory -Path "C:\Data" -Name "NewFolder" (creates NewFolder inside C:\Data)
• ☠️ Meterpreter:mkdir
  • Example: mkdir secret_stash (creates a directory named secret_stash on the target)
  • Example: mkdir C:\\temp\\backups (creates a directory in a specified path on the target)

---

Description: Remove a directory 🗑️

• 🐧 Linux:rmdir (only for empty directories), rm -r (for non-empty)
  • Example: rmdir empty_folder (removes empty_folder if it’s empty)
  • Example: rm -r non_empty_folder (recursively removes non_empty_folder and its contents)
• 🖥️ CMD:rmdir (or rd)
  • Example: rmdir empty_dir (removes empty_dir if it’s empty)
  • Example: rmdir /s /q non_empty_dir (removes non_empty_dir and its contents silently, without confirmation)
• 🚀 PowerShell:Remove-Item -Recurse
  • Example: Remove-Item -Path C:\OldData -Recurse -Force (removes OldData and all its contents, forcing the removal)
• ☠️ Meterpreter:rmdir
  • Example: rmdir C:\\temp\\old_logs (removes the specified directory on the target)

---

Description: Remove files or directories ✖️

• 🐧 Linux:rm
  • Example: rm myfile.txt (removes myfile.txt)
  • Example: rm -r mydirectory (removes mydirectory and its contents recursively)
  • Example: rm -f force_remove.txt (forces removal without prompting)
• 🖥️ CMD:del (for files), rmdir /s /q (for directories)
  • Example: del old_report.doc (deletes old_report.doc)
  • Example: del *.bak (deletes all files with the .bak extension)
  • Example: rmdir /s /q C:\Temp\OldProject (deletes the OldProject directory and its contents silently)
• 🚀 PowerShell:Remove-Item
  • Example: Remove-Item -Path "C:\Users\Public\downloaded.zip" (removes the specified file)
  • Example: Remove-Item -Path "C:\Logs" -Recurse -Force (removes the Logs directory and all its contents)
• ☠️ Meterpreter:rm
  • Example: rm C:\\Windows\\Temp\\malicious.exe (removes a file on the target)
  • Example: rm -r C:\\Users\\Public\\Downloads (removes a directory and its contents on the target)

---

Description: Copy files or directories 📋

• 🐧 Linux:cp
  • Example: cp file.txt /tmp/new_location/ (copies file.txt to new_location)
  • Example: cp -r myfolder /backup/ (copies myfolder and its contents recursively to backup)
• 🖥️ CMD:copy (for files), xcopy or robocopy (for directories)
  • Example: copy document.pdf C:\Archive\ (copies document.pdf to C:\Archive)
  • Example: xcopy C:\SourceDir D:\DestDir /E /I (copies SourceDir and its subdirectories/files to DestDir, creating DestDir if it doesn’t exist)
• 🚀 PowerShell:Copy-Item
  • Example: Copy-Item -Path C:\Source\file.log -Destination C:\Backup\ (copies a file)
  • Example: Copy-Item -Path C:\SourceFolder -Destination C:\Backup -Recurse (copies a folder and its contents)
• ☠️ Meterpreter:cp
  • Example: cp C:\\Users\\victim\\data.txt C:\\Windows\\Temp\\ (copies a file on the target system)
  • Example: cp -r C:\\ProgramData\\Secrets C:\\temp\\ (copies a directory and its contents recursively on the target)

---

Description: Move or rename files or directories ↔️

• 🐧 Linux:mv
  • Example: mv old_name.txt new_name.txt (renames old_name.txt to new_name.txt)
  • Example: mv report.pdf /archive/completed/ (moves report.pdf to archive/completed/)
• 🖥️ CMD:move (for files), ren (rename files/directories)
  • Example: move oldfile.txt newlocation\ (moves oldfile.txt to newlocation)
  • Example: ren original_folder renamed_folder (renames original_folder)
• 🚀 PowerShell:Move-Item
  • Example: Move-Item -Path C:\Temp\draft.docx -Destination C:\Documents\ (moves a file)
  • Example: Move-Item -Path C:\OldFolder -Destination C:\NewLocation\RenamedFolder (moves and renames a folder)
• ☠️ Meterpreter:mv
  • Example: mv C:\\bad_file.dll C:\\Windows\\System32\\good_file.dll (moves and renames a file on the target)
  • Example: mv C:\\Users\\public\\downloaded_tool.exe C:\\temp\\ (moves a file to a new location on the target)

---

Description: Create empty files 📄

• 🐧 Linux:touch
  • Example: touch new_log.txt (creates an empty file or updates timestamp if it exists)
• 🖥️ CMD:type nul > filename.txt
  • Example: type nul > config.ini (creates an empty config.ini file)
• 🚀 PowerShell:New-Item -ItemType File (or touch)
  • Example: New-Item -ItemType File -Name "empty_doc.txt" (creates an empty empty_doc.txt file)
  • Example: touch scripts.ps1 (aliases to New-Item)
• ☠️ Meterpreter: N/A (Can be achieved by echo > file or download and then upload an empty one)
  • Example: shell then echo > C:\temp\newfile.txt (execute Windows command)
  • Example: upload empty_file.txt C:\\temp\\empty_file_on_target.txt (upload a locally empty file)

---

Description: Search for file in a directory hierarchy 🔍

• 🐧 Linux:find
  • Example: find /home/user -name "*.jpg" (finds all JPG files in /home/user and its subdirectories)
  • Example: find / -type f -size +1G (finds all files larger than 1GB starting from root)
• 🖥️ CMD:dir /s (basic search), where (finds executables)
  • Example: dir C:\Users\ /s /b config.ini (finds config.ini recursively, bare format)
  • Example: where explorer.exe (finds location of explorer.exe in PATH)
• 🚀 PowerShell:Get-ChildItem -Recurse -Filter (or gci -recurse -filter)
  • Example: Get-ChildItem -Path C:\ -Recurse -Filter "*.log" (finds all .log files recursively from C:)
  • Example: Get-ChildItem -Recurse -File -ErrorAction SilentlyContinue | Where-Object {$_.Length -gt 1MB} (finds files larger than 1MB)
• ☠️ Meterpreter:search
  • Example: search -d C:\\Users -f *.doc (searches for .doc files in C:\Users on the target)
  • Example: search -f calc.exe (searches for calc.exe across common system paths)

---

Description: Find files by name 📛

• 🐧 Linux:locate (uses a pre-built database, faster but might be outdated), find
  • Example: locate mydocument.pdf (finds mydocument.pdf using the locate database)
  • Example: find . -name "report_2024.xlsx" (finds report_2024.xlsx in current dir and subdirs)
• 🖥️ CMD:dir /s
  • Example: dir C:\Windows\ /s /b calc.exe (finds calc.exe in Windows dir and subdirs)
• 🚀 PowerShell:Get-ChildItem -Recurse -Name (or gci -recurse -name)
  • Example: Get-ChildItem -Path C:\ -Recurse -Name "*.dll" (lists all .dll files by name recursively)
  • Example: Get-ChildItem -Recurse -Include 'image.png' (includes only files named ‘image.png’)
• ☠️ Meterpreter:search
  • Example: search -f password.txt (searches the target system for files named password.txt)

---

Description: Determine file type ❓

• 🐧 Linux:file
  • Example: file myphoto.jpg (outputs something like myphoto.jpg: JPEG image data, JFIF standard 1.01)
• 🖥️ CMD: N/A (Can infer from extension or use third-party tools)
  • Example: dir /x (shows short names which can sometimes help)
• 🚀 PowerShell: N/A (Can infer from extension or use third-party tools, Get-Item shows extension)
  • Example: (Get-Item myfile.txt).Extension (displays the file extension)
• ☠️ Meterpreter: N/A (Can often be inferred from context or download and inspect)
  • Example: download C:\\payload.bin then file payload.bin (download and inspect locally)

---

Description: Concatenate and display file contents 📖

• 🐧 Linux:cat
  • Example: cat readme.txt (displays the content of readme.txt)
  • Example: cat file1.txt file2.txt > combined.txt (concatenates two files into a new one)
• 🖥️ CMD:type
  • Example: type settings.ini (displays the content of settings.ini)
• 🚀 PowerShell:Get-Content (or cat)
  • Example: Get-Content C:\Logs\error.log (displays the content of error.log)
  • Example: Get-Content C:\file1.txt, C:\file2.txt | Set-Content C:\combined.txt (concatenates files)
• ☠️ Meterpreter:cat
  • Example: cat C:\\Windows\\System32\\drivers\\etc\\hosts (displays the content of the hosts file on the target)

---

Description: View file content with navigation ↔️

• 🐧 Linux:less
  • Example: less large_log_file.log (opens large_log_file.log for interactive viewing with scrolling)
• 🖥️ CMD:more (basic pagination)
  • Example: more big_text_file.txt (displays content page by page)
• 🚀 PowerShell:Get-Content (can be piped to more or a custom viewer)
  • Example: Get-Content C:\very_big_report.txt | more (displays content page by page)
  • Example: Get-Content C:\script.ps1 -ReadCount 10 (reads 10 lines at a time)
• ☠️ Meterpreter:cat (for small files, or download for larger ones)
  • Example: cat C:\\small_config.txt (displays content if the file is small)
  • Example: download C:\\large_dump.log (downloads for local inspection with a proper viewer)

Final Thoughts: Beyond the Basics – Practical Tips for Cybersecurity Pros

Congratulations! You’ve just equipped yourself with a powerful toolkit of file and directory commands across multiple critical platforms. While this cheatsheet covers the basics, remember that true mastery comes with continuous practice and a deeper understanding of their implications.

Here are some key takeaways and practical tips for aspiring cybersecurity folks:

1. Practice, Practice, Practice: The best way to internalize these commands is through hands-on experience. Spin up a Linux VM, open CMD, fire up PowerShell, and experiment. Build that muscle memory!
2. Understand the “Why”: Don’t just know what a command does, but why you’re using it in a specific context. For example, why would you use find instead of locate in Linux, or Remove-Item -Force in PowerShell?
3. Explore Flags and Parameters: Each command has a wealth of options (flags/switches). Use man <command> (Linux), <command> /? (CMD), or Get-Help <command> (PowerShell) to discover more advanced functionalities like recursive operations, specific filters, or output formats.
4. Piping and Redirection: Learn how to chain commands together using pipes (|) to send the output of one command as the input to another, or redirect output to files (> or >>). This is where the real power of the command line shines (e.g., ls -l | grep "sensitive" or cat logs.txt > audit_data.txt).
5. Security Implications of Commands:
   • Be Careful with Deletion: Commands like rm -rf (Linux) or Remove-Item -Recurse -Force (PowerShell) are incredibly powerful and can irrevocably delete data. Always double-check your path before executing, especially with the -Force or f flags.
   • Permissions are Key: Understand how to view and modify file permissions (chmod on Linux, icacls on Windows) to secure sensitive data and prevent unauthorized access.
   • Identify Suspicious Activity: Knowing normal file behavior helps you spot anomalies. An unusual file creation, deletion, or modification could indicate compromise.
6. These are Building Blocks: The commands listed here are fundamental building blocks for more advanced techniques. They form the basis of shell scripting (Bash, Batch, PowerShell), which automates repetitive tasks and creates powerful offensive or defensive tools.
7. Stay Curious, Keep Learning: The cybersecurity landscape is dynamic. While these core commands remain constant, new tools and techniques emerge. Your foundational knowledge will enable you to quickly adapt and learn new command-line utilities.

By truly internalizing these commands and understanding their practical application, you’re building a robust foundation for a successful and impactful career in cybersecurity. Keep practicing, keep exploring, and remember that the command line is your most versatile weapon and shield.