Kenapa Linux?
Mayoritas tools bug hunting berjalan di Linux. Server target juga hampir selalu Linux. Memahami Linux CLI adalah skill fundamental yang tidak bisa ditawar.
Navigasi File System
# Navigasi direktori
pwd # Lihat posisi saat ini
ls -la # List file + hidden + permission
cd /etc # Pindah ke /etc
cd ~ # Kembali ke home
# Buat & hapus
mkdir targets # Buat folder
touch notes.txt # Buat file kosong
rm -rf folder/ # Hapus folder (hati-hati!)
Permissions
# Format: [type][owner][group][others]
-rwxr-xr-- 1 rizky users 4096 file.sh
# r=read(4) w=write(2) x=execute(1)
chmod 755 script.sh # rwxr-xr-x
chmod +x script.sh # Tambah execute
Command Penting untuk Bug Hunter
# Cari teks dalam file
grep -r "password" ./
grep -r "api_key" ./ --include="*.js"
# Manipulasi output
cat results.txt | sort | uniq # Urutkan & hapus duplikat
cat subdomains.txt | wc -l # Hitung baris
# curl — kirim HTTP request dari terminal
curl -s https://example.com
curl -X POST https://api.example.com/login \
-H "Content-Type: application/json" \
-d '{"user":"admin","pass":"test"}'
# wget — download file
wget https://example.com/file.txt
Bash Scripting Dasar
#!/bin/bash
# Script recon sederhana
TARGET="example.com"
echo "[*] Starting recon for $TARGET"
# Subdomain enum
subfinder -d $TARGET -o subs.txt
echo "[+] Found $(wc -l < subs.txt) subdomains"
# Loop tiap subdomain
while read sub; do
curl -s -o /dev/null -w "%{http_code} $sub\n" https://$sub
done < subs.txt
SSH — Remote Access
# Connect ke server
ssh user@192.168.1.1
ssh -i key.pem ubuntu@server.com
# Generate SSH key
ssh-keygen -t rsa -b 4096
Direktori Penting di Linux
| Path | Isi | Bug Hunting Relevance |
|---|
| /etc/passwd | Daftar user | Target LFI/path traversal |
| /etc/hosts | DNS lokal | Internal domain discovery |
| /var/www/ | Web root | Source code exposure |
| ~/.ssh/ | SSH keys | Private key exposure |
| /tmp/ | File sementara | Race conditions, temp files |
// CEK PEMAHAMAN
Command apa yang digunakan untuk mencari semua file JS yang mengandung kata "api_key" secara rekursif?
Afind ./ -name "api_key"
Bgrep -r "api_key" ./ --include="*.js"
Ccat ./*.js | api_key
Dls -la api_key *.js