Skip to content

02 Hidden Files

Purpose

Hidden files are files that start with a ".". Being able to locate hidden files is useful in CTFs because a lot of times there are hidden files that contain useful information. In the real world hidden files are used for multiple things including pen testers hiding rootkits and malicious software, locating potential vulnerabilities, and more.

Core Commands

$ ls -a 
.   .bash_logout  .bashrc.original  .config  .dmrc      Downloads  .face.icon     .gnupg         .java   .mozilla  Music     .profile  .ssh                       Templates  .Xauthority       .xsession-errors.old  .zsh_history
..  .bashrc       .cache            Desktop  Documents  .face      full_scan.txt  .ICEauthority  .local  .msf4     Pictures  Public    .sudo_as_admin_successful  Videos     .xsession-errors  .zprofile             .zshrc
#Prints All Files Including Hidden Files

$ la -la
total 160
drwx------ 18 nick nick  4096 Sep  2 23:31 .
drwxr-xr-x  3 root root  4096 Aug 25 14:57 ..
-rw-r--r--  1 nick nick   220 Aug 25 14:57 .bash_logout
-rw-r--r--  1 nick nick  5551 Aug 25 14:57 .bashrc
-rw-r--r--  1 nick nick  3526 Aug 25 14:57 .bashrc.original
drwxrwxr-x 11 nick nick  4096 Aug 26 17:17 .cache
drwxr-xr-x 12 nick nick  4096 Aug 25 15:05 .config
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Desktop
-rw-r--r--  1 nick nick    35 Aug 25 15:04 .dmrc
drwxr-xr-x  2 nick nick  4096 Aug 28 21:09 Documents
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Downloads
-rw-r--r--  1 nick nick 11759 Aug 25 14:57 .face
lrwxrwxrwx  1 nick nick     5 Aug 25 14:57 .face.icon -> .face
-rw-rw-r--  1 nick nick   494 Aug 26 17:23 full_scan.txt
drwx------  3 nick nick  4096 Aug 25 15:04 .gnupg
-rw-------  1 nick nick     0 Aug 25 15:04 .ICEauthority
drwxr-xr-x  3 nick nick  4096 Aug 25 14:57 .java
drwxr-xr-x  5 nick nick  4096 Aug 25 15:04 .local
drwx------  4 nick nick  4096 Aug 25 18:07 .mozilla
drwxrwxr-x 12 nick nick  4096 Aug 25 15:39 .msf4
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Music
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Pictures
-rw-r--r--  1 nick nick   807 Aug 25 14:57 .profile
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Public
drwx------  2 nick nick  4096 Aug 28 20:59 .ssh
-rw-r--r--  1 nick nick     0 Aug 25 15:11 .sudo_as_admin_successful
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Templates
drwxr-xr-x  2 nick nick  4096 Aug 25 15:04 Videos
-rw-------  1 nick nick    49 Aug 30 01:17 .Xauthority
-rw-------  1 nick nick  9623 Sep  2 23:31 .xsession-errors
-rw-------  1 nick nick  9520 Aug 29 13:53 .xsession-errors.old
-rw-r--r--  1 nick nick   336 Aug 25 14:57 .zprofile
-rw-------  1 nick nick  1503 Aug 30 02:48 .zsh_history
-rw-r--r--  1 nick nick 10856 Aug 25 14:57 .zshrc
#Prints All Files Including Hidden Files and More Info About Them

Hidden Files

  • A lot of hidden files are usually just files that are automatically on every system, but for CTFs a lot of info can usually be found in the hidden files and checking them is a good start

Hidden Files Commands