LabEx
Log In Join For Free

Linux strings Command with Practical Examples

LinuxLinuxBeginner
Practice Now

Introduction

In this lab, you will learn how to use the Linux strings command to extract printable character strings from binary files, including executable files, libraries, and other binary data. You will explore the purpose and usage of the strings command, learn how to extract strings from compressed and encrypted files, and discover practical examples of how to apply this command in your daily work. This lab provides a comprehensive understanding of the strings command and its applications, empowering you to effectively analyze and troubleshoot binary files on Linux systems.

Linux Commands Cheat Sheet

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/BasicFileOperationsGroup(["`Basic File Operations`"]) linux(("`Linux`")) -.-> linux/CompressionandArchivingGroup(["`Compression and Archiving`"]) linux(("`Linux`")) -.-> linux/PackagesandSoftwaresGroup(["`Packages and Softwares`"]) linux/BasicFileOperationsGroup -.-> linux/cat("`File Concatenating`") linux/CompressionandArchivingGroup -.-> linux/gzip("`Gzip`") linux/PackagesandSoftwaresGroup -.-> linux/openssl("`OpenSSL`") subgraph Lab Skills linux/cat -.-> lab-422934{{"`Linux strings Command with Practical Examples`"}} linux/gzip -.-> lab-422934{{"`Linux strings Command with Practical Examples`"}} linux/openssl -.-> lab-422934{{"`Linux strings Command with Practical Examples`"}} end

Understand the Purpose and Usage of the strings Command

In this step, you will learn about the purpose and usage of the strings command in Linux. The strings command is a utility that extracts printable character strings from binary files, including executable files, libraries, and other binary data.

To begin, let's explore the basic usage of the strings command:

strings /bin/ls

Example output:

/lib64/ld-linux-x86-64.so.2
libc.so.6
__stack_chk_fail
__cxa_finalize
setlocale
bindtextdomain
textdomain
_ITM_deregisterTMCloneTable
__gmon_start__
_ITM_registerTMCloneTable
...

The strings command searches the named files, or the standard input if no files are named, and writes to standard output all printable character sequences that are at least four characters long and are followed by an unprintable character. This can be useful for identifying embedded text in binary files, such as application names, version information, or other useful data.

You can also use the strings command with specific options to customize its behavior:

  • -a or --all: Scan the entire file, not just the data section.
  • -f or --print-file-name: Print the file name for each string.
  • -n <number> or --min-len=<number>: Print only strings of at least that length.
  • -t <format> or --radix=<format>: Print the offset within the file before each string.

For example, to print the file name and the offset for each string found, you can use the following command:

strings -tf /bin/ls

Example output:

0000000 /lib64/ld-linux-x86-64.so.2
0001125 libc.so.6
0001145 __stack_chk_fail
0001163 __cxa_finalize
0001180 setlocale
0001191 bindtextdomain
0001209 textdomain
0001223 _ITM_deregisterTMCloneTable
0001251 __gmon_start__
0001265 _ITM_registerTMCloneTable
...

This can be useful for further analysis or debugging of binary files.

Explore Strings in Binary Files

In this step, you will learn how to use the strings command to explore the contents of binary files, including executable files, libraries, and other types of binary data.

Let's start by examining the contents of a common executable file, such as the ls command:

strings /bin/ls

Example output:

/lib64/ld-linux-x86-64.so.2
libc.so.6
__stack_chk_fail
__cxa_finalize
setlocale
bindtextdomain
textdomain
_ITM_deregisterTMCloneTable
__gmon_start__
_ITM_registerTMCloneTable
...

As you can see, the strings command extracts all the printable character sequences from the binary file, which can reveal useful information about the file's contents, such as library dependencies, version information, and other embedded data.

You can also use the strings command to explore the contents of other types of binary files, such as libraries or compressed archives. For example, let's examine the contents of the libc.so.6 library:

strings /lib/x86_64-linux-gnu/libc.so.6

Example output:

GNU C Library (GNU libc) stable release version 2.35.
Copyright (C) 2022 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Compiled by GNU CC version 11.2.0.
Compiled on a Linux 5.15 system on 2022-04-28.
Available extensions:
	crypt add-on version 2.35 by Andreas Jaeger
	GNU Libc C99 math library version 2.35 by Ulrich Drepper et al.
	bsd-compatible malloc by Doug Lea version 2.8.6
	TLS support
	NSS modules support
	...

This output provides information about the library, including the version, copyright, and available extensions.

Exploring the contents of binary files can be a useful skill for tasks such as reverse engineering, software analysis, and troubleshooting. The strings command is a simple but powerful tool that can help you quickly extract and analyze the textual contents of binary files.

Extract Strings from Compressed and Encrypted Files

In this step, you will learn how to use the strings command to extract strings from compressed and encrypted files.

Let's start by creating a compressed file using gzip:

echo "This is a test file." > test.txt
gzip test.txt

Now, you can use the strings command to extract the contents of the compressed file:

strings test.txt.gz

Example output:

This is a test file.

The strings command is able to extract the original text from the compressed file, even though the file itself is in a binary format.

Next, let's try an encrypted file. For this example, we'll use the openssl command to create an encrypted file:

echo "This is a secret message." > secret.txt
openssl enc -aes-256-cbc -in secret.txt -out secret.encrypted -k mypassword

Now, you can use the strings command to try and extract the contents of the encrypted file:

strings secret.encrypted

Example output:

Salted__
mypassword

As you can see, the strings command is able to extract some information from the encrypted file, such as the salt and the password used for encryption. However, it cannot extract the actual contents of the file, as the data is encrypted.

The strings command can be a useful tool for quickly inspecting the contents of compressed and encrypted files, even if it cannot fully extract the original data. This can be helpful for tasks such as troubleshooting or analyzing the structure of these types of files.

Summary

In this lab, you learned about the purpose and usage of the strings command in Linux. The strings command is a utility that extracts printable character strings from binary files, including executable files, libraries, and other binary data. You explored the basic usage of the strings command and how to customize its behavior using various options, such as printing the file name and offset for each string found. Additionally, you learned how to use the strings command to explore strings in binary files, including compressed and encrypted files, which can be useful for further analysis or debugging of binary files.

Linux Commands Cheat Sheet

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy