SKJ3161 - AMALI UNIX/LINUX

SKJ4171 - AMALI ETHICAL HACKING

Chapter 1
Linux Basics

DR. MOHD FADZLI MARHUSIN

Faculty of Science and Technology
Universiti Sains Islam Malaysia
Bandar Baru Nilai,
71800 Nilai, Negeri Sembilan, Malaysia

1
Ref : Rafay Baloch (2014). Ethical Hacking and Penetration Testing Guide Auerbach Publications, 1482231611.
Linux
 Linux by far one of the most powerful
operating systems
 compatible with a wider variety of hacking
tools and software
 Linux distros - Ubuntu, Fedora, Knoppix,
and BackTrack etc.

2
Major Linux Operating Systems
 Redhat Linux—Used mostly for administration purpose.
 Debian Linux—Designed for using only in open source
software.
 Ubuntu Linux—Designed mostly for personal use.
 Mac OS X—Used in all Apple computers.
 Solaris—Used in many commercial environments.
 BackTrack Linux—Used mostly for penetration testing.

3
File Structure inside of Linux
 most
everything
is a file,
and if it is
not a file,
then it is a
process

4
 Directories—Files that are lists of other files.
 Special file—The mechanism used for inout and output. /dev are
special files.
 Links—A system to make file or directory visible in multiple parts of
the systems.
 Sockets—A special file type, similar to TCP/IP sockets providing
inter-process networking.
 Pipes—More or less like sockets; they form a way for process to
communicate with each other without using network socket.

5
Directory Content
 /bin Common programs, shared by the system, the system administrator, and the
users.
 /boot The startup files and the kernel, vmlinuz. In some recent distributions also grub
data. Grub is the GRand Unified Boot loader and is an attempt to get rid of the many
different boot-loaders we know today.
 /dev Contains references to all the CPU peripheral hardware, which are
represented as files with special properties.
 /etc Most important system configuration files are in/etc., this directory contains data
similar to those in the Control Panel in Windows
 /home Home directories of the common users.
 /initrd (on some distributions) Information for booting. Do not remove!
 /lib Library files, includes files for all kinds of programs needed by the system and the
users.
 /lost+found Every partition has a lost+found in its upper directory. Files that were
saved during failures are here.
 /misc For miscellaneous purposes.
6
 /mnt Standard mount point for external file systems, for example, a CD-ROM or a
digital camera.
 /net Standard mount point for entire remote file systems.
 /opt Typically contains extra and third-party software.
 /proc A virtual file system containing information about system resources. More
information about the meaning of the files in proc is obtained by entering the
command man proc in a terminal window. The file proc.txt discusses the virtual file
system in detail.
 /root The administrative user’s home directory. Mind the difference between /, the root
directory and /root, the home directory of the root user.
 /sbin Programs for use by the system and the system administrator.
 /tmp Temporary space for use by the system, cleaned upon reboot, so don’t use this
for saving any work!
 /usr Programs, libraries, documentation, etc., for all user-related programs.
 /var Storage for all variable files and temporary files created by users, such as log
files, the mail queue, the print spooler area, space for temporary storage of files
downloaded from the Internet, or to keep an image of a CD before burning it.
7
File Permission in Linux
 Group Permission
 Owner—The Owner permissions apply only the owner of the file or directory;
they will not impact the actions of other users.
 Group—The Group permissions apply only to the group that has been assigned
to the file or directory; they will not affect the actions of other users.
 All User/Other—The All Users permissions apply to all other users on the
system; this is the permission group that you want to watch the most.
 Each file or directory has three basic permission types:
 Read—The Read permission refers to a user’s capability to read the contents of
the file.
 Write—The Write permissions refer to a user’s capability to write or modify a file
or directory.
 Execute—The Execute permission affects a user’s capability to execute a file or
view the contents of a directory.

8
E.G.
 root@Net:~# ls -al
 We will talk about aforementioned command later on in this chapter.
 -rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run
 drwx------ 2 ali tut 4096 Oct 25 2012 cache
 File auto run permission
 -—No special permissions
 rwx—Owner (net) having read, write, and execute permission while
group (tut) having read and execute and other also having same
permission.
 File cache permission
 d— Represent directory
 rwx—Owner (ali) having read, write, and execute permission while
group (tut) and other/all does not have any permission for accessing or
reading this file.
9
Linux Advance/Special
Permission
 l—The file or directory is a symbolic link
 s—This indicated the setuid/setgid permissions.
Represented as a s in the read portion of the owner or
group permissions.
 t—This indicates the sticky bit permissions. Represented
as a t in the executable portion of the all users
permissions
 i—chatter Making file unchangeable
 There are two more which mostly used by devices.
 c—Character device
 b—Block device (i.e., hdd)
10
Link Permission
 root@net:~#ln -s new /root/link
 root@net:~#ls -al
 lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new
link is created for a file name called new (link is
symbolic for file name new)

11
Suid & Guid Permission
 setuid (SUID)—This is used to grant root level access or
permissions to users
 When an executable is given setuid permissions, normal
users can execute the file with root level or owner
privileges.
 Setuid is commonly used to assign temporarily privileges
to a user to accomplish a certain task.
 For example, changing a user’s password would require
higher privileges, and in this case, setuid can be used.

12
 setgid (SGID)—This is similar to setuid, the only difference being
that it’s used in the context of a group, whereas setuid is used in the
context of a user.
 root@net:~#chmod u+s new
 root@net:~#ls -al
 -rwSr--r-- 1 ali ali 13 Mar 18 07:54 new
 Capital S shows Suid for this file.
 root@net:~#chmod g+s guid-demo
 root@net:~#ls -al
 -rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo
 Capital S shows Guid for guid-demo file and capital S is in group
section.

13
Stickybit Permission
 This is another type of permission; it is mostly used on
directories to prevent anyone other than the “root” or the
“owner” from deleting the contents.
 root@net:~#chmod +t new
 root@net:~#ls -al
 -rw-r--r-T 1 ali ali 13 Mar 18 07:54 new
 Capital T shows that stickybit has been set for other user
(only owner or root user can delete files)

14
Chatter Permission
 root@net:~#lsattr
 ---------------- ./new
 root@net:~#chattr +i new
 root@net:~#lsattr
 ----i----------- ./new
 Small i shows that this file is unchangeable and lsattr is a
command to check if there is chattr on file.

15
 STOPPED P
 Before we end up with file permission, let’s have little
look about numerical file permission.
 r=4
 w=2
 x=1

 The sum of those aforementioned values manipulates

the file permission accordingly, that is,
 root@net:~# ls -al
 -rw-r--r-- 1 ali ali 13 Mar 18 07:54 new

 Here other user only having “read” permission so what

we are going to do is to change it into read and write but
not execute.
16
  root@net:~#chmod 646 new
 root@net:~#ls -al
 -rw-r--rw- 1 root root 13 Mar 18 07:54 new
 Let’s explore a bit more into it, we want read + write
permission so 4 + 2 = 6 that’s mean read and write.
 Hope it is clear now how to set permission on a file and
what it does.

17
Most Common and Important
Commands
ls: list directory contents
cd: changes directories
rm: remove files or directories
chmod: change file mode bits, from read to write and vise versa
chown: change ownership of a file
chgrp: change group ownership
screen: screen manager with VT100/ANSI terminal emulation, create background
process with terminal emulator.
ssh: secure shell for remote connection
man: manual/help
pwd: print name of current/working directory.
cd..: moves up one directory
mkdir: create a new directory
rmdir: remove directory
locate: find a file with in directory or system

18
whereis: find a file with in system
cp: copy file
mv: move file/directory or rename a file or directory
mount: mount device such as cdrom/usb
zip: compress directory/files
umount: umount(eject) the usb
df: list partition table
cat: concatenate the file
ifconfig: show interface details
w: Show who is logged on and what they are doing
top: show system task manager
netstat: show local or remote established connection
nslookup: query Internet name servers interactively
dig: dns utility
touch: create a file
nano: file editor
vi: vim file editor
free -h: check free memoryruns.

19
Terminal Window
 Enables access to the shell console functions
 Enables the user to execute shell commands
 Frequently used commands
 date
 who
 whoami
 clear
 pwd
 cd
 ls
 ps
 man
 exit
 shutdown

20
date Command
 Displays the current date and time
 Syntax –
date option
 Frequently used options
who Command
 Display details of all the users who are
currently logged in
whoami Command
 Display the name of the user who has
currently logged in
clear Command
 Clears the terminal screen
 Syntax –
clear
pwd Command
 Display the entire path name of the
current directory
cd Command
 Change the current directory to the specified
directory
 Syntax –
cd directory_name
 Uses the ..(space followed by double dots) to
move to the parent directory of the current
directory
 cd /. will jump into root
 root@myhc:~/Documents# cd /.
 cd .. will jump into parent directory
 root@myhc:~/Documents# cd ..
ls Command
 Displays the names of the files
and sub-directories in the
directory
 Syntax –
ls option
 Frequently used options
ps Command
 Displays a list of
processes that are
currently running
 Syntax –
ps option
 Frequently used
options
man Command
 Display manual pages for the commands
 Uses the up and down arrow keys to
scroll though the manual page
 Uses the q key on the keyboard to exit
the manual help page and return to the
command prompt
 Syntax –
man command_name
exit Command
 Terminates the terminal window
 Logs the user out from the account in the
shell console
 Syntax –
exit
shutdown Command - I
 Terminates all processes and shuts down
the system
 Can also restart the system
 Syntax –
shutdown –options –t secs time message
shutdown Command - II
 Frequently used options

 –t secs - Enables a seconds delay before killing the

process and changing the run level
 time - Specifies the time taken to execute the
shutdown command  
 message - Specifies the message that must be
displayed on shutting down the system
Creating a Directory
 The mkdir command is used to create a
directory
 The syntax for the mkdir command is:
mkdir option
Removing a File

 The rm command is used to remove a file

 The syntax for the rm command is:
rm option file/s
Displaying the File Contents
 The cat command is used to display the
contents of the specified file
 It is also used to create a new file, append data
to an existing file, and concatenate the data of
two or more files into one file
 The syntax for the cat command is:
cat option file_name
Copying Files and Directories

 The cp command is used to copy the contents of

the files and the directories
 The syntax for the cp command is:

cp option source_file destination_file

Moving Files and Directories
 The mv command is used to move a file or a
directory from one location to another
 The syntax for the mv command is:
mv option source-file destination-
location
Renaming Files and Directories
 The mv command is also used to rename a
file or a directory
 The syntax for renaming a file is:
mv old-file-name new-file-name
Finding Files and Directories
 Detailed is discussed in Chapter 4
Displaying the Contents Page-
Wise - I
 The less and more commands are used to
display the contents of a file or directory one
screen at a time
 The less command enables to scroll upwards
while viewing the contents of a file or directory
 The syntax for the less command is:
<command> | less [option]
 Displaying the Contents Page-
Wise - II
 In the more command, once we scroll down we
cannot move up
 The syntax for the more command is:
<command> | more [options]
 
Linux Scheduler (Cron Job)
 Cron is a utility that helps us create schedule to perform
a certain task/command. As we know that /etc having
configuration files for most of the services same as for
cron.
 We will just go through a quick review of how does it
work and how do we set it up.
 The following is the hierarchy for it.
# * * * * * command to execute

42
 First * represent min 0-59
 Second * represent hour 0-23
 Third * represent day of month 1-31
 Forth * represent month 1-12
 Fifth * represent day of week 0-6

43
Cron Permission
 Two files play important role in cron.
 Cron Permission
 Two files play important role in cron.
 cron.allow
 cron.deny
 If these files exist, then they impose some restriction accordingly on users.
That is, if a user is in deny list, so he/she won’t be able to schedule any
job/task and if user is in allowed list then she/he will be able to add schedule
job/task. All we have to do is just add user name in either of these two files.
 Cron Files
 Cron.daily
 Cron.hourly
 Cron.weekly
 Cron.monthly

 /etc/crontab: system-wide crontab

44
45
 This is the output for crontab file; in other words, cron.hourly ,
cron.daily , cron. weekly , cron.monthly are symlink of crontab.
 Let’s say I would like to run a schedule at 12Am daily basis .
 root@net:~#vi /etc/cron.daily/logs
 0 0 * * * /home/network/log.pl
 Save and exit.

46
Execute a job in every 5 seconds
 Cron does not provide this feature by default. For this, we need to write up a small
bash scriptnnto accomplish this task by using the “sleep” command
cat seconds.sh
#!/bin/bash
while true
do
/home/cron/seconds.sh
sleep 5
done
root@net:~#chmod +x seconds.sh
root@net:~#nohup ./seconds.sh &
 This command will exit if any error occurred and & signed will put the process in
background.

47
TQ

48