倫理的ハッカーのためのLinux (Kali Linux Tutorial) (Linux for Ethical Hackers (Kali Linux Tutorial))

字幕表動画を再生する

what is up, everybody?
My name is Heat Adams.
And I welcome you to this course called Lennox for ethical hackers.
So in this course, we're gonna be covering a lot of things.
We're really gonna be going in hammering down on the terminal and the command line.
And if you've never learned limits before, this is a really great start for you, especially if you're interested in becoming ethical hacker or penetration tester.
So enough of my face.
Let's go ahead and just dive right in.
All right, everyone, welcome to this course titled Linens for Ethical Hackers.
Before we get started, I'd like to do a little Who am I?
So my name is Heath Adams.
I also go by the cyber mentor.
I am a husband first a hacker, a military veteran.
Ah, gamer sports fan and animal Dad, I am a former accountant.
Turn security geek.
So I've been in cybersecurity about three years now, and before that, I was an accountant.
Hated it, picked that that field for all the wrong reasons.
Eso Once I went into i t and cybersecurity, I never looked back and I've never been happier on the day to day I am a senior security engineer.
I'm also a business owner at TCM Security.
So before that, I was a senior penetration tester doing penetration, testing an ethical hacking.
I branched out and started my own business, focusing on ethical hacking, training and student development s So now I'm doing that full time, along with a job as a senior security engineer.
Okay, so let's go ahead and talk about what will learn in this course.
So this course is going to be all hands on.
Besides this little introduction here, you're not gonna see a lot of power point.
Besides, quick overview of what, the course or the video that you're about to see has coming.
Eso 95% hands on course.
I will not kill you with power point.
That's not my goal.
We're gonna be focusing on Callie Lennox this entire coarse and really learning linens and learning linens for the purpose of becoming ethical hackers.
So we're going to install the M wear, which is a virtualized software virtualization software.
And then we're gonna run Kallie Lennox inside of the M.
Where, after that, I'm gonna give you a overview of Kelly Olynyk show you some of the common tools.
What it can do, why it's awesome on.
Then we're gonna do a deep dive into the terminal.
So that means is we're going to be hands on doing commands and learning.
Lennox eso will be running, navigating the file system.
So how to get around in the file system from the terminal?
We'll learn about users and privileges howto add users howto uh, what kind of privileges and permissions air there?
What important files exist regarding those?
We're gonna talk about Common Network Command.
So if you want to be a pen tester ethical hacker, you need to know networking at least at a basic minimum.
So we'll talk about those common network commands that you should know how to run them.
What they dio.
We'll talk about viewing, creating an editing files that's obviously important.
If you want to create a quick file or edit a file from the command line, how you can do that?
We'll talk about starting and stopping.
Service is such as a Web server, sshh sequel database, etcetera.
We're gonna talk about how to install updates, how to install tools and howto update those tools, and then lastly, we're gonna put everything we learn together and do some scripting and bash.
So we're going to write, Ah, basic bash script and then we'll improve upon it and then I'll show you some four loops, some other logical scripting ideas and then we'll kind of put that together and hopefully come to a nice completion when it's all said and done.
So with all this being said, I am excited to have you in the course with me.
I look forward to teaching you and let's go ahead and start with installing BM where all right, the first thing that we're going to need to do is to install software called the M Wear Workstation Player.
Now we have two ways to run Kallie Lennox.
We can either run Kallie Lennox through a virtual machine or weaken.
Stall it as an operating system on a hard drive for this course and this lesson, we're gonna be using a virtual machine and preferably we're gonna be using being where workstation player.
I'm gonna show you how to install the, um where workstation player and I'll show you some of the alternatives to it as well.
So let's go ahead and dive right in.
Okay, So if you go out to the Inter Web and you go to Google and you type in Vienna where workstation player, the first thing that will come up for you is this download the, um where?
Workstation player link.
You're gonna go ahead and just click on this.
And now I also want to introduce alternatives.
So there is a another software platform called or cold patrol box, and you will be able to insult either my preference and the course is gonna be taught the rest of the way through is gonna be in Vienna, where workstation pro, but we will use player for the install Your ability fall along with player.
You'll also be able to fall along with Oracle virtual box if you so choose.
But we will not be showing that installation.
Another thing that should be noted is there is this comparison page here, and I will be using the end where workstation pro.
There's a nice little checklist here that shows what pro can do versus player.
It has a lot of the same features here.
Some of the nice things is running multiple be ems at once.
You can't technically do that with being where workstation player.
There's workarounds for it.
But to have it in a single tabbed interface, it's very, very nice.
You see here the drag will tabbed interface.
That's another feature.
Ah, Snapshots.
So basically making a backup of your machine all included in workstation pro.
So if you have, ah, some money to shell out and this is something that you're interested in doing long term, it may be worth looking into a workstation pro license, but by all means, you can get away with a workstation player installation, and that's exactly what we're gonna d'oh.
So let's go back to the first tab here and you could see it says Try the end where workstation player Wooderson scroll down and this install and everything's gonna be running on top of windows for me.
If you're installing for limits, that's fine as well.
Just follow your instructions for your respective OS.
Go ahead and select download.
Now I'm gonna save the file.
Okay, it downloaded.
I'm gonna hit Run!
It's going to ask if we want to accept the changes.
Yes.
Okay.
Now we're gonna hit next.
Well, except the license agreement and possibly give away our first board.
I'm gonna go ahead and check.
Yes, For the enhanced keyboard driver, we don't need to check for a product update.
We don't need to join the, um, where customer experience improvement will hit next.
On that you can leave both of these checked or check to your preference and then hit install.
And while this is installing, I can actually show you what bm where pro looks like this is a pro instance running here.
You could see that I have the tabs and their drag a ble, as it was notated in that that differential spreadsheet that you saw.
And I've got a Cali instance running.
That's actually my main Callie machine.
I've got Windows 10 running here, and this is all actually sitting on top of a real Windows 10 machine as well.
So we're just installing workstation player.
I'm gonna run a V M inside of a V M.
So it's gonna be a little bit of'em exception here on.
Then we're just gonna hit finish, and then we're going to restart this machine as it needs a reboot real quick.
Okay, now we are restarted and we're back to our desktop here.
You could see that being where workstation player has been added to the desktop, let's just go ahead and double click that to open it and we're going to choose to use the end where Workstation 15 player for free for noncommercial use.
If we wanted the Prohibition, we would enter in our access key here license key and continue on with the pro addition.
And now we will use the finish button here and we we've brought to our V aware workstation 15 player So you can see here that it's a much, much different view.
It's very, very basic.
We have the option to open a V m here, and we'll have the one B m stored in this tab that we can open up and that'll be it.
Uh, there are ways around running multiple be EMS at the same time.
But if you're looking to build a fluid lab out and have multiple be EMS running similar, I have here having the VM were pro again.
It does have its benefits.
Here s so you could see this is a much, much different look.
This is very generic as we, uh we can see here.
So from here we're gonna do is we're gonna go ahead and stop in the next video where we are going to focus on balloting.
Callie Lennox and we'll talk about what Callie Lennox is.
And, ah, some of its features as well.
So I'll catch you over in the next video.
All right, Now, let's move on to installing Callie Lennox in R V M Ware software.
Okay, so, picking up where we left off, we had just installed the end where?
Workstation 15 player.
And now we need a V m to actually be able to play with it.
Eso this whole course is going to be based on Callie Lennox.
If we open up a Internet browser here, I've got a few tabs already opened.
So what I want you to do is go ahead and go out to Google and his type in Cali K l I.
Lennox download and leave it here.
What we're going to do as well is I want to talk just a quick second about what Callie Lennox is.
So Callie Lennox is a debian based Lennix os, so it's based on pen testing, uh, tools and it's made for pen testers.
So what it does is it comes preloaded with a bunch of penetration Testing tools.
Ah, tool kit if you'll call it.
And it is just made for people who are looking to do pen testing.
So this is provided by offensive security.
If you come to Cali dot or go and you look at the about us, it provides a little bit of information about who the core developers were and some of the moderators.
But basically what it is is, uh, it followed up a tool called or distribution called Backtrack s O the new The new tool is Callie Lennix.
Now there are alternatives out there.
One of the alternatives right now is called parrot s.
If you go to a parent sec dot or GE and you look into what is parent, you can see that they have different distributions and they talk about why parents different, but they do have a pen test distribution here.
So for this course, we're going to be using Callie Lennox.
But I always do like to introduce the alternatives.
Um, Callie Lennox is probably more popular at this point.
Parrot os is kind of on the newer side.
Some people are starting to get behind it and liking it.
But I would say Callie still dominates.
The third option is that you set up your own distribution so you haven't a less that you like, and then you install the tools on the OS that you like and you have your own custom build.
So some people feel like, you know, Callie or uneven parent.
They come with a bunch of tools that they'll never need, so their systems bloated, and they really just have a set amount of tools that they like.
And if there's a tool that they want to add into the system than the download on their own, they don't want to have a ton of bloatware coming with their system.
But with my experience in the industry, mostly everybody that I've worked with is using Callie Lennox.
Some people are doing their own bills, especially unlike the Web app pen testing side.
And then now parrot is kind of that up and coming os that some people are transitioning thio.
But it is predominantly Callie lyrics.
So that is why we're doing this course in Cali.
Lennox and I feel like It's the best option for us to learn some just some basic clinic skills and learning in the OS That is the most dominant in the industry right now.
So let's go ahead and go back to that Callie Lennox download.
And while this link has been clicked on, do not let her fool you were actually not clicking on the official Callie Lennix, Dallas page.
We're gonna scroll down a little bit.
I want to go to the Cali Lennox custom image downloads page, and I'll show you Why here.
So this is that offensive dash security dot com.
Make sure that's the one you're falling along with.
And if you scroll down just a bit, you see that they're providing us of'em were images and virtual box images to remember when I told you that virtual box is an option if you chose that option.
Here you go.
Right here.
You click on this tab and you'll download the virtual box image.
Now we're gonna be doing is we're going to be running Cali.
Lennox of'em were 64 bit and we're going to download this seven zip right here.
You also have the option to download a torrent, if you like.
The file size is going to be a two point for gig, so it might take you a minute, depending on your your speed of your internet.
Um, and they also provide a shot to 56 some if you want to check the the file when you download it.
So I'm gonna go ahead and just hit download on this and I'm gonna save it, and I will come back as soon as this file is finished downloading.
Okay, it's in.
My file has finished downloading.
I'm gonna navigate to the folder where it has downloaded two, which is the downloads folder, and you can see here that is a seven zip file.
So my installation by default does not have seven sip.
If you do not have seven sif, either we can go ahead and download that together.
So if you go out to Google and you just type in seven zip, the first thing that comes up it's seven dash zip dot or GE.
You'll see a download tab here.
Just go ahead and click on that link and go ahead and download the execute herbal for your respective operating system.
So for me.
I'm gonna be downloading the 64 bit Windows version here, and I'm gonna hit save.
I'm gonna hit.
Run!
Say yes.
I'm gonna go ahead.
Install to the default directory.
Okay, Now that's installed.
Let's go back to our folder and let's select that we open with seven.
Zip here.
Okay, Now, let's see if you can drag and drop.
We can.
So all I'm doing is dragging and dropping.
I'm putting it in the downloads folder.
You don't have to do that.
You can drag it and put it in a location that you would prefer.
This is going to extract, I believe at a larger file size than just the 2.5 gigs that we downloaded their 2.4 gigs.
So make sure that you have, ah, file space where you're gonna put this so may go ahead and let this finish, and then I will be right back.
Okay, so I successfully unzip this file, and just for the record, if we hover over it, you can see that it actually extracted to be 10.4 gigabytes.
So let's make sure that wherever you extracted two, you have the 10.4 gigabytes in order to successfully complete the extraction.
So from here, let's go ahead and open up our VM wear player.
And we're going to go to player up in the left hand corner.
We're gonna slit file, and then we're gonna select open, and then we're gonna go to downloads, and we're gonna go into our Callie Lennox folder here and or wherever you put it.
If you didn't put it in the downloads folder and then just select the one item that should be here, it's a little four kilobyte file.
And what this does for us is it automatically has a build that's just ready to go.
So this is really awesome.
We don't have to download the image itself and then install it and then pick all the features.
No, this just ready to go for us.
So we can also come down here in select edit virtual machine settings, and there are a couple of features here.
So depending on the amount of memory that you have on your machine, so right now this is sitting at two gigs of Ram.
That's fine.
If you want it to run faster, I recommend going somewhere between four and eight.
Obviously, the more ram you give it, the better it's gonna perform.
But if you're running on eight gigs Aram for your machine, really not going to do well for you?
My recommendation is no more than 1/4.
So if you're running on 16 then maybe give this four.
You could really try pushing it up to eight, but I am running on 32 right now, so I could crank this up to eight by my role here.
But just for working with you and falling along, I'm gonna set this to two.
And then we're gonna perform into that way that we are working at the same speeds across the board.
Another thing that we need to know is the network adapter.
By default, it's set to Nat.
We're gonna go ahead and just leave it at Nat here.
Yours may come set to bridge, yet for some reason, that's set to bridge.
You can try that.
But my default preference is Nat.
So let's go ahead and just hit.
Okay?
Okay.
And now we're just gonna hit play virtual machine and a little side note.
I am actually now on my os.
I'm running on my, uh, my Windows OS, as opposed to just running inside the VM.
If I was running a V m inside of the M, I would have a lot of issues.
Segregation, etcetera.
So now I've actually moved out of the V m and have this running in player on my windows OS.
Okay.
And then when we get this pop up here, go ahead and just say I copied it and this will start the machine and you could see the ah other VM where player back here, it's gonna go ahead and directly just start loading up here and we get to this screen so we click in.
And if we try to just enter in our username password, our user name by default is gonna be route.
Our password is going to be route backwards.
So T o r.
And then hit.
Enter.
Now we can make this full screen over here by clicking this button and will enter into full screen mode.
We are now successfully logged into our Callie Lennox machine.
We've installed this successfully and now we are ready to start learning.
So that's it for this video in the next video we're gonna be doing is we're going to cover some of the tools and features of Cali Lennox, and we'll start talking about what it's capable of.
And then we'll dive right into the terminal after that and start learning Cem.
So command line and some useful tools with linens.
So I will catch you guys in the next video.
All right, now let's take a look around Calleigh Lennox and just see what it has to offer us in terms of tools design, etcetera.
So stifled right in.
Okay, so we're at our desktop here inside of Cali linens.
Now you see the Kai Lennox logo.
You see, there's a couple of things on the desktop.
You don't have to worry about these.
They're just from VM.
Wear themselves.
Put on your desktop.
If you install this as an actual OS, this will not be here.
So when we talk about navigating around Calleigh Lennix, there's a couple of places that we can look.
If we look right away, you can see on the left hand side.
Over here.
We've got a favorite bar, so we've got our folders.
So if you click on the folders or files, we can navigate around this feels like any other machine.
Right?
Uh, we have our documents, download music pictures.
If your Windows user Mac user, whatever this feels pretty common.
So this is a gooey or a graphical user interface way of interacting with the folders.
Um, as you move on and we move on this course, we're gonna be living in the terminal.
So the terminal is right here.
If you click on the terminal.
This is something similar to your command line.
So from here, we can actually navigato all these folders here, and we can put files in there, take fouls out anything that we can do and a graphic point of view.
We can also do from this command line point of view as well.
So as we learn, we're going to get a little less relying on the graphical interface and more on the terminal side of things, however, do know that there are ways to do a lot of things from a graphical side.
If you still I mean that that interaction with the machine and you don't want to be completely keyboard oriented.
There are also tools on the side over here.
If we Look, we've got a leaf pads.
A leaf pad is just like a note pad, right?
Or, you know, just your notebook.
Here you can take some quick notes.
Save it out.
Should be pretty familiar for you as well.
Eso They've got fire Fox that used to be called ice weasel.
And that's just your Web browser.
Down here are some of the tools that you may use Now.
Burb Suite is a very popular tool for Web application penetration testing.
We're not getting into any of these tools at the moment, but I will cover what a couple of them do so again.
Burb Sweets, a Web application penetration testing tool.
If you ever get into Web app, or if you even get into some basic pen testing, chances are you're going to start using burb sweet on a pretty regular basis.
Over here is N map.
Now this is the graphical version of a tool called end map, and you will be using and map pretty religiously when you're doing pen testing.
So if you like a visual view of doing scanning so and map is a network mapper, it allows you to scan machines for open ports.
Ah, and for vulnerabilities.
So if you want that in a more of a visual type of you a graphical interface type you, then you have Zen map as a feature.
This little guy down here is medicine plate.
Now, Medicine boy is a tool that can be taught.
All these are tools that can be taught in deep, deep lessons all by themselves not to make the intimidating for you at all.
Just know that that's how robust this is.
We're looking at three tools right here, and they're all very, very powerful.
Um, and this isn't even the half of it or the quarter of what Talia Lennox has to offer.
Eso Medicis plate.
You may have heard of it.
If you've heard of anything in pen testing, it is a framework that does just a little bit of everything.
So ah, lot of pen testers live and die by this.
Ah, it's a fantastic tool in my opinion, and you're going to get very, very intimate with it very, very quick.
If you do move into pen testing down here is a tool called Cherry Tree.
And that's pretty much where I'm going to stop.
We've got multi go in kid's mitt.
These air just This is wireless base.
And this one here is ah is information gallery base, but cherry trees, another useful one.
If we open that up, this is actually another.
Um, no keeping tool.
Like I showed you.
Leave pad.
Leave patches for quick little one offs.
Um, cherry tree is more of note keeping as a whole.
So you've got notes that you can ads.
You can add a note here and just say, Say you're following along and you want to add notes.
You can say, Ah, Lennox, you know, And then you haven't knowed you can add all of your notes in here, and then you can actually add Children nodes as well.
So maybe there's a command that you want to add it.
So say we're covering commands and you want to write all the commands in about one X down here.
You could do that as well and then say this out.
A nice thing, too, is that you can take Screenshots and put them in here and exports really nice.
And this is gonna be very, very useful for anything in your career.
But when it comes to pen testing.
There are so many tools, so many commands, that I think it is incredibly important to be able to take notes and cherry tree is built in already.
Personally, I use what used to be in Cali Lennix, which is a tool called a keep note.
But cherry tree is a great alternative as well, so either of them would work.
And it is highly recommended by me that you use some sort of note keeping tools as you go through your courses and get better as a pen tester.
Someone to close out of this here and I want to show you a couple more things.
You have a feature here where you can show all of your applications, said you click on that will bring up all the applications, including the ones that are group down here.
Another way to do this is if we come up into applications at the top, you can see that everything is grouped really nice for you.
So it goes through the steps of penetration testing.
And let's say that like I am gathering information on a client.
Okay, well, here are some of the built in tools for information gathering right here.
Um, say you want to dio wireless assessment And do you want to do that?
Those sorts of attacks you've got all these wireless tools build in for you right here.
Now, chances are you're gonna be running these tools from the command line.
So again, you know, you don't want to get, um too hung up on the graphical side of things.
Ah, as you may not always have access to that either, but it's important to know what tools that you have in front of you.
And there are even tools like wire shark in here.
So very, very useful.
Pretty much a little bit of everything that you can imagine.
So just, um, you know, take some time and go through the tools.
And if you're becoming a pen tester, you're working on it, you know, just just, um, you know, look at a tool and do some research on it.
Say you want to know what this Mac changer is.
It might be obvious it might not be obvious, right?
S o.
Maybe you go Google what Mac change or does how to use it with the sin taxes and then you play around with that, take a new tool every day, figure out something that you can do with it, how to use it, what it does.
But so Callie Lennox is a distribution full of useful tools on it.
You know, for a base OS, it's fantastic.
And this is why so many people in the industry just download this, install it, and they're ready to go.
Um, you know, we talked about in the previous video how their other OS is, or there people out there that like to just do there, they're based in stall.
And you can see that there's bloatware here, if you want to call it that right.
Like there's forensic tools.
And maybe you'll never do any forensics in your life.
And you don't need all this installed in your system.
So if you're type of person, that is, um, you know, it doesn't want this extra stuff, this extra software on your system.
Okay, then maybe you do start moving towards that custom build.
Eventually in your career, you say, Hey, I want, uh I want to learn all these things first.
And then once I learned what tools I really like Then maybe you move to your own distribution that you create yourself and you spend that up every time instead of having all these tools built in but as a base OS as something that you can learn from and start with.
This is why I have chosen Callie.
And this is why we're gonna learn it today.
So let's go ahead from here.
What we're gonna do is we're gonna dive right into the terminal.
So let's just open this terminal.
Um and then we're gonna full screen it and move on to next video.
So from here on out, what we're gonna be doing is we're gonna be living in this terminal.
Um, I'm going to back away from the graphical side of things and really just ah, get your your hands dirty in the terminal, make you feel comfortable.
If you've never used Lennox before, this is perfect for you.
So I'm gonna give you the pen tester perspective on why we're doing a lot of these things.
Some of these commands are going to be the same commands, regardless, if it's on a Cali Lennox machine orbits on ah, another distribution of Lennox.
So you'll be able to take a lot of these commands and just use Lennox and another system as well.
So if you're interested in pen testing your interest in Lennox, this is where we really get into the meat of the course, and it should get interesting for you.
So I will catch you over the next video.
We're going to start talking about how to navigate the file system and get comfortable with that, all right, onto navigating the file system.
So first, let's talk about some of the commands we're gonna learn today.
So we're gonna learn about PWD, which is President Working directory.
We're gonna learn about CD, which is how we change directories.
We're gonna learn about L s, which is going to be listening the files in a folder or in a directory.
And we're also gonna talk about how to find some hidden folders with L s.
We'll talk about how to make a directory and to remove a directory.
We're gonna talk about copying, removing, moving and locating files.
We'll talk about something called Update Devi and how that pertains to locating files.
We'll talk about the password and how to change our password and we'll talk about unimportant command called man.
So by the end of this first lesson, you should be pretty comfortable with all of these commands.
It may seem a little daunting, but they all kind of play in with each other again.
Please make sure to take notes you got cherry tree built in.
You can also use keep notes or even just a note pad in front of you that will help with the experience.
And also maybe watching the video more than once will help with the experience as well.
So let's go ahead and dive right into the command line.
Now, our first lesson in Lenox terminology is going to be navigating the file system.
So if you're a Windows user, you're used to navigating your file system, probably through folders through a gooey So a graphical user interface.
Well, in Lennox, we can do that.
But the majority of time we're gonna live in this terminal here, so we really need to know how to get around.
So the first thing we can do here is we can say Hey, where we at and that's PWD.
So that stands for present working directory.
So you type that in you hit.
Enter.
And it says, Okay, we're in the root folder, so we know that we're in the root folder.
But how do we get out of the root folder?
We can use a command called CD and that stands for change directory.
So if we want to change directory backwards, we just tape into dots here and now we can say, Okay, where we at?
So we're in a slash So we're just in a home folder here or just there are generic slash folder, right?
So what we can do is Well, how do we know?
Can we go backwards from here?
Let's keep trying.
So we do pw again?
No, we can.
This is our base folder.
Right?
So you have to think of this as the the lowest you can go.
So now how do we move around?
How do we know how to go forwards again?
Well, we don't know what's in our directories, right?
So we're sitting in this slash folder, and how do we look around?
So there's a command called l s that lists everything that's in the folder.
So if we say l s we kind of see this color coordinated here.
And the color coordination.
It just depends on if the folder, If the folders read right, you know, there's permission settings, which we're gonna get into later.
But the majority of these here are folders.
Okay.
Well, we know we just came out a route so we can go back into route now.
How do we do that?
So we can say change directory route, and we can actually hit tab to auto complete.
I don't know if you caught that, but there's no Are any folder besides roots?
So at Arkham has hit tab, and it should type it out for me.
Oh, I lied.
There is a run in here somewhere, but it's hidden.
We're gonna cover that soon as well.
So Aro hit Tab Auto complete.
Can change directory in the route.
So it's lsn route and see what's in here.
Okay, this is more like our home folder.
Right?
So I've got desktop documents, downloads.
This is kind of what applies to the route user.
So what if we're sitting in this root folder here and we wanted to access instead this Etc folder?
Well, can we do the same at sea?
command here.
Well, I'm hitting Tab and nothing's happening Well, because Etc doesn't belong in this area.
Right?
But if we put a Ford Slash in front of it because this is the base and then we hit etc.
There.
Now we can navigate to the etc fuller.
We can actually double tab and see what's all in the etc folder like in l s se know.
Another way to do that is if we wanted to l s what's in the Etc folder without navigating to it, we get his type l s etc.
And you could see everything that's in here.
So there's some tricks that we can do, right?
So we don't have to actually navigate to the folder.
You know what's in there again if we l s and we want to know what's sitting in videos or even, let's say what's sitting in desktop for our folder.
Well, if we start typing desktop and hit tab, we can't do that either, because everything in linen is case sensitive.
So if we start typing desktop and then hit top now we can l snc was in there.
So our VM wear came with a couple of shell scripts here that are automatically placed on our desktop.
We wanted to confirm that you could see that they're both right here.
So as of right now, we are just sitting in our route home folder and we know how to navigate around.
So if we wanted to go to desktop, we could we could hit l s now and see what's in there.
We wanted to go backwards.
We could Okay, now we're back in our our root folder.
And you can also tell where you're at your president.
Working directory sits right here.
Right.
So this little a tilde is actually your home folder and you can see that we're in desktop.
So if we wanted to go back into our desktop instead of typing So you wanted to go to music from your desktop instead of going route music, which will work, you could also just say I want to go music, and that will put you there as well and notice you don't need the leading forward slash when you use the a told up.
So just some couple interesting tricks that you'll kind of pick up along the way.
Um, Tab is definitely gonna be your best friend.
If you run into something with multiple options, say you're trying to CD and you say I want to go on my desktop and you're tabbing It's not working.
You can hit double tab, and then it will show you.
Okay, well, there's desktop documents, downloads those your three options that start with a D.
So now you can have an idea as to how to kind of move around.
But let's, um, do a little bit more.
So what if we want to make our own folder?
Well, there's something called make directory M k d i R.
So if we say make directory will say, I'm just gonna use my name heat.
Now, if we l s, we can see that this he folder is now here.
We can go into the heat folder and there should be nothing in it, right?
So we can go back And we can also get rid of the heat folder removed.
Directory Heath Ellis again.
It's gone.
So now what else can we D'oh Well, we can also look for hidden folders so we can say l s Dash l A and we can look for hidden files and folders here.
Remember the color coordination.
So this dot cash right?
That in theory, is a hidden folder.
So if we say cd dot cash, we can go into their wi l s.
And there's actually some some information in there.
But when you saw it originally, you didn't see that we're gonna cover more on this.
I just kind of want to show you that trick.
As you see over on the left side, there's file permissions and properties.
So be aware that just because it looks like something's not there doesn't mean it's not there.
It might just actually be hidden similar to Windows, where you have hidden files and folders.
So just a quick trick to show you that.
So another thing weaken.
D'oh!
So let's go back and don't worry about what I'm doing here.
You're gonna cover these commands in a little bit.
Uh, I'm just gonna echo high, and we're gonna put that in a test dot text folder.
So naturally, l s you could see that test stop taxes here.
So if we want to actually copy this file, we can copy this file to another location so we can say Hey, I've got this test dot text, but I actually want to move it to downloads.
And if we go, l s to downloads.
You could see that tests attacks is actually sitting in there.
And if we wanted to remove it, weaken to say, remove from downloads.
Test that text, Actually.
Sorry.
Removed downloads, Testa texts.
We don't have to transition into that director if we don't want Thio.
So another trick.
Say we want to see now that it's gone, we're gonna l s what we wanna keep typing is out If you hit the up arrow Now you can just see your old commands.
So if you keep typing or command over and over, you could see what's going on.
So l s shows that there's nothing in downloads.
Now we're able to successfully remove that file.
So another thing that we can do is we can actually move.
So say we wanted to move tests dot text, and we wanted to put that into downloads.
Okay, Now, if the l s test dot Texas now gone from this folder because we've moved it, we haven't made a copy.
We've actually physically moved it away.
So now if we l s actually, let's just tab up.
You could see that test out taxes now in there.
And I'm gonna remove that here.
Okay?
And now the last thing I want to show you is the locate feature.
So if we wanted to locate a file I said I wanted to locate Bash, don't see.
So we're looking for a file, and we're gonna get more specific along the way.
But if you type in locate, you can kind of look through a system to see if you can find it.
Now, I'm looking for, say, any type of been bash or been our bash.
That's fine.
That's really what I wanted.
But it shows you everything with passionate.
Now, this might not work right away.
What you might need to do is update the database.
So you typing update d B.
It updates everything for you, and then you can use locate again.
So it has to build that database of the information that it's finding in order to locate.
Ah, what you're searching for.
So make sure that you use update Devi sort of frequently.
Okay, So two more things I want to show you and then we'll close out this video and move on to the next one.
So an important thing you want to do with your new account is we're using a default password, and that's not very secure.
So to change a password for our user, we can just type in P A s s W d.
And now it's gonna ask us for your password.
So instead of using tour, we can use something else.
I'm gonna type in the very secure password as my password for an example here.
But if you plan on using this machine for future reference, you can type in a secure password and kind of keep it.
So lastly, I want to show you is something called man.
So man pages, man pages are your instructions for any command that you're running Most commands come with a man page.
So let's say we want to look at l s weaken, Say, man l s And then it's gonna give us all this information here about l s.
So if you see it says l s is list directory contents awesome.
And then it gives you what options weaken.
D'oh!
Well, we can do Ah Dash a for all what you saw earlier, and you can kind of scroll through here and just see exactly what it has to offer.
And that's kind of it.
So when you go through here, um, you can kind of, you know, if you're struggling, toe, you know, there's a command in there, but you're not sure exactly what the command is.
You can type in man and search it, and sometimes you can do l s.
I don't know if this is gonna work, but Dash, dash help and you get some information as well.
It doesn't provide you the full man pages, but it provides you something pretty close.
So that's kind of just your way around.
If you ever get stuck.
Something to look for.
Okay, so that's it for this lesson.
Next, we're gonna move on to users and privileges, how to add users and how to ah, how to change some suit owes and some modifications to our file permissions.
So, until next time, my name is Heath Adams, and I thank you for joining me.
All right, now, let's talk about users and their privileges.
So what are we gonna learn this lesson?
We'll do a quick user pillage overview.
From there, we're gonna talk about the CH mod Command, which is the change mode, man, that's going to let us change the permissions on a file or directory.
We're also going to talk about how we're gonna add a user with the ad user command.
From there, we're gonna take a look at a couple of important files.
One is the etc password file and the other is the etc shadow file.
So the etc password file is not actually where the passwords are stored on a machine that is tthe e Etsy shadow file, which stores the hash is but the etc.
Password file does store where the users what users air on the machine and you can correlate that to the shadow file.
So we'll talk about those in more detail and their importance to pen testing very, very important.
And then we're gonna talk about s you, which is the switch user command.
And finally, we'll talk about pseudo, which is a command that allows you to elevate your privileges on a Lennox machine.
So let's go ahead and dive right into our lesson.
Okay, so now we're gonna cover users and privileges.
So in the last video, we touched a little bit on privileges with R L s Dash L.
A.
And we touched a little bit on users by changing the password of our route account.
So now we'll cover a few more commands regarding those.
So if we look again at last Dash L.
A.
You could see all this crazy, jumbled wordage over here, right?
So it actually means something.
So we look at the first line here.
If we see a dash like this, a hyphen, that means it's a file.
If we see a D, that means it's actually a directory.
And then you see r w and ex so R w An axe actually means read right, execute.
It's the permission settings that this particular group hats.
Now there are three groups here.
There's the 1st 2nd and then your third right here.
Right.
So your first group right here is the owner of the file.
So it looks like the owner of the file has full read right execution, right?
And then the next set of three here is actually the permissions for the members of the group that owned the file So this is a group ownership as opposed to actual ownership here.
So for the people that are in the group that has access to this file, they could only read execute.
They can't write to it now for the last one.
This is just all of their users.
So any common user here can actually just read and execute.
They can't write the document.
So that comes into play, especially when we get into penetration testing because with penetration testing, we're looking toe have full access, Right?
So we're always gonna be looking for that folder that has full read, right?
Typically, if we look at temp, that's our temple.
There are a lot of times you see the temp folder has full rewrite execute.
So when we're doing penetration testing, we're trying to upload some sort of exploit.
We might actually upload it into the temp older, because that's where we can execute those those files.
However, we could also be looking for other full read right execute files where we need to modify them and give us root access to a system.
So it's all about insecure configurations.
Um, and we're gonna cover that more once we get into the actual penetration testing part of the course.
So for the limits essentials part of the course, all we need to worry about is these file permissions.
Another important feature of that is, if we were to create a script, our script's not gonna be able to run until has full access.
So how do we change access here?
So let's make a file.
I'm just going to make Ah Well, just echo another text document.
Right?
So we'll just say hello.
And actually, I type that it backwards.
So hello.
And we'll call it hello dot text Sophie l s here by default.
We only have read, write and then read access for everybody else.
Meaning if we wanted to read it, we could say cat, which we're going to get into later.
Ah, cat hello dot Techs just says hello.
So what can we do here?
What we can use something called change mode in changing modus C h m o d.
And we have a couple options here so we can do a plus right?
And we could say, Well, we want read right, execute or we just want execute.
Um, but another way, I like doing it is you have a number feature.
So the one you really need to know is all seven seven's gives you full rewrite access across the board.
So if we say ch mod 777 hello dot text Now we l s l A and you notice that hello dot text turns green.
That means it is full rewrite.
And here you go.
We've got the dash here saying it's a file and we got read right, execute across the board.
So this is how we change file permissions.
You don't need to necessarily know about the other numbers In terms of penetration testing, it becomes more in terms of configuration and security management of files.
If you were to get down that path, so to stay on the easiest path, just remember, 777 or plus X will work as well, so changing the mode is critical and we're gonna cover it time and time again throughout the course.
Ah, once we get a little bit deeper.
So a couple more things we need to talk about say, we wanted to add a new user.
Well, there's a feature called Add User.
So we say add user and one, er, two names is allowed, so we need to add User John.
Okay, so it made something for John.
Let's give him a password.
Give him the password again, and we'll just hit enter for the defaults.
It's all correct.
Okay, so we now have a user named John, and we can confirm that we can actu