Linux Basics
In order to become a good ethical hacker or penetration tester, you need to be conversant with
Linux, which is by far one of the most powerful operating systems. Linux is really good for ethical
hacking and penetration testing because it is compatible with a wide variety of related tools and
software, whereas other operating systems such as Mac and Windows support fewer of these software
and tools. In this chapter, I will teach you some of the very basics of operating a Linux OS. If
you are already familiar with Linux basics, you can skip this chapter.
One of the most common questions asked in many forums is “Which Linux distro should I
use?” As there are tons of Linux distros such as Ubuntu, Fedora, Knoppix, and BackTrack you
can use any Linux distro you want as all work in a similar manner. However, I suggest you use
BackTrack if you really wish to dig deeper into this subject because it is all encompassing from a
penetration tester’s perspective.
Major Linux Operating Systems
Before talking about BackTrack, let’s take a look at some of the Linux-based distros that you will
encounter very often:
Redhat Linux—Used mostly for administration purpose.
Debian Linux—Designed for using only in open source software.
Ubuntu Linux—Designed mostly for personal use.
Mac OS X—Used in all Apple computers.
Solaris—Used in many commercial environments.
BackTrack Linux—Used mostly for penetration testing.
File Structure inside of Linux
On a Linux system, most everything is a file, and if it is not a file, then it is a process.
Here is a general diagram for file structure in Linux.
There are certain exceptions in a Linux file system
Directories—Files that are lists of other files.
Special file—The mechanism used for inout and output. /dev are special files.
Links—A system to make file or directory visible in multiple parts of the systems.
Sockets—A special file type, similar to TCP/IP sockets providing inter-process networking.
Pipes—More or less like sockets; they form a way for process to communicate with each other
with out using network socket.
Subdirectories of the root directory:
Directory Content
/bin -Common programs, shared by the system, the system administrator, and
the users.
/boot -The startup files and the kernel, vmlinuz. In some recent distributions also grub data. Grub is the GRand Unified Boot loader and is an attempt to get rid of the many different boot-loaders we know today.
/dev -Contains references to all the CPU peripheral hardware, which are represented as files with special properties.
/etc -Most important system configuration files are in/etc., this directory contains data similar to those in the Control Panel in Windows
/home- Home directories of the common users.
/initrd -(on some distributions) Information for booting. Do not remove!
/lib -Library files, includes files for all kinds of programs needed by the system and the users.
/lost+found -Every partition has a lost+found in its upper directory. Files that were saved during failures are here.
/misc -For miscellaneous purposes.
/mnt -Standard mount point for external file systems, for example, a CD-ROM or a digital camera.
/net -Standard mount point for entire remote file systems.
/opt -Typically contains extra and third-party software.
/proc -A virtual file system containing information about system resources. More information about the meaning of the files in proc is obtained by entering the command man proc in a terminal window. The file proc.txt discusses the virtual file system in detail.
/root- The administrative user’s home directory. Mind the difference between /,the root directory and /root, the home directory of the root user.
/sbin -Programs for use by the system and the system administrator.
/tmp -Temporary space for use by the system, cleaned upon reboot, so don’t use this for saving any work!
/usr -Programs, libraries, documentation, etc., for all user-related programs.
/var -Storage for all variable files and temporary files created by users, such as log files, the mail queue, the print spooler area, space for temporary storage of files downloaded from the Internet, or to keep an image of a CD before burning it.
File Permission in Linux
Although there are already a lot of good security features built into Linux-based systems, based
upon the need for proper permissions, I will go over the ways to assign permissions and show you
some examples where modification may be necessary. Wrong file permission may open a door for attackers in your system.
Group Permission
Owner—The Owner permissions apply only the owner of the file or directory; they will not
impact the actions of other users.
Group—The Group permissions apply only to the group that has been assigned to the file or
directory; they will not affect the actions of other users.
All User/Other—The All Users permissions apply to all other users on the system; this is the
permission group that you want to watch the most.
Each file or directory has three basic permission types:
Read—The Read permission refers to a user’s capability to read the contents of the file.
Write—The Write permissions refer to a user’s capability to write or modify a file or directory.
Execute—The Execute permission affects a user’s capability to execute a file or view the contents
of a directory.
Let’s see how it works.
File permission is in following format.
Owner Group Other/all
root@Net:~# ls -al
We will talk about aforementioned command later on in this chapter.
-rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run
drwx------ 2 ali tut 4096 Oct 25 2012 cache
File auto run permission
-—No special permissions
rwx—Owner (net) having read, write, and execute permission while group (tut) having read
and execute and other also having same permission.
File cahe permission
d—Represent directory
rwx—Owner (ali) having read, write, and execute permission while group (tut) and other/all
does not have any permission for accessing or reading this file.
Linux Advance/Special Permission
l—The file or directory is a symbolic link
s—This indicated the setuid/setgid permissions. Represented as a s in the read portion of the
owner or group permissions.
t—This indicates the sticky bit permissions. Represented as a t in the executable portion of the
all users permissions
i—chatter Making file unchangeable
There are two more which mostly used by devices.
c—Character device
b—Block device (i.e., hdd)
Let’s go through some examples
Link Permission
root@net:~#ln -s new /root/link
root@net:~#ls -al
lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new
link is created for a file name called new (link is symbolic for file name new)
Suid & Guid Permission
setuid (SUID)—This is used to grant root level access or permissions to users
When an executable is given setuid permissions, normal users can execute the file with root level or
owner privileges. Setuid is commonly used to assign temporarily privileges to a user to accomplish
a certain task. For example, changing a user’s password would require higher privileges, and in this
case, setuid can be used.
setgid (SGID)—This is similar to setuid, the only difference being that it’s used in the context
of a group, whereas setuid is used in the context of a user.
root@net:~#chmod u+s new
root@net:~#ls -al
-rwSr--r-- 1 ali ali 13 Mar 18 07:54 new
Capital S shows Suid for this file.
root@net:~#chmod g+s guid-demo
root@net:~#ls -al
-rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo
Capital S shows Guid for guid-demo file and capital S is in group section.
Stickybit Permission
This is another type of permission; it is mostly used on directories to prevent anyone other than
the “root” or the “owner” from deleting the contents.
root@net:~#chmod +t new
root@net:~#ls -al
-rw-r--r-T 1 ali ali 13 Mar 18 07:54 new
Capital T shows that stickybit has been set for other user (only owner or root user can delete files)
Chatter Permission
root@net:~#lsattr
---------------- ./new
root@net:~#chattr +i new
root@net:~#lsattr
----i----------- ./new
Small i shows that this file is unchangeable and lsattr is a command to check if there is chattr on file.
Before we end up with file permission, let’s have little look about numerical file permission.
r = 4
w = 2
x = 1
The sum of those aforementioned values manipulates the file permission accordingly, that is,
root@net:~# ls -al
-rw-r--r-- 1 ali ali 13 Mar 18 07:54 new
Here other user only having “read” permission so what we are going to do is to change it into read
and write but not execute.
root@net:~#chmod 646 new
root@net:~#ls -al
-rw-r--rw- 1 root root 13 Mar 18 07:54 new
Let’s explore a bit more into it, we want read + write permission so 4 + 2 = 6 that’s mean read and write.
Hope it is clear now how to set permission on a file and what it does.
Most Common and Important Commands
ls: list directory contents
cd: changes directories
rm: remove files or directories
chmod: change file mode bits, from read to write and vise versa
chown: change ownership of a file
chgrp: change group ownership
screen: screen manager with VT100/ANSI terminal emulation, create background process
with terminal emulator.
ssh: secure shell for remote connection
man: manual/help
pwd: print name of current/working directory.
cd..: moves up one directory
mkdir: create a new directory
rmdir: remove director
locate: find a file with in directory or system
whereis: find a file with in system
cp: copy file
mv: move file/directory or rename a file or directory
mount: mount device such as cdrom/usb
zip: compress directory/files
umount: umount(eject) the usb
df: list partation table
cat: concatenate the file
ifconfig: show interface details
w: Show who is logged on and what they are doing
top: show system task manager
netstat: show local or remote established connection
nslookup: query Internet name servers interactively
dig: dns utility
touch: create a file
nano: file editor
vi: vim file editor
free -h: check free memoryruns.
Linux Scheduler (Cron Job)
Cron is a utility that helps us create schedule to perform a certain task/command. As we know that
/etc having configuration files for most of the services same as for cron.
We will just go through a quick review of how does it work and how do we set it up.
The following is the hierarchy for it.
# * * * * * command to execute
# ┬ ┬ ┬ ┬ ┬
# │ │ │ │ │
# │ │ │ │ │
# │ │ │ │ └───── day of week (0–6) (0–6 are Sunday to Saturday,
or use names; 0 is Sunday)
# │ │ │ └────────── month (1–12)
# │ │ └─────────────── day of month (1–31)
# │ └──────────────────── hour (0–23)
# └───────────────────────── min (0–59)
It’s pretty simple and easy to understand; aforementioned hierarchy is self-explanatory.
First * represent min 0-59
Second * represent hour 0-23
Third * represent day of month 1-31
Forth * represent month 1-12
Fifth * represent day of week 0-6
Cron Permission
Two files play important role in cron.
Cron Permission
Two files play important role in cron.
cron.allow
cron.deny
If these files exist, then they impose some restriction accordingly on users. That is, if a user is in deny
list, so he/she won’t be able to schedule any job/task and if user is in allowed list then she/he will be
able to add schedule job/task. All we have to do is just add user name in either of these two files.
Cron Files
Cron.daily
Cron.hourly
Cron.weekly
Cron.monthly
/etc/crontab: system-wide crontab
root@net:~#cat /etc/crontab
# /etc/crontab: system-wide crontab
# Unlike any other crontab you don’t have to run the 'crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts
--report /etc/cron.daily )
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts
--report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts
--report /etc/cron.monthly )
This is the output for crontab file; in other words, cron.hourly , cron.daily , cron.
weekly , cron.monthly are symlink of crontab.
Let’s say I would like to run a schedule at 12Am daily basis .
root@net:~#vi /etc/cron.daily/logs
0 0 * * * /home/network/log.pl
Save and exit.
Execute a job in every 5 seconds
Cron does not provide this feature by default. For this, we need to write up a small bash script
to accomplish this task by using the “sleep” command
cat seconds.sh
#!/bin/bash
while true
do
/home/cron/seconds.sh
sleep 5
done
root@net:~#chmod +x seconds.sh
root@net:~#nohup ./seconds.sh &
This command will exit if any error occurred and & signed will put the process in background.
Execute a job in every 4 minutes
If we specify * in the first field, it will run in every minute, it is not the way we want it so we
need to add */4 in the along with asterisk. If you wish to run in every 30 min, just add */30
root@net:~#vi cron.daily/logs-min
*/4 * * * * /home/network/log-min.pl
Save and exit.
Execute a job in every 4 hours
If we specify * in the second field, it will run in every hour; this is not what we want it, so we
need to add */4 along with asterisk. If you wish to run in every 15 hours, just add */15
root@net:~#vi cron.hourly/logs-hour
* */4 * * * /home/network/log-hourly.pl
Save and exit.
Execute a job in every 4th weekdays
The fifth field is DOW (day of the week). If we specify * in the fifth field, it will run in every
day. So we need to specify the specific day on which we want to run schedule. In the example, we
want to run schedule on every Thursday.
root@net:~#vi cron.week/logs-week
* * * * 4 /home/network/log-week.pl
OR
* * * * Thu /home/network/log-week.pl
Save and exit.
Execute a job in every 4 months
The third field is DOM (day of the month). If we specify * in the third field, it will run in
every day of month. So we need to specify the specific day on which we want to run schedule. The
fourth field is for month; If we specify * in the fourth field, it will run in every month. So we need
to specify the specific day and month on which we want to run schedule. In the example, we want
to run schedule on every first day of oct.
root@net:~#vi cron.week/logs-week
* * 1 4 * /home/network/log-month.pl
OR
* * 1 apr * /home/network/log-month.pl
Save and exit.
Note: If you want to assign a range like Jan to Nov then you will need to specify month as 1–11 .
Users inside of Linux
Let’s talk about users inside of Linux. The users inside of Linux are stored inside the /etc/passwd
file. So here is what the contents of the /etc/passwd file look like:
Labels: LINUX BASICS




0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home