Friday, January 22, 2021

                           Linux Basics

In order to become a good ethical hacker or penetration tester, you need to be conversant with

Linux, which is by far one of the most powerful operating systems. Linux is really good for ethical

hacking and penetration testing because it is compatible with a wide variety of related tools and

software, whereas other operating systems such as Mac and Windows support fewer of these software

and tools. In this chapter, I will teach you some of the very basics of operating a Linux OS. If

you are already familiar with Linux basics, you can skip this chapter.

One of the most common questions asked in many forums is “Which Linux distro should I

use?” As there are tons of Linux distros such as Ubuntu, Fedora, Knoppix, and BackTrack you

can use any Linux distro you want as all work in a similar manner. However, I suggest you use

BackTrack if you really wish to dig deeper into this subject because it is all encompassing from a

penetration tester’s perspective.

Major Linux Operating Systems

Before talking about BackTrack, let’s take a look at some of the Linux-based distros that you will

encounter very often:

Redhat Linux—Used mostly for administration purpose.

Debian Linux—Designed for using only in open source software.

Ubuntu Linux—Designed mostly for personal use.

Mac OS X—Used in all Apple computers.

Solaris—Used in many commercial environments.

BackTrack Linux—Used mostly for penetration testing.

File Structure inside of Linux

On a Linux system, most everything is a file, and if it is not a file, then it is a process.

Here is a general diagram for file structure in Linux.


There are certain exceptions in a Linux file system

Directories—Files that are lists of other files.

Special file—The mechanism used for inout and output. /dev are special files.

Links—A system to make file or directory visible in multiple parts of the systems.

Sockets—A special file type, similar to TCP/IP sockets providing inter-process networking.

Pipes—More or less like sockets; they form a way for process to communicate with each other

with out using network socket.

Subdirectories of the root directory:

Directory Content

/bin -Common programs, shared by the system, the system administrator, and

the users.

/boot -The startup files and the kernel, vmlinuz. In some recent distributions also grub data. Grub is the GRand Unified Boot loader and is an attempt to get rid of the many different boot-loaders we know today.

/dev -Contains references to all the CPU peripheral hardware, which are represented as files with special properties.

/etc -Most important system configuration files are in/etc., this directory contains data similar to those in the Control Panel in Windows

/home- Home directories of the common users.

/initrd -(on some distributions) Information for booting. Do not remove!

/lib -Library files, includes files for all kinds of programs needed by the system and the users.

/lost+found -Every partition has a lost+found in its upper directory. Files that were saved during failures are here.

/misc -For miscellaneous purposes.

/mnt -Standard mount point for external file systems, for example, a CD-ROM or a digital camera.

/net -Standard mount point for entire remote file systems.

/opt -Typically contains extra and third-party software.

/proc -A virtual file system containing information about system resources. More information about the meaning of the files in proc is obtained by entering the command man proc in a terminal window. The file proc.txt discusses the virtual file system in detail.

/root- The administrative user’s home directory. Mind the difference between /,the root directory and /root, the home directory of the root user.

/sbin -Programs for use by the system and the system administrator.

/tmp -Temporary space for use by the system, cleaned upon reboot, so don’t use this for saving any work!

/usr -Programs, libraries, documentation, etc., for all user-related programs.

/var -Storage for all variable files and temporary files created by users, such as log files, the mail queue, the print spooler area, space for temporary storage of files downloaded from the Internet, or to keep an image of a CD before burning it.

File Permission in Linux

Although there are already a lot of good security features built into Linux-based systems, based

upon the need for proper permissions, I will go over the ways to assign permissions and show you

some examples where modification may be necessary. Wrong file permission may open a door for attackers in your system.

Group Permission

Owner—The Owner permissions apply only the owner of the file or directory; they will not

impact the actions of other users.

Group—The Group permissions apply only to the group that has been assigned to the file or

directory; they will not affect the actions of other users.

All User/Other—The All Users permissions apply to all other users on the system; this is the

permission group that you want to watch the most.

Each file or directory has three basic permission types:

Read—The Read permission refers to a user’s capability to read the contents of the file.

Write—The Write permissions refer to a user’s capability to write or modify a file or directory.

Execute—The Execute permission affects a user’s capability to execute a file or view the contents

of a directory.

Let’s see how it works.

File permission is in following format.

Owner Group Other/all

root@Net:~# ls -al

We will talk about aforementioned command later on in this chapter.

-rwxr-xr-x 1 net tut 77 Oct 24 11:51 auto run

drwx------ 2 ali tut 4096 Oct 25 2012 cache

File auto run permission

-—No special permissions

rwx—Owner (net) having read, write, and execute permission while group (tut) having read

and execute and other also having same permission.

File cahe permission

d—Represent directory

rwx—Owner (ali) having read, write, and execute permission while group (tut) and other/all

does not have any permission for accessing or reading this file.

Linux Advance/Special Permission

l—The file or directory is a symbolic link

s—This indicated the setuid/setgid permissions. Represented as a s in the read portion of the

owner or group permissions.

t—This indicates the sticky bit permissions. Represented as a t in the executable portion of the

all users permissions

i—chatter Making file unchangeable

There are two more which mostly used by devices.

c—Character device

b—Block device (i.e., hdd)

Let’s go through some examples

Link Permission

root@net:~#ln -s new /root/link

root@net:~#ls -al

lrwxrwxrwx 1 ali ali 3 Mar 18 08:09 link -> new

link is created for a file name called new (link is symbolic for file name new)

Suid & Guid Permission

setuid (SUID)—This is used to grant root level access or permissions to users

When an executable is given setuid permissions, normal users can execute the file with root level or

owner privileges. Setuid is commonly used to assign temporarily privileges to a user to accomplish

a certain task. For example, changing a user’s password would require higher privileges, and in this

case, setuid can be used.

setgid (SGID)—This is similar to setuid, the only difference being that it’s used in the context

of a group, whereas setuid is used in the context of a user.

root@net:~#chmod u+s new

root@net:~#ls -al

-rwSr--r-- 1 ali ali 13 Mar 18 07:54 new

Capital S shows Suid for this file.

root@net:~#chmod g+s guid-demo

root@net:~#ls -al

-rw-r-Sr-- 1 ali ali 0 Mar 18 09:13 guid-demo

Capital S shows Guid for guid-demo file and capital S is in group section.

Stickybit Permission

This is another type of permission; it is mostly used on directories to prevent anyone other than

the “root” or the “owner” from deleting the contents.

root@net:~#chmod +t new

root@net:~#ls -al

-rw-r--r-T 1 ali ali 13 Mar 18 07:54 new

Capital T shows that stickybit has been set for other user (only owner or root user can delete files)

Chatter Permission

root@net:~#lsattr

---------------- ./new

root@net:~#chattr +i new

root@net:~#lsattr

----i----------- ./new

Small i shows that this file is unchangeable and lsattr is a command to check if there is chattr on file.

Before we end up with file permission, let’s have little look about numerical file permission.

r = 4

w = 2

x = 1

The sum of those aforementioned values manipulates the file permission accordingly, that is,

root@net:~# ls -al

-rw-r--r-- 1 ali ali 13 Mar 18 07:54 new

Here other user only having “read” permission so what we are going to do is to change it into read

and write but not execute.

root@net:~#chmod 646 new

root@net:~#ls -al

-rw-r--rw- 1 root root 13 Mar 18 07:54 new

Let’s explore a bit more into it, we want read + write permission so 4 + 2 = 6 that’s mean read and write.

Hope it is clear now how to set permission on a file and what it does.

Most Common and Important Commands

ls: list directory contents

cd: changes directories

rm: remove files or directories

chmod: change file mode bits, from read to write and vise versa

chown: change ownership of a file

chgrp: change group ownership

screen: screen manager with VT100/ANSI terminal emulation, create background process

with terminal emulator.

ssh: secure shell for remote connection

man: manual/help

pwd: print name of current/working directory.

cd..: moves up one directory

mkdir: create a new directory

rmdir: remove director

locate: find a file with in directory or system

whereis: find a file with in system

cp: copy file

mv: move file/directory or rename a file or directory

mount: mount device such as cdrom/usb

zip: compress directory/files

umount: umount(eject) the usb

df: list partation table

cat: concatenate the file

ifconfig: show interface details

w: Show who is logged on and what they are doing

top: show system task manager

netstat: show local or remote established connection

nslookup: query Internet name servers interactively

dig: dns utility

touch: create a file

nano: file editor

vi: vim file editor

free -h: check free memoryruns.

Linux Scheduler (Cron Job)

Cron is a utility that helps us create schedule to perform a certain task/command. As we know that

/etc having configuration files for most of the services same as for cron.

We will just go through a quick review of how does it work and how do we set it up.

The following is the hierarchy for it.

# * * * * * command to execute

# ┬ ┬ ┬ ┬ ┬

# │ │ │ │ │

# │ │ │ │ │

# │ │ │ │ └───── day of week (0–6) (0–6 are Sunday to Saturday,

or use names; 0 is Sunday)

# │ │ │ └────────── month (1–12)

# │ │ └─────────────── day of month (1–31)

# │ └──────────────────── hour (0–23)

# └───────────────────────── min (0–59)

It’s pretty simple and easy to understand; aforementioned hierarchy is self-explanatory.

First * represent min 0-59

Second * represent hour 0-23

Third * represent day of month 1-31

Forth * represent month 1-12

Fifth * represent day of week 0-6

Cron Permission

Two files play important role in cron.

Cron Permission

Two files play important role in cron.

cron.allow

cron.deny

If these files exist, then they impose some restriction accordingly on users. That is, if a user is in deny

list, so he/she won’t be able to schedule any job/task and if user is in allowed list then she/he will be

able to add schedule job/task. All we have to do is just add user name in either of these two files.

Cron Files

Cron.daily

Cron.hourly

Cron.weekly

Cron.monthly

/etc/crontab: system-wide crontab

root@net:~#cat /etc/crontab

# /etc/crontab: system-wide crontab

# Unlike any other crontab you don’t have to run the 'crontab'

# command to install the new version when you edit this file

# and files in /etc/cron.d. These files also have username fields,

# that none of the other crontabs do.

SHELL=/bin/sh

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

# m h dom mon dow user command

17 * * * * root cd / && run-parts --report /etc/cron.hourly

25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.daily )

47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.weekly )

52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts

--report /etc/cron.monthly )

This is the output for crontab file; in other words, cron.hourly , cron.daily , cron.

weekly , cron.monthly are symlink of crontab.

Let’s say I would like to run a schedule at 12Am daily basis .

root@net:~#vi /etc/cron.daily/logs

0 0 * * * /home/network/log.pl

Save and exit.

Execute a job in every 5 seconds

Cron does not provide this feature by default. For this, we need to write up a small bash script

to accomplish this task by using the “sleep” command

cat seconds.sh

#!/bin/bash

while true

do

/home/cron/seconds.sh

sleep 5

done

root@net:~#chmod +x seconds.sh

root@net:~#nohup ./seconds.sh &

This command will exit if any error occurred and & signed will put the process in background.

Execute a job in every 4 minutes

If we specify * in the first field, it will run in every minute, it is not the way we want it so we

need to add */4 in the along with asterisk. If you wish to run in every 30 min, just add */30

root@net:~#vi cron.daily/logs-min

*/4 * * * * /home/network/log-min.pl

Save and exit.

Execute a job in every 4 hours

If we specify * in the second field, it will run in every hour; this is not what we want it, so we

need to add */4 along with asterisk. If you wish to run in every 15 hours, just add */15

root@net:~#vi cron.hourly/logs-hour

* */4 * * * /home/network/log-hourly.pl

Save and exit.

Execute a job in every 4th weekdays

The fifth field is DOW (day of the week). If we specify * in the fifth field, it will run in every

day. So we need to specify the specific day on which we want to run schedule. In the example, we

want to run schedule on every Thursday.

root@net:~#vi cron.week/logs-week

* * * * 4 /home/network/log-week.pl

OR

* * * * Thu /home/network/log-week.pl

Save and exit.

Execute a job in every 4 months

The third field is DOM (day of the month). If we specify * in the third field, it will run in

every day of month. So we need to specify the specific day on which we want to run schedule. The

fourth field is for month; If we specify * in the fourth field, it will run in every month. So we need

to specify the specific day and month on which we want to run schedule. In the example, we want

to run schedule on every first day of oct.

root@net:~#vi cron.week/logs-week

* * 1 4 * /home/network/log-month.pl

OR

* * 1 apr * /home/network/log-month.pl

Save and exit.

Note: If you want to assign a range like Jan to Nov then you will need to specify month as 1–11 .

Users inside of Linux

Let’s talk about users inside of Linux. The users inside of Linux are stored inside the /etc/passwd

file. So here is what the contents of the /etc/passwd file look like:

So, let’s try to understand what the sample entry means. The output for the first line looks like
this:
root:x:0:0:root:/root:/bin/bash
◾◾ The “root” is the username.
◾◾ The root is followed by x, which means that the password is moved inside the shadow file,
which we will discuss next.
◾◾ Next is the UID of the user, which is (0) for root, followed by the groupid (0) primary group
the user belongs to. In this case, the user belongs to root.
◾◾ Next is the space for comments, which an administrator may want to store.
       ◾◾ It is then followed by the absolute path of the home directory, which is also the starting location
of the command line.
More about the /etc/passwd file:
◾◾ In a standard /etc/passwd file, most of the users would be default users like bin/adm and
mail.
◾◾ All the Unix/Linux users are identified by a user id, which starts at 0 and increments from
there with some jumps in between. Any user with uid 0 has root level privileges.
◾◾ The nondefault users generally have UIDs starting from 500 or 1000, and increment from
there.
◾◾ Inside of the /etc/passwd file, some users would have /false at the end, which means that
those users cannot have an interactive login session.
Common Applications of Linux
Here are some of the common applications that you would most probably encounter with any
Linux flavor you use:
◾◾ Apache—This is an open source web server. Most of the web runs on the Apache web server.
◾◾ MySQL—This is the most popular database used in Unix-based systems.
◾◾ Sendmail—This is a free Linux-based mail server. It is available inside both open source and
commercial versions.
◾◾ Postfix—This can be used as a send-mail alternative.
◾◾ PureFTP—This is the default ftp server used for almost all Unix-based systems.
◾◾ Samba—This provides file and printer sharing services. The best part is that it can easily
integrate with Windows-based systems.

Labels:

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home