Linux Fundamentals - Part 2
Task 1 - Intro
In this course we'll be going through a walk-thru of Linux Operators and Advanced File Operators, deploy your machine, and let's login!
No tasks for this section we need to respond to.
Task 2 - SSH - Intro
Quick run thru of SSH. This tool is going to be our main method for connecting to our vulnerable systems on the TryHackMe platform.
ssh (SSH client) is a program for logging into a remote machine and for executing commands on a remote machine. It is intended to provide secure encrypted communications between two un‐trusted hosts over an insecure network. X11 connections, arbitrary TCP ports and UNIX-domain sockets can also be forwarded over the secure channel.
ssh connects and logs into the specified destination, which may be specified as either [user@]hostname or a URI of the form ssh://[user@]hostname[:port]. The user must prove his/her identity to the remote machine using one of several methods (see below).
No tasks for this section we need to respond to.
Task 3 - PuTTY and SSH
Run through of PuTTY and SSH.
No tasks for this section we need to respond to.
Task 4 - "&&"
The parameter && is used to concatenate two sets of commands together, and will only execute the command following the && if the first command returns a value of true.
No tasks for this section we need to respond to.
Task 5 - "&"
The parameter & will run a job in the background. Usually you are unable to run a command while it takes its time to execute, but putting it in the background using & allows you to run other commands AND execute your command that was put in the background.
Example:
Task 6 - "$"
We are now taking a look at the $ operator for Linux, this operator refers to environment variables. We are able to create our own environment variables by doing export <varname>=<value> and it will create a correlating variable with its associated value.
Chmod
chmod <file> <permission>
The first digit controls the permissions for the user that owns the file The second digit controls the permission for a group The third digit controls permissions for everyone that's not a part of the user or group
| Number | Permission set |
|---|---|
1 | That file can be executed |
2 | That file can be written |
3 | That file can be written to and executed |
4 | That file can be read |
5 | That file can be read and executed |
6 | That file can be read and written to |
7 | That file can be read, written to, and executed |
Examples
| Command | Meaning |
|---|---|
chmod 341 file | The file can be executed and written to by the user that owns the file - The file can be read by the group that owns the file - The file can be executed by everyone else. |
chmod 777 file | The file can be read, written to, and executed by the user that owns the file - The file can be read, written to, and executed by the group that owns the file - The file can be read, written to, and executed by everyone else |
chmod 455 | The file can be read by the user that owns the file - The file can be read and executed by the group that owns the file - The file can be read to and executed by everyone else |
chmod
Examples:
chmod user:group file
chmod shiba2:shiba2 test.txt
You can use chown on just a user, and not add a group, example:
chown shiba2 file
To recursively operate on every file, use -R
ln
"Hard linking", which completely duplicates the file, and links the duplicate to the original copy. Meaning What ever is done to the created link, is also done to the original file. The ln syntax is:
ln source destination
The syntax for a symbolic link is the exact same, but it uses the -s flag, so to create a symbolic link, you would run:
ln -s <file> <destination>.
find
Examples:
find dir -user
to list every file owned by a specific user;
find dir -group
you can use find dir -group
grep
Note: You can search multiple files at the same time, meaning you can theoretically do:
grep <string> <file> <file2>
For instance let's say you know have the file name of test1234, but you don't know where it is on the system. find can be used to list every file on the OS, and grep can be used to find the actual file.
find / | grep test1234
find / shiba4 | grep shiba4 > findme.txt
sudo
How would I run whoami as user jen? sudo -u jen whoami
How do you list your current sudo privileges(what commands you can run, who you can run them as etc.) sudo -l
adduser | addgroup
dduser <username> addgroup <groupname>
usermod -a -G <groups seperated by commas> <user> Meaning if I wanted to add the user noot to b I would run usermod -a -G b noot.
sudo usermod -a -G test test
Important Files & Directories
/etc/passwd - Stores user information - Often used to see all the users on a system
/etc/shadow - Has all the passwords of these users
/tmp - Every file inside it gets deleted upon shutdown - used for temporary files
/etc/sudoers - Used to control the sudo permissions of every user on the system -
/home - The directory where all your downloads, documents etc are. - The equivalent on Windows is C:\Users\<user>
/root - The root user's home directory - The equivilent on Windows is C:\Users\Administrator
/usr - Where all your software is installed
/bin and /sbin - Used for system critical files - DO NOT DELETE
/var - The Linux miscellaneous directory, a myriad of processes store data in /var
$PATH - Stores all the binaries you're able to run - same as $PATH on Windows
ps
To view a list of all system processes, you have to use the -ef flag
To kill a process, run the following: kill <PID>
Pentest Challenge (with pivot)
Reveiewed /etc/passwd
Reviewed /etc/shadow
Reviewed /var/log
Found a log file named test1234, with read permissions for shiba2
Logged in to shiba2, read /var/log/test1234
Found password for nootnoot, badabing
User was in sudoers file, used sudo -i to gain root privs