Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:02,280 --> 00:00:07,750
commandline fun in this module we'll
2
00:00:06,070 --> 00:00:09,879
take an introductory look at a few
3
00:00:07,750 --> 00:00:12,550
popular linux command line programs
4
00:00:09,879 --> 00:00:14,950
please refer to the kali linux training
5
00:00:12,550 --> 00:00:17,610
site for a refresher or more in-depth
6
00:00:14,950 --> 00:00:17,610
discussion
7
00:00:18,380 --> 00:00:23,780
the Bosch environment Bosch is a shell
8
00:00:21,470 --> 00:00:25,580
that allows us to run complex commands
9
00:00:23,780 --> 00:00:28,190
and perform different tasks from a
10
00:00:25,580 --> 00:00:30,080
terminal window it incorporates useful
11
00:00:28,190 --> 00:00:32,830
features from both the corn shell and
12
00:00:30,080 --> 00:00:32,830
sea shell
13
00:00:33,130 --> 00:00:38,810
environment variables when opening a
14
00:00:36,620 --> 00:00:41,030
terminal window a new Bosch process
15
00:00:38,810 --> 00:00:44,690
which has its own environment variables
16
00:00:41,030 --> 00:00:46,910
is initialized these variables are a
17
00:00:44,690 --> 00:00:49,309
form of global storage for various
18
00:00:46,910 --> 00:00:51,230
settings inherited by any applications
19
00:00:49,309 --> 00:00:53,540
that are run during that terminal
20
00:00:51,230 --> 00:00:55,580
session one of the most commonly
21
00:00:53,540 --> 00:00:58,400
referenced environment variables is path
22
00:00:55,580 --> 00:01:00,770
which is a colon separated list of
23
00:00:58,400 --> 00:01:02,750
directory paths that Bosch will search
24
00:01:00,770 --> 00:01:05,540
through whenever a command is run
25
00:01:02,750 --> 00:01:07,640
without a full path we can view the
26
00:01:05,540 --> 00:01:10,070
contents of a given environment variable
27
00:01:07,640 --> 00:01:12,619
with the echo command followed by the
28
00:01:10,070 --> 00:01:15,740
dollar sign character and an environment
29
00:01:12,619 --> 00:01:17,509
variable name for example let's examine
30
00:01:15,740 --> 00:01:21,830
the contents of the path environment
31
00:01:17,509 --> 00:01:27,940
variable some other useful environment
32
00:01:21,830 --> 00:01:30,320
variables include user PWD and home
33
00:01:27,940 --> 00:01:33,170
which hold the values of the current
34
00:01:30,320 --> 00:01:35,240
terminal users user name present working
35
00:01:33,170 --> 00:01:38,780
directory and home directory
36
00:01:35,240 --> 00:01:41,060
respectively we can define an
37
00:01:38,780 --> 00:01:44,090
environment variable with the export
38
00:01:41,060 --> 00:01:45,770
command for example if we are scanning a
39
00:01:44,090 --> 00:01:48,649
target and don't want to type in the
40
00:01:45,770 --> 00:01:50,479
system's IP address repeatedly we can
41
00:01:48,649 --> 00:01:54,190
quickly assign it an environment
42
00:01:50,479 --> 00:01:54,190
variable and use that instead
43
00:01:56,479 --> 00:02:01,280
the export command makes the variable
44
00:01:58,820 --> 00:02:05,270
accessible to any subprocesses we might
45
00:02:01,280 --> 00:02:06,740
spawn from our current bash instance
46
00:02:05,270 --> 00:02:09,709
if we set an environment variable
47
00:02:06,740 --> 00:02:12,650
without export it will only be available
48
00:02:09,709 --> 00:02:14,660
in the current shell let's launch
49
00:02:12,650 --> 00:02:17,780
another instance of bash and try to
50
00:02:14,660 --> 00:02:20,030
display the variable again
51
00:02:17,780 --> 00:02:23,150
since we defined our variable without
52
00:02:20,030 --> 00:02:26,380
the export command we can't access it in
53
00:02:23,150 --> 00:02:26,380
the new bash instance
54
00:02:27,790 --> 00:02:32,049
after exiting back to our original bash
55
00:02:29,650 --> 00:02:35,349
session we have access to the variable
56
00:02:32,049 --> 00:02:39,599
again now let's see what happens when we
57
00:02:35,349 --> 00:02:39,599
use export to define a variable
58
00:02:40,330 --> 00:02:45,130
nothing has changed so far but let's see
59
00:02:43,240 --> 00:02:47,820
what happens when we launch a new Bosch
60
00:02:45,130 --> 00:02:47,820
instance
61
00:02:48,870 --> 00:02:54,860
this time we can access the variable
62
00:02:51,900 --> 00:02:54,860
from the new instance
63
00:02:55,830 --> 00:02:59,760
there are many other environment
64
00:02:57,420 --> 00:03:03,390
variables defined by default in kali
65
00:02:59,760 --> 00:03:06,900
linux we can view these by running env
66
00:03:03,390 --> 00:03:09,300
at the command line take some time to
67
00:03:06,900 --> 00:03:12,500
review an experiment with predefined
68
00:03:09,300 --> 00:03:12,500
environment variables
69
00:03:14,569 --> 00:03:20,239
tab-completion the bash shell
70
00:03:17,769 --> 00:03:22,730
autocomplete function allows us to
71
00:03:20,239 --> 00:03:25,489
complete filenames and directory paths
72
00:03:22,730 --> 00:03:28,040
with the tab key this is such a
73
00:03:25,489 --> 00:03:30,970
time-saver that makes other shells which
74
00:03:28,040 --> 00:03:33,439
lack this feature feel clumsy and slow
75
00:03:30,970 --> 00:03:35,540
let's take a look at how this works from
76
00:03:33,439 --> 00:03:37,640
the callee user home directory
77
00:03:35,540 --> 00:03:41,090
we'll start by typing the following
78
00:03:37,640 --> 00:03:44,239
command when we hit the tab key the
79
00:03:41,090 --> 00:03:46,310
first time after D bash suggests that
80
00:03:44,239 --> 00:03:48,439
there are three directories starting
81
00:03:46,310 --> 00:03:51,709
with that letter then presents our
82
00:03:48,439 --> 00:03:54,590
partially completed command for us since
83
00:03:51,709 --> 00:03:57,950
we decide to specify desktop will type e
84
00:03:54,590 --> 00:04:00,019
followed by the tab key again at this
85
00:03:57,950 --> 00:04:02,090
point the bash shell magically Auto
86
00:04:00,019 --> 00:04:04,639
completes the rest of the word desktop
87
00:04:02,090 --> 00:04:08,299
as this is the only choice that starts
88
00:04:04,639 --> 00:04:11,049
with de refer to your lab guide for more
89
00:04:08,299 --> 00:04:11,049
information
90
00:04:12,390 --> 00:04:18,239
bash history tricks when engaged in a
91
00:04:16,109 --> 00:04:19,950
penetration test it's important to keep
92
00:04:18,239 --> 00:04:21,560
a record of commands that have been
93
00:04:19,950 --> 00:04:24,060
entered into the shell
94
00:04:21,560 --> 00:04:26,070
fortunately bash maintains a record of
95
00:04:24,060 --> 00:04:27,360
commands that have been entered which
96
00:04:26,070 --> 00:04:29,199
can be displayed with the history
97
00:04:27,360 --> 00:04:31,870
command
98
00:04:29,199 --> 00:04:33,939
rather than retyping along command from
99
00:04:31,870 --> 00:04:37,389
our history we can make use of the
100
00:04:33,939 --> 00:04:40,029
history expansion facility for example
101
00:04:37,389 --> 00:04:43,060
each entry in our history is preceded by
102
00:04:40,029 --> 00:04:45,189
a line number to rerun a command we
103
00:04:43,060 --> 00:04:48,460
simply type an exclamation mark followed
104
00:04:45,189 --> 00:04:51,159
by the line number in this case we'll re
105
00:04:48,460 --> 00:04:54,580
execute the command clear which is
106
00:04:51,159 --> 00:04:56,800
identified by line number 32 another
107
00:04:54,580 --> 00:04:59,529
helpful history shortcut is the double
108
00:04:56,800 --> 00:05:01,900
exclamation mark which repeats the last
109
00:04:59,529 --> 00:05:04,350
command that was executed during our
110
00:05:01,900 --> 00:05:07,110
terminal session
111
00:05:04,350 --> 00:05:09,630
by default the command history is saved
112
00:05:07,110 --> 00:05:12,470
to the bash history file in the users
113
00:05:09,630 --> 00:05:12,470
home directory
114
00:05:12,520 --> 00:05:20,970
to environment variables control history
115
00:05:14,949 --> 00:05:20,970
size hist size and hist file size
116
00:05:21,030 --> 00:05:25,020
his size controls the number of commands
117
00:05:23,190 --> 00:05:28,350
stored in memory for the current session
118
00:05:25,020 --> 00:05:30,680
and his file size configures how many
119
00:05:28,350 --> 00:05:33,480
commands are kept in the history file
120
00:05:30,680 --> 00:05:35,280
these variables can be edited according
121
00:05:33,480 --> 00:05:38,910
to our needs and saved to the bash
122
00:05:35,280 --> 00:05:41,550
configuration file dot bash RC that we
123
00:05:38,910 --> 00:05:43,500
will explore later one of the simplest
124
00:05:41,550 --> 00:05:45,960
ways to explore the bash history is
125
00:05:43,500 --> 00:05:47,430
right from the command line prompt we
126
00:05:45,960 --> 00:05:49,800
can browse through the history with some
127
00:05:47,430 --> 00:05:52,680
useful keyboard shortcuts with the two
128
00:05:49,800 --> 00:05:55,680
most common being the up arrow and down
129
00:05:52,680 --> 00:05:58,080
arrow the up arrow Scrolls backwards in
130
00:05:55,680 --> 00:06:01,440
history and the down arrow Scrolls
131
00:05:58,080 --> 00:06:04,200
forward last but not least holding down
132
00:06:01,440 --> 00:06:07,350
ctrl and pressing R will invoke the
133
00:06:04,200 --> 00:06:09,870
reverse I search facility if we type a
134
00:06:07,350 --> 00:06:11,640
letter for example C we'll get a match
135
00:06:09,870 --> 00:06:14,790
for the most recent command in our
136
00:06:11,640 --> 00:06:16,410
history that contains the letter C we
137
00:06:14,790 --> 00:06:18,330
can keep trying to narrow down our match
138
00:06:16,410 --> 00:06:21,690
and when we find the desired command
139
00:06:18,330 --> 00:06:23,520
we'll press ENTER to execute it bash has
140
00:06:21,690 --> 00:06:25,860
a number of history features that can
141
00:06:23,520 --> 00:06:28,310
save a great deal of time and repetitive
142
00:06:25,860 --> 00:06:28,310
typing
143
00:06:30,750 --> 00:06:36,540
typing and redirection every program run
144
00:06:34,620 --> 00:06:38,700
from the command line has three data
145
00:06:36,540 --> 00:06:40,830
streams connected to it that serve as
146
00:06:38,700 --> 00:06:43,470
communication channels with the external
147
00:06:40,830 --> 00:06:46,410
environment these streams are defined as
148
00:06:43,470 --> 00:06:49,050
standard input which is data fed into
149
00:06:46,410 --> 00:06:51,750
the program standard output which is
150
00:06:49,050 --> 00:06:54,660
output from the program and defaults to
151
00:06:51,750 --> 00:06:56,880
the terminal and standard error which
152
00:06:54,660 --> 00:07:00,600
contains error messages and are also
153
00:06:56,880 --> 00:07:03,660
displayed by default in the terminal
154
00:07:00,600 --> 00:07:06,220
typing using the pipe operator and
155
00:07:03,660 --> 00:07:09,190
redirection using the left and right
156
00:07:06,220 --> 00:07:11,500
angle bracket operators also known as
157
00:07:09,190 --> 00:07:13,930
Chevron's or greater than and less than
158
00:07:11,500 --> 00:07:17,290
signs connect these streams between
159
00:07:13,930 --> 00:07:21,540
programs and files to accommodate a near
160
00:07:17,290 --> 00:07:21,540
infinite number of possible use cases
161
00:07:23,450 --> 00:07:28,650
redirecting to a new file
162
00:07:26,670 --> 00:07:31,940
in the previous command examples the
163
00:07:28,650 --> 00:07:31,940
output was printed to the screen
164
00:07:31,960 --> 00:07:36,430
this is convenient most of the time but
165
00:07:34,960 --> 00:07:40,000
we can use the right angle bracket
166
00:07:36,430 --> 00:07:41,620
operator to save the output to a file to
167
00:07:40,000 --> 00:07:44,650
keep it for future reference or
168
00:07:41,620 --> 00:07:47,800
manipulation if we redirect the output
169
00:07:44,650 --> 00:07:51,330
to a non-existent file the file will be
170
00:07:47,800 --> 00:07:51,330
created automatically
171
00:07:51,380 --> 00:07:57,570
however if we save the output to a file
172
00:07:54,449 --> 00:08:00,590
that already exists that files content
173
00:07:57,570 --> 00:08:00,590
will be replaced
174
00:08:01,030 --> 00:08:07,530
be very careful with three direction
175
00:08:03,430 --> 00:08:07,530
there is no undo function
176
00:08:08,310 --> 00:08:13,360
redirecting to an existing file to
177
00:08:11,470 --> 00:08:15,819
append additional data to an existing
178
00:08:13,360 --> 00:08:17,949
file as opposed to overwriting the file
179
00:08:15,819 --> 00:08:20,520
use the double right angle bracket
180
00:08:17,949 --> 00:08:20,520
operator
181
00:08:21,250 --> 00:08:26,260
once again be sure to exercise caution
182
00:08:24,250 --> 00:08:29,790
with three directions so you don't
183
00:08:26,260 --> 00:08:29,790
overwrite anything important
184
00:08:31,300 --> 00:08:37,370
redirecting from a file as you may have
185
00:08:35,089 --> 00:08:39,680
guessed we can use the left angle
186
00:08:37,370 --> 00:08:43,519
bracket operator to send data the other
187
00:08:39,680 --> 00:08:46,579
way in this example will redirect the WC
188
00:08:43,519 --> 00:08:49,130
commands standard input with data
189
00:08:46,579 --> 00:08:51,740
originating from the file we generated
190
00:08:49,130 --> 00:08:55,610
in the previous section let's try this
191
00:08:51,740 --> 00:08:56,560
with W cm which counts characters in the
192
00:08:55,610 --> 00:08:59,810
file
193
00:08:56,560 --> 00:09:02,240
note that this effectively connected the
194
00:08:59,810 --> 00:09:06,759
contents of our file to the standard
195
00:09:02,240 --> 00:09:06,759
input of the WC - M command
196
00:09:08,690 --> 00:09:14,940
redirecting standard error according to
197
00:09:12,779 --> 00:09:17,790
the POSIX specification the file
198
00:09:14,940 --> 00:09:20,910
descriptors for standard input standard
199
00:09:17,790 --> 00:09:25,529
output and standard error are defined as
200
00:09:20,910 --> 00:09:27,149
zero one and two respectively these
201
00:09:25,529 --> 00:09:29,070
numbers are important as they can be
202
00:09:27,149 --> 00:09:31,529
used to manipulate the corresponding
203
00:09:29,070 --> 00:09:34,110
data streams from the command line while
204
00:09:31,529 --> 00:09:36,600
executing or joining different commands
205
00:09:34,110 --> 00:09:38,070
together to get a better grasp of how
206
00:09:36,600 --> 00:09:40,860
the file descriptor numbers work
207
00:09:38,070 --> 00:09:43,790
consider this example which redirects
208
00:09:40,860 --> 00:09:43,790
the standard error
209
00:09:46,560 --> 00:09:52,019
note that error dot txt only contains
210
00:09:49,560 --> 00:09:54,779
the error message generated on standard
211
00:09:52,019 --> 00:09:56,699
error we did this by prepending the
212
00:09:54,779 --> 00:09:59,730
stream number to the right angle bracket
213
00:09:56,699 --> 00:10:02,629
operator where two corresponds to
214
00:09:59,730 --> 00:10:02,629
standard error
215
00:10:04,310 --> 00:10:10,579
typing continuing with the example using
216
00:10:07,879 --> 00:10:13,069
the WC command let's have a look at how
217
00:10:10,579 --> 00:10:16,330
to redirect the output from one command
218
00:10:13,069 --> 00:10:19,750
into the input of another
219
00:10:16,330 --> 00:10:21,760
we'll use the pipe character to redirect
220
00:10:19,750 --> 00:10:25,470
the output of the cat command to the
221
00:10:21,760 --> 00:10:25,470
input of the WC command
222
00:10:27,360 --> 00:10:31,949
this concept may seem trivial but piping
223
00:10:30,449 --> 00:10:34,619
together different commands is a
224
00:10:31,949 --> 00:10:36,829
powerful way to manipulate all sorts of
225
00:10:34,619 --> 00:10:36,829
data
226
00:10:41,420 --> 00:10:47,000
text searching and manipulation in this
227
00:10:44,900 --> 00:10:49,250
section we'll gain efficiency with file
228
00:10:47,000 --> 00:10:53,800
and text handling by introducing a few
229
00:10:49,250 --> 00:10:56,030
commands grep said cut and awk
230
00:10:53,800 --> 00:10:57,860
advanced usage of some of these tools
231
00:10:56,030 --> 00:11:01,570
requires a good understanding of how
232
00:10:57,860 --> 00:11:01,570
regular expressions work
233
00:11:02,019 --> 00:11:08,350
grep in a nutshell grep searches text
234
00:11:06,429 --> 00:11:11,259
files for the occurrence of a given
235
00:11:08,350 --> 00:11:13,540
regular expression and outputs any line
236
00:11:11,259 --> 00:11:16,050
containing a match to standard output
237
00:11:13,540 --> 00:11:20,160
which is usually the terminal screen
238
00:11:16,050 --> 00:11:20,160
consider the following example
239
00:11:20,310 --> 00:11:25,950
we listed all the files in the user bin
240
00:11:23,250 --> 00:11:28,770
directory with LS and pipe the output
241
00:11:25,950 --> 00:11:32,340
into the grep command which searches for
242
00:11:28,770 --> 00:11:33,840
any line containing the string zip some
243
00:11:32,340 --> 00:11:36,570
of the most commonly used switches
244
00:11:33,840 --> 00:11:40,410
include - R for recursive searching and
245
00:11:36,570 --> 00:11:42,000
- I to ignore the case of the text refer
246
00:11:40,410 --> 00:11:44,120
to the grep man page for more
247
00:11:42,000 --> 00:11:46,500
information about various options
248
00:11:44,120 --> 00:11:50,690
understanding the grep tool and when to
249
00:11:46,500 --> 00:11:50,690
use it can prove incredibly useful
250
00:11:53,030 --> 00:12:00,890
said said is a powerful stream editor
251
00:11:57,740 --> 00:12:03,500
it's also very complex so we'll only
252
00:12:00,890 --> 00:12:06,440
briefly scratch the surface here at a
253
00:12:03,500 --> 00:12:09,140
high level said performs text editing on
254
00:12:06,440 --> 00:12:13,100
a stream of text either a set of
255
00:12:09,140 --> 00:12:15,610
specific files or standard output let's
256
00:12:13,100 --> 00:12:15,610
look at an example
257
00:12:16,370 --> 00:12:21,680
we created a stream of text using the
258
00:12:18,950 --> 00:12:24,650
echo command and then piped it to said
259
00:12:21,680 --> 00:12:27,800
in order to replace the word hard with
260
00:12:24,650 --> 00:12:29,510
harder note that by default the output
261
00:12:27,800 --> 00:12:31,820
of the entire command has been
262
00:12:29,510 --> 00:12:35,830
automatically redirected to standard
263
00:12:31,820 --> 00:12:35,830
output or the terminal screen
264
00:12:36,250 --> 00:12:43,960
cut the cut command is simple but often
265
00:12:40,810 --> 00:12:46,000
comes in quite handy cut is used to
266
00:12:43,960 --> 00:12:49,360
extract a section of text from a line
267
00:12:46,000 --> 00:12:51,550
and output it to standard output some of
268
00:12:49,360 --> 00:12:54,370
the most commonly used switches include
269
00:12:51,550 --> 00:12:59,230
- F for the field number we are cutting
270
00:12:54,370 --> 00:13:02,800
and - d to define the field delimiter
271
00:12:59,230 --> 00:13:05,380
here we echoed a line of text and piped
272
00:13:02,800 --> 00:13:08,470
it to the cut command to extract the
273
00:13:05,380 --> 00:13:10,990
second field using a comma as a field
274
00:13:08,470 --> 00:13:14,170
delimiter the same command can be used
275
00:13:10,990 --> 00:13:16,540
to cut lines found in text files this
276
00:13:14,170 --> 00:13:19,600
time a list of users is extracted from
277
00:13:16,540 --> 00:13:24,060
Etsy password by using a colon as a
278
00:13:19,600 --> 00:13:24,060
delimiter and retrieving the first field
279
00:13:27,030 --> 00:13:32,910
Ark Ark is a programming language
280
00:13:30,630 --> 00:13:35,310
designed for text processing and is
281
00:13:32,910 --> 00:13:37,460
typically used as a data extraction and
282
00:13:35,310 --> 00:13:40,500
reporting tool it is also extremely
283
00:13:37,460 --> 00:13:42,420
powerful and can be quite complex so
284
00:13:40,500 --> 00:13:45,390
again we will only scratch the surface
285
00:13:42,420 --> 00:13:48,750
here a commonly used switch with awk is
286
00:13:45,390 --> 00:13:51,750
- capital F which is the field separator
287
00:13:48,750 --> 00:13:55,440
and the print command which outputs the
288
00:13:51,750 --> 00:13:57,060
result text here we echoed a line and
289
00:13:55,440 --> 00:14:00,360
piped it to awk
290
00:13:57,060 --> 00:14:03,500
to extract the 1st and 3rd fields using
291
00:14:00,360 --> 00:14:06,120
a double colon as a field separator the
292
00:14:03,500 --> 00:14:09,180
most prominent difference between the
293
00:14:06,120 --> 00:14:11,820
cut and awk examples we used is that cut
294
00:14:09,180 --> 00:14:14,850
can only accept a single character as a
295
00:14:11,820 --> 00:14:17,150
field delimiter while awk is much more
296
00:14:14,850 --> 00:14:19,730
flexible
297
00:14:17,150 --> 00:14:21,830
as a general rule of thumb use a single
298
00:14:19,730 --> 00:14:24,490
op command instead of multiple cut
299
00:14:21,830 --> 00:14:24,490
operations
300
00:14:25,240 --> 00:14:30,100
practical example let's take a look at a
301
00:14:28,360 --> 00:14:32,170
practical example that ties together
302
00:14:30,100 --> 00:14:35,290
many of the commands we've explored so
303
00:14:32,170 --> 00:14:37,899
far we've been given an apache HTTP
304
00:14:35,290 --> 00:14:42,700
server log that contains evidence of an
305
00:14:37,899 --> 00:14:45,670
attack our task is to use bash commands
306
00:14:42,700 --> 00:14:48,220
to inspect the file and discover various
307
00:14:45,670 --> 00:14:51,100
pieces of information such as who the
308
00:14:48,220 --> 00:14:53,640
attackers were and what exactly happened
309
00:14:51,100 --> 00:14:53,640
on the server
310
00:14:53,900 --> 00:15:00,110
first we'll use the head and WC commands
311
00:14:57,620 --> 00:15:04,120
to take a quick peek at the log file in
312
00:15:00,110 --> 00:15:06,970
order to understand its structure
313
00:15:04,120 --> 00:15:10,420
the head command displays the first 10
314
00:15:06,970 --> 00:15:13,360
lines in a file and the WC command along
315
00:15:10,420 --> 00:15:16,149
with the - L option displays a total
316
00:15:13,360 --> 00:15:18,999
number of lines in the file notice that
317
00:15:16,149 --> 00:15:21,819
the log file is text-based and contains
318
00:15:18,999 --> 00:15:26,980
different space delimited fields like IP
319
00:15:21,819 --> 00:15:29,499
address timestamp HTTP request etc this
320
00:15:26,980 --> 00:15:31,689
is a perfectly grep friendly file and
321
00:15:29,499 --> 00:15:33,900
will work well for all the tools we've
322
00:15:31,689 --> 00:15:35,970
covered so far
323
00:15:33,900 --> 00:15:38,970
we'll begin by searching through the
324
00:15:35,970 --> 00:15:41,310
HTTP requests made to the server for all
325
00:15:38,970 --> 00:15:44,610
the IP addresses recorded in this log
326
00:15:41,310 --> 00:15:47,190
file to do this we'll cap the log file
327
00:15:44,610 --> 00:15:50,430
and pipe the output into the cut and
328
00:15:47,190 --> 00:15:52,529
sort commands this might give us a clue
329
00:15:50,430 --> 00:15:55,620
about the number of potential attackers
330
00:15:52,529 --> 00:15:58,050
were dealing with here we see that less
331
00:15:55,620 --> 00:16:00,330
than 10 I P addresses were recorded in
332
00:15:58,050 --> 00:16:03,589
the log file although this still doesn't
333
00:16:00,330 --> 00:16:06,900
tell us anything about the attackers
334
00:16:03,589 --> 00:16:09,900
next we'll use unique and sort to show
335
00:16:06,900 --> 00:16:12,480
unique lines further refine our output
336
00:16:09,900 --> 00:16:16,620
and sort the data by the number of times
337
00:16:12,480 --> 00:16:19,560
each IP address access the server the -
338
00:16:16,620 --> 00:16:21,180
C option of unique will prefix the
339
00:16:19,560 --> 00:16:25,650
output line with the number of
340
00:16:21,180 --> 00:16:27,930
occurrences a few IP addresses stand out
341
00:16:25,650 --> 00:16:32,150
but we'll focus on the address that has
342
00:16:27,930 --> 00:16:32,150
the highest access frequency first
343
00:16:32,620 --> 00:16:37,600
to filter out the suspicious IP address
344
00:16:35,140 --> 00:16:40,570
and display and count the resources that
345
00:16:37,600 --> 00:16:44,040
were being requested by that IP we can
346
00:16:40,570 --> 00:16:44,040
use the following sequence
347
00:16:45,120 --> 00:16:49,500
from this output it seems that the IP
348
00:16:47,310 --> 00:16:53,460
address was accessing the admin
349
00:16:49,500 --> 00:16:55,790
directory exclusively let's inspect this
350
00:16:53,460 --> 00:16:55,790
further
351
00:16:58,540 --> 00:17:03,820
apparently the suspicious IP has been
352
00:17:01,000 --> 00:17:06,970
involved in an HTTP brute-force attempt
353
00:17:03,820 --> 00:17:10,510
against the web server we can verify
354
00:17:06,970 --> 00:17:13,390
this with greps - V flag to reverse the
355
00:17:10,510 --> 00:17:16,480
search and only show lines that do not
356
00:17:13,390 --> 00:17:19,890
contain the word admin as we can see our
357
00:17:16,480 --> 00:17:22,360
log files contain no such entry
358
00:17:19,890 --> 00:17:24,430
furthermore after about a thousand
359
00:17:22,360 --> 00:17:27,580
attempts it seems like the brute-force
360
00:17:24,430 --> 00:17:32,170
attempt succeeded as indicated by the
361
00:17:27,580 --> 00:17:33,970
HTTP 200 message this is a good example
362
00:17:32,170 --> 00:17:37,110
that ties together many of the basic
363
00:17:33,970 --> 00:17:37,110
commands we've explored
364
00:17:40,870 --> 00:17:46,330
editing files from the command-line next
365
00:17:44,170 --> 00:17:48,820
let's take a look at file editing in a
366
00:17:46,330 --> 00:17:50,559
command shell environment this is an
367
00:17:48,820 --> 00:17:52,780
extremely important linux skill
368
00:17:50,559 --> 00:17:55,570
especially if you happen to get access
369
00:17:52,780 --> 00:17:58,000
to a unix-like OS during a penetration
370
00:17:55,570 --> 00:18:00,580
test although there are text editors
371
00:17:58,000 --> 00:18:02,320
like G edit and leafpad that might be
372
00:18:00,580 --> 00:18:05,260
more visually appealing due to their
373
00:18:02,320 --> 00:18:07,750
graphic user interface we will focus on
374
00:18:05,260 --> 00:18:10,650
text-based terminal editors which
375
00:18:07,750 --> 00:18:13,000
emphasize both speed and versatility
376
00:18:10,650 --> 00:18:15,010
everyone seems to have a preference when
377
00:18:13,000 --> 00:18:17,500
it comes to text editors but we will
378
00:18:15,010 --> 00:18:21,660
cover basic usage for the two most
379
00:18:17,500 --> 00:18:21,660
common options Nano and VI
380
00:18:22,230 --> 00:18:29,560
nano nano is one of the simplest to use
381
00:18:25,840 --> 00:18:32,770
text editors to open a file and begin
382
00:18:29,560 --> 00:18:36,250
editing simply run nano passing a file
383
00:18:32,770 --> 00:18:38,380
name as an optional argument once the
384
00:18:36,250 --> 00:18:40,780
file is opened we can immediately start
385
00:18:38,380 --> 00:18:42,900
making any required changes to the file
386
00:18:40,780 --> 00:18:45,940
just as we would in a graphical editor
387
00:18:42,900 --> 00:18:48,100
the Nano command menu is located at the
388
00:18:45,940 --> 00:18:51,130
bottom of the screen some of the most
389
00:18:48,100 --> 00:18:55,510
used commands to memorize include ctrl o
390
00:18:51,130 --> 00:18:58,720
to write changes to the file ctrl K to
391
00:18:55,510 --> 00:19:01,450
cut the current line and control you to
392
00:18:58,720 --> 00:19:05,680
uncut a line and paste it at the cursor
393
00:19:01,450 --> 00:19:10,000
location ctrl W is used to search within
394
00:19:05,680 --> 00:19:12,450
the file and finally ctrl X is used to
395
00:19:10,000 --> 00:19:12,450
exit
396
00:19:13,360 --> 00:19:19,920
for additional information regarding
397
00:19:15,220 --> 00:19:19,920
nano refer to its online documentation
398
00:19:20,400 --> 00:19:27,180
VI VI is an extremely powerful text
399
00:19:24,900 --> 00:19:29,460
editor capable of blazing speed
400
00:19:27,180 --> 00:19:32,310
especially when it comes to automating
401
00:19:29,460 --> 00:19:34,740
repetitive tasks however it has a
402
00:19:32,310 --> 00:19:37,250
relatively steep learning curve and is
403
00:19:34,740 --> 00:19:40,500
nowhere near as simple to use as nano
404
00:19:37,250 --> 00:19:43,710
due to its complexity we will only cover
405
00:19:40,500 --> 00:19:46,470
the very basics here as with nano to
406
00:19:43,710 --> 00:19:48,780
edit a file simply pass its name as an
407
00:19:46,470 --> 00:19:51,990
argument to VI
408
00:19:48,780 --> 00:19:54,930
once the file is opened enable insert
409
00:19:51,990 --> 00:19:59,550
text mode to begin typing to do this
410
00:19:54,930 --> 00:20:02,130
press the i key and start typing away to
411
00:19:59,550 --> 00:20:05,400
disable insert text mode and go back to
412
00:20:02,130 --> 00:20:08,790
command mode press the Escape key while
413
00:20:05,400 --> 00:20:12,090
in command mode use DD to delete the
414
00:20:08,790 --> 00:20:15,330
current line press YY to copy the
415
00:20:12,090 --> 00:20:17,970
current line and press P to paste the
416
00:20:15,330 --> 00:20:20,610
clipboard contents to delete the current
417
00:20:17,970 --> 00:20:24,660
character under the cursor press the X
418
00:20:20,610 --> 00:20:30,620
key to write the current file to disk
419
00:20:24,660 --> 00:20:30,620
and remain in V I type : w
420
00:20:30,909 --> 00:20:36,429
type : Q followed by an exclamation mark
421
00:20:33,909 --> 00:20:39,519
to quit without writing the file to the
422
00:20:36,429 --> 00:20:46,440
disk to quickly save the file and quit
423
00:20:39,519 --> 00:20:46,440
VI enter : WQ exclamation point
424
00:20:47,490 --> 00:20:53,580
because VI seemed so awkward to use many
425
00:20:50,880 --> 00:20:56,309
users avoid it however from a
426
00:20:53,580 --> 00:20:58,500
penetration testers point of view VI can
427
00:20:56,309 --> 00:21:00,809
save a great deal of time in the hands
428
00:20:58,500 --> 00:21:05,270
of an experienced user and is installed
429
00:21:00,809 --> 00:21:05,270
on every POSIX compliant system
430
00:21:05,930 --> 00:21:12,600
comparing files file comparison may seem
431
00:21:10,170 --> 00:21:16,260
irrelevant but system administrators
432
00:21:12,600 --> 00:21:18,630
network engineers penetration testers IT
433
00:21:16,260 --> 00:21:21,540
support technicians and many other
434
00:21:18,630 --> 00:21:24,540
technically oriented professionals rely
435
00:21:21,540 --> 00:21:26,940
on this skill fairly often in this
436
00:21:24,540 --> 00:21:29,520
section we'll take a look at a couple of
437
00:21:26,940 --> 00:21:32,400
tools that can help streamline the often
438
00:21:29,520 --> 00:21:34,850
tedious but rewarding process of file
439
00:21:32,400 --> 00:21:34,850
comparison
440
00:21:35,100 --> 00:21:41,429
calm the calm command compares to text
441
00:21:39,299 --> 00:21:44,039
files displaying the lines that are
442
00:21:41,429 --> 00:21:46,850
unique to each one as well as the lines
443
00:21:44,039 --> 00:21:46,850
they have in common
444
00:21:51,150 --> 00:21:58,470
in the first example comm display the
445
00:21:53,880 --> 00:22:02,309
unique lines in scan - a text the unique
446
00:21:58,470 --> 00:22:04,650
lines in scan - B dot text and the Lions
447
00:22:02,309 --> 00:22:08,670
found in both files respectively
448
00:22:04,650 --> 00:22:11,400
comm outputs three space offset columns
449
00:22:08,670 --> 00:22:14,970
the first contains lines that are unique
450
00:22:11,400 --> 00:22:16,920
to the first file or argument the second
451
00:22:14,970 --> 00:22:19,650
contains lines that are unique to the
452
00:22:16,920 --> 00:22:21,840
second file or argument and the third
453
00:22:19,650 --> 00:22:24,120
column contains lines that are shared by
454
00:22:21,840 --> 00:22:28,529
both files
455
00:22:24,120 --> 00:22:31,710
the - n switch where n is either 1 2 or
456
00:22:28,529 --> 00:22:34,590
3 can be used to suppress one or more
457
00:22:31,710 --> 00:22:37,340
columns depending on the need let's take
458
00:22:34,590 --> 00:22:37,340
a look at an example
459
00:22:37,630 --> 00:22:43,059
this time come displayed only the lines
460
00:22:40,600 --> 00:22:46,740
that were found in both files since we
461
00:22:43,059 --> 00:22:46,740
suppress columns 1 & 2
462
00:22:48,540 --> 00:22:54,870
diff the diff command is used to detect
463
00:22:52,170 --> 00:22:58,020
differences between files similar to the
464
00:22:54,870 --> 00:23:01,170
comm command however diff is much more
465
00:22:58,020 --> 00:23:04,230
complex and supports many output formats
466
00:23:01,170 --> 00:23:06,840
two of the most popular formats include
467
00:23:04,230 --> 00:23:10,170
the context format and the unified
468
00:23:06,840 --> 00:23:14,190
format display results in context format
469
00:23:10,170 --> 00:23:16,710
use the - see option this output uses
470
00:23:14,190 --> 00:23:19,440
the - indicator to show that the line
471
00:23:16,710 --> 00:23:22,740
appears in the first file but not in the
472
00:23:19,440 --> 00:23:24,630
second conversely the + indicator shows
473
00:23:22,740 --> 00:23:28,200
that the line appears in the second file
474
00:23:24,630 --> 00:23:31,820
but not in the first now let's see what
475
00:23:28,200 --> 00:23:31,820
the unified format returns
476
00:23:33,410 --> 00:23:37,610
the most notable difference between
477
00:23:35,240 --> 00:23:40,190
these formats is that the unified format
478
00:23:37,610 --> 00:23:43,100
does not show lines that match between
479
00:23:40,190 --> 00:23:45,169
files making the results shorter the
480
00:23:43,100 --> 00:23:48,549
indicators however have identical
481
00:23:45,169 --> 00:23:48,549
meaning in both formats
482
00:23:51,940 --> 00:24:00,820
vim diff vim diff opens vim an extended
483
00:23:57,280 --> 00:24:03,400
version of VI with multiple files one in
484
00:24:00,820 --> 00:24:05,230
each window the differences between the
485
00:24:03,400 --> 00:24:07,630
files are highlighted which makes it
486
00:24:05,230 --> 00:24:09,450
easier to visually inspect them there
487
00:24:07,630 --> 00:24:13,120
are a few shortcuts that might be useful
488
00:24:09,450 --> 00:24:15,670
for example pressing ctrl W followed by
489
00:24:13,120 --> 00:24:18,760
an arrow key allows us to switch between
490
00:24:15,670 --> 00:24:21,190
windows pressing the right bracket and
491
00:24:18,760 --> 00:24:24,940
the letter C will jump to the next
492
00:24:21,190 --> 00:24:27,370
change in the diff and the left bracket
493
00:24:24,940 --> 00:24:30,640
followed by the letter C will jump to
494
00:24:27,370 --> 00:24:32,740
the previous change the do key
495
00:24:30,640 --> 00:24:34,810
combination will get a change from the
496
00:24:32,740 --> 00:24:37,110
other window and put it in the current
497
00:24:34,810 --> 00:24:37,110
one
498
00:24:39,590 --> 00:24:44,900
combination we'll put the change from
499
00:24:41,600 --> 00:24:47,720
the current window into the other one to
500
00:24:44,900 --> 00:24:50,020
quit vim diff use the same shortcuts as
501
00:24:47,720 --> 00:24:50,020
VI
502
00:24:56,980 --> 00:25:03,050
managing processes the Linux kernel
503
00:25:00,710 --> 00:25:05,630
manages multitasking through the use of
504
00:25:03,050 --> 00:25:07,910
processes the kernel maintains
505
00:25:05,630 --> 00:25:10,790
information about each process to help
506
00:25:07,910 --> 00:25:14,980
keep things organized and each process
507
00:25:10,790 --> 00:25:17,990
is assigned a number called a process ID
508
00:25:14,980 --> 00:25:20,840
the Linux shell also introduces the
509
00:25:17,990 --> 00:25:23,480
concept of jobs to ease our workflow
510
00:25:20,840 --> 00:25:26,059
during a terminal session for example
511
00:25:23,480 --> 00:25:29,410
this is a pipeline of two processes
512
00:25:26,059 --> 00:25:32,270
which the shell considers a single job
513
00:25:29,410 --> 00:25:34,820
job control refers to the ability to
514
00:25:32,270 --> 00:25:37,309
selectively suspend the execution of
515
00:25:34,820 --> 00:25:39,270
jobs and resume their execution at a
516
00:25:37,309 --> 00:25:41,250
later time
517
00:25:39,270 --> 00:25:43,050
we can achieve this with the help of
518
00:25:41,250 --> 00:25:45,530
specific commands which will soon
519
00:25:43,050 --> 00:25:45,530
explore
520
00:25:45,940 --> 00:25:52,700
background is the previous jobs in this
521
00:25:50,960 --> 00:25:55,280
module have been run in the foreground
522
00:25:52,700 --> 00:25:57,650
which means the terminal is occupied and
523
00:25:55,280 --> 00:26:00,440
no other commands can be executed until
524
00:25:57,650 --> 00:26:02,030
the current one finishes since most of
525
00:26:00,440 --> 00:26:04,760
our examples have been short and sweet
526
00:26:02,030 --> 00:26:06,950
this hasn't caused a problem we will
527
00:26:04,760 --> 00:26:09,590
however be running longer and more
528
00:26:06,950 --> 00:26:11,930
complex commands in later modules which
529
00:26:09,590 --> 00:26:14,060
we can send to the background in order
530
00:26:11,930 --> 00:26:17,210
to regain control of the terminal and
531
00:26:14,060 --> 00:26:19,580
execute additional commands the quickest
532
00:26:17,210 --> 00:26:21,680
way to background a process is to append
533
00:26:19,580 --> 00:26:24,260
an ampersand to the end of the command
534
00:26:21,680 --> 00:26:26,660
to send it to the background immediately
535
00:26:24,260 --> 00:26:30,050
after it starts let's try a brief
536
00:26:26,660 --> 00:26:32,630
example we'll send 400 ICMP echo
537
00:26:30,050 --> 00:26:35,060
requests to the local interface with the
538
00:26:32,630 --> 00:26:38,510
ping command and write the results to a
539
00:26:35,060 --> 00:26:39,230
file the execution automatically runs in
540
00:26:38,510 --> 00:26:41,330
the background
541
00:26:39,230 --> 00:26:43,700
leaving the shell free for additional
542
00:26:41,330 --> 00:26:45,290
operations but what would have happened
543
00:26:43,700 --> 00:26:48,680
if we had forgotten to append the
544
00:26:45,290 --> 00:26:50,870
ampersand at the end of the command this
545
00:26:48,680 --> 00:26:52,730
command will run in the foreground and
546
00:26:50,870 --> 00:26:55,340
we are forced to either cancel the
547
00:26:52,730 --> 00:26:57,470
command with control C or wait until the
548
00:26:55,340 --> 00:27:00,050
command finishes to regain control of
549
00:26:57,470 --> 00:27:02,510
the terminal the other option is to
550
00:27:00,050 --> 00:27:05,300
suspend the job using control Z after
551
00:27:02,510 --> 00:27:07,580
it's already started once a job has been
552
00:27:05,300 --> 00:27:11,090
suspended we can resume it in the
553
00:27:07,580 --> 00:27:12,740
background using the BG command the job
554
00:27:11,090 --> 00:27:14,690
is now running in the background and we
555
00:27:12,740 --> 00:27:16,419
can continue using the terminal as we
556
00:27:14,690 --> 00:27:19,149
wish
557
00:27:16,419 --> 00:27:21,789
while doing this keep in mind that some
558
00:27:19,149 --> 00:27:24,820
processes are time sensitive and may
559
00:27:21,789 --> 00:27:27,309
give incorrect results if left suspended
560
00:27:24,820 --> 00:27:30,909
for too long for instance in the ping
561
00:27:27,309 --> 00:27:32,889
example the echo reply may come back but
562
00:27:30,909 --> 00:27:35,590
if the process is suspended when the
563
00:27:32,889 --> 00:27:38,289
packet comes in the process may miss it
564
00:27:35,590 --> 00:27:39,759
leading to incorrect output always
565
00:27:38,289 --> 00:27:42,009
consider the context of what the
566
00:27:39,759 --> 00:27:45,389
commands you are running are doing when
567
00:27:42,009 --> 00:27:45,389
engaging in job control
568
00:27:46,250 --> 00:27:53,690
control jobs and FG to quickly check on
569
00:27:50,810 --> 00:27:55,550
the status of our ICMP echo requests we
570
00:27:53,690 --> 00:27:59,240
need to make use of two additional
571
00:27:55,550 --> 00:28:02,180
commands jobs and FG let's begin by
572
00:27:59,240 --> 00:28:04,810
starting and suspending to long-running
573
00:28:02,180 --> 00:28:04,810
commands
574
00:28:10,340 --> 00:28:12,400
you
575
00:28:12,890 --> 00:28:18,470
the built-in jobs utility lists the jobs
576
00:28:16,490 --> 00:28:21,679
that are running in the current terminal
577
00:28:18,470 --> 00:28:25,340
session running the F G command followed
578
00:28:21,679 --> 00:28:28,220
by a % and job number returns a job to
579
00:28:25,340 --> 00:28:30,679
the foreground will use control-c to
580
00:28:28,220 --> 00:28:33,220
terminate this ping process and run jobs
581
00:28:30,679 --> 00:28:33,220
again
582
00:28:33,840 --> 00:28:39,060
with only one job running we can run FG
583
00:28:37,170 --> 00:28:42,080
without any additional arguments to
584
00:28:39,060 --> 00:28:42,080
return it to the foreground
585
00:28:42,760 --> 00:28:50,679
specific jobs can also be referenced by
586
00:28:45,409 --> 00:28:50,679
their process ID number or command name
587
00:28:56,239 --> 00:29:02,549
process control PS and kill one of the
588
00:29:00,899 --> 00:29:04,919
most useful commands for monitoring
589
00:29:02,549 --> 00:29:07,979
processes on almost any unix-like
590
00:29:04,919 --> 00:29:09,889
operating system is PS which is short
591
00:29:07,979 --> 00:29:13,289
for process status
592
00:29:09,889 --> 00:29:16,259
unlike the jobs command PS lists
593
00:29:13,289 --> 00:29:18,629
processes system-wide not only for the
594
00:29:16,259 --> 00:29:20,700
current terminal session PS is
595
00:29:18,629 --> 00:29:23,549
considered a standard on unix-like os's
596
00:29:20,700 --> 00:29:26,549
and its name is so well recognized that
597
00:29:23,549 --> 00:29:28,979
even on windows powershell PS is a
598
00:29:26,549 --> 00:29:31,619
predefined command alias for the get
599
00:29:28,979 --> 00:29:34,310
process command --let which essentially
600
00:29:31,619 --> 00:29:37,010
serves the same purpose
601
00:29:34,310 --> 00:29:38,900
as a penetration tester one of the first
602
00:29:37,010 --> 00:29:41,420
things to check after obtaining remote
603
00:29:38,900 --> 00:29:43,280
access to a system is the software
604
00:29:41,420 --> 00:29:46,190
currently running on the compromised
605
00:29:43,280 --> 00:29:48,200
machine this could provide clues to help
606
00:29:46,190 --> 00:29:50,270
elevate our privileges or collect
607
00:29:48,200 --> 00:29:52,580
additional information in order to
608
00:29:50,270 --> 00:29:55,850
acquire further access into the network
609
00:29:52,580 --> 00:29:58,750
as an example let's start the leafpad
610
00:29:55,850 --> 00:29:58,750
text editor
611
00:30:02,490 --> 00:30:07,740
now let's try to find the leafpad
612
00:30:05,190 --> 00:30:09,270
process ID from the command line using
613
00:30:07,740 --> 00:30:13,020
the PS command
614
00:30:09,270 --> 00:30:16,590
we'll run PS with the - EF options where
615
00:30:13,020 --> 00:30:20,790
e selects all processes and F displays a
616
00:30:16,590 --> 00:30:22,830
full format listing finding our leafpad
617
00:30:20,790 --> 00:30:25,230
application that massive listing is
618
00:30:22,830 --> 00:30:27,660
definitely not easy but since we know
619
00:30:25,230 --> 00:30:30,060
the application name were looking for we
620
00:30:27,660 --> 00:30:33,270
can replace the - e switch with -
621
00:30:30,060 --> 00:30:37,350
capital C and specify the command name
622
00:30:33,270 --> 00:30:39,300
which is leafpad in our case the process
623
00:30:37,350 --> 00:30:43,530
search has returned a single result
624
00:30:39,300 --> 00:30:46,020
which contains leaf pads process ID take
625
00:30:43,530 --> 00:30:48,120
some time to explore the PS manual as it
626
00:30:46,020 --> 00:30:51,060
really is the Swiss Army knife of
627
00:30:48,120 --> 00:30:53,040
process management let's say we now want
628
00:30:51,060 --> 00:30:55,320
to stop the leaf pad process without
629
00:30:53,040 --> 00:30:58,050
interacting with the GUI the kill
630
00:30:55,320 --> 00:31:00,180
command can help us here as its purpose
631
00:30:58,050 --> 00:31:02,880
is to send a specific signal to a
632
00:31:00,180 --> 00:31:05,130
process the kill command requires the
633
00:31:02,880 --> 00:31:07,650
PID of the process we want to send the
634
00:31:05,130 --> 00:31:10,520
signal to since we've already gathered
635
00:31:07,650 --> 00:31:13,620
leaf pads process ID we can proceed
636
00:31:10,520 --> 00:31:17,220
because the default signal for kill is
637
00:31:13,620 --> 00:31:19,950
sig term or request termination our
638
00:31:17,220 --> 00:31:22,440
application has been terminated we can
639
00:31:19,950 --> 00:31:24,740
verify this with PS after killing leaf
640
00:31:22,440 --> 00:31:24,740
pad
641
00:31:30,149 --> 00:31:35,099
file and command monitoring it's
642
00:31:33,599 --> 00:31:37,799
extremely valuable to know how to
643
00:31:35,099 --> 00:31:39,749
monitor files and commands in real time
644
00:31:37,799 --> 00:31:41,879
during the course of a penetration test
645
00:31:39,749 --> 00:31:45,830
two commands that help with this task
646
00:31:41,879 --> 00:31:48,100
include tail and watch
647
00:31:45,830 --> 00:31:50,169
tail
648
00:31:48,100 --> 00:31:52,299
most common use of tail is to monitor
649
00:31:50,169 --> 00:31:54,600
log file entries as they are being
650
00:31:52,299 --> 00:31:54,600
written
651
00:31:54,690 --> 00:31:59,489
for example we may want to monitor the
652
00:31:57,179 --> 00:32:02,009
Apache logs to see if a web server is
653
00:31:59,489 --> 00:32:04,349
being contacted by a given client we are
654
00:32:02,009 --> 00:32:07,649
attempting to attack with a client-side
655
00:32:04,349 --> 00:32:10,320
exploit the dash F option is very useful
656
00:32:07,649 --> 00:32:13,229
it continuously updates the output as
657
00:32:10,320 --> 00:32:15,119
the target file grows since our local
658
00:32:13,229 --> 00:32:17,070
Apache web server is already running
659
00:32:15,119 --> 00:32:19,700
will visit the default page using
660
00:32:17,070 --> 00:32:19,700
Firefox
661
00:32:22,890 --> 00:32:29,750
if we go back to our terminal we should
662
00:32:25,530 --> 00:32:29,750
see the requests made in the log file
663
00:32:33,850 --> 00:32:40,630
another convenience which is - NX which
664
00:32:38,260 --> 00:32:44,740
outputs the last X number of lines
665
00:32:40,630 --> 00:32:46,600
instead of the default value of 10 tail
666
00:32:44,740 --> 00:32:50,040
has a number of other useful options
667
00:32:46,600 --> 00:32:50,040
outlined in its mane page
668
00:32:52,400 --> 00:32:59,510
watch the watch command is used to run a
669
00:32:56,750 --> 00:33:03,080
designated command at regular intervals
670
00:32:59,510 --> 00:33:05,330
by default it runs every two seconds but
671
00:33:03,080 --> 00:33:08,360
we can specify a different interval by
672
00:33:05,330 --> 00:33:10,240
using the dash NX option to have it run
673
00:33:08,360 --> 00:33:12,980
every X number of seconds
674
00:33:10,240 --> 00:33:16,310
for example this command will list
675
00:33:12,980 --> 00:33:20,270
logged in users output from the W
676
00:33:16,310 --> 00:33:22,130
command once every 5 seconds to
677
00:33:20,270 --> 00:33:24,020
terminate the watch command and return
678
00:33:22,130 --> 00:33:26,650
to the interactive terminal use
679
00:33:24,020 --> 00:33:26,650
control-c
680
00:33:30,780 --> 00:33:36,420
downloading files next let's take a look
681
00:33:34,290 --> 00:33:39,960
at some tools that can download files to
682
00:33:36,420 --> 00:33:43,870
a Linux system from the command line
683
00:33:39,960 --> 00:33:46,539
w get the W get command which we use
684
00:33:43,870 --> 00:33:51,640
extensively downloads files using the
685
00:33:46,539 --> 00:33:54,340
HTTP and FTP protocols W get can be used
686
00:33:51,640 --> 00:33:56,049
along with the - capital o switch to
687
00:33:54,340 --> 00:33:59,820
save the destination file with a
688
00:33:56,049 --> 00:33:59,820
different name on the local machine
689
00:34:01,530 --> 00:34:07,910
w get has many features and can do far
690
00:34:04,290 --> 00:34:07,910
more than simply download files
691
00:34:08,040 --> 00:34:13,170
refer to its documentation for more
692
00:34:10,480 --> 00:34:13,170
information
693
00:34:16,520 --> 00:34:23,600
Curl Curl is a tool used to transfer
694
00:34:20,450 --> 00:34:26,330
data to or from a server using a host of
695
00:34:23,600 --> 00:34:29,090
protocols a penetration tester can use
696
00:34:26,330 --> 00:34:32,780
curl to download or upload files and
697
00:34:29,090 --> 00:34:35,419
build complex requests its most basic
698
00:34:32,780 --> 00:34:38,480
use is very similar to W get but with a
699
00:34:35,419 --> 00:34:40,750
lowercase o to specify the output file
700
00:34:38,480 --> 00:34:40,750
name
701
00:34:41,390 --> 00:34:46,070
curl is incredibly versatile and you'll
702
00:34:43,820 --> 00:34:49,060
find ample documentation and example
703
00:34:46,070 --> 00:34:49,060
usage online
704
00:34:50,600 --> 00:34:57,740
axel axel is a download accelerator that
705
00:34:54,500 --> 00:35:00,530
transfers a file from an FTP or HTTP
706
00:34:57,740 --> 00:35:02,930
server through multiple connections this
707
00:35:00,530 --> 00:35:05,540
tool has a vast array of features but
708
00:35:02,930 --> 00:35:07,250
the most common option is dash n which
709
00:35:05,540 --> 00:35:09,980
is used to specify the number of
710
00:35:07,250 --> 00:35:12,260
multiple connections to use we also like
711
00:35:09,980 --> 00:35:15,950
using the dash a option for a more
712
00:35:12,260 --> 00:35:17,810
concise progress indicator and - o to
713
00:35:15,950 --> 00:35:20,590
specify a different file name for the
714
00:35:17,810 --> 00:35:20,590
downloaded file
715
00:35:21,300 --> 00:35:25,680
axl speeds up downloads extremely well
716
00:35:23,730 --> 00:35:28,280
and is especially useful for large
717
00:35:25,680 --> 00:35:28,280
downloads
718
00:35:33,170 --> 00:35:37,339
customizing the Bosch environment
719
00:35:39,310 --> 00:35:45,190
bash history customization earlier in
720
00:35:43,270 --> 00:35:47,890
this module we discussed environment
721
00:35:45,190 --> 00:35:49,720
variables and the history command we can
722
00:35:47,890 --> 00:35:51,790
use a number of environment variables to
723
00:35:49,720 --> 00:35:55,120
change how the history command operates
724
00:35:51,790 --> 00:35:58,930
and returns data the most common include
725
00:35:55,120 --> 00:36:04,390
his to control hist ignore and hist time
726
00:35:58,930 --> 00:36:06,310
format the hist control variable defines
727
00:36:04,390 --> 00:36:09,040
whether or not to remove duplicate
728
00:36:06,310 --> 00:36:12,640
commands commands that begin with spaces
729
00:36:09,040 --> 00:36:14,800
from the history or both by default both
730
00:36:12,640 --> 00:36:17,440
are removed but you may find it more
731
00:36:14,800 --> 00:36:20,980
useful to only omit duplicate commands
732
00:36:17,440 --> 00:36:23,050
the histogram is particularly useful for
733
00:36:20,980 --> 00:36:27,310
filtering out basic commands that are
734
00:36:23,050 --> 00:36:32,170
run frequently such as LS exit history
735
00:36:27,310 --> 00:36:34,510
BG etc let's run a few commands to see
736
00:36:32,170 --> 00:36:37,170
if history ignores our specified
737
00:36:34,510 --> 00:36:37,170
commands
738
00:36:42,609 --> 00:36:44,670
you
739
00:36:45,880 --> 00:36:52,650
as expected the ls and history commands
740
00:36:49,210 --> 00:36:56,650
do not appear in our command history
741
00:36:52,650 --> 00:36:59,500
lastly hist time format controls date
742
00:36:56,650 --> 00:37:02,280
and/or time stamps in the output of the
743
00:36:59,500 --> 00:37:02,280
history command
744
00:37:03,230 --> 00:37:12,109
in this example we used percent capital
745
00:37:06,290 --> 00:37:17,090
F or year-month-day ISO 8601 format and
746
00:37:12,109 --> 00:37:20,420
percent capital T 24-hour time
747
00:37:17,090 --> 00:37:23,980
other formats can be found in the strf
748
00:37:20,420 --> 00:37:23,980
time man page
749
00:37:30,609 --> 00:37:37,760
alias an alias is a string we can define
750
00:37:34,609 --> 00:37:39,800
that replaces a command name aliases are
751
00:37:37,760 --> 00:37:42,349
useful for replacing commonly used
752
00:37:39,800 --> 00:37:45,740
commands and switches with a shorter
753
00:37:42,349 --> 00:37:48,230
command or alias that we define in other
754
00:37:45,740 --> 00:37:50,750
words an alias is a command that we
755
00:37:48,230 --> 00:37:54,950
define ourselves built from other
756
00:37:50,750 --> 00:37:58,790
commands for example we typically tend
757
00:37:54,950 --> 00:38:02,150
to use LS - la to display results in a
758
00:37:58,790 --> 00:38:03,770
long list including hidden files let's
759
00:38:02,150 --> 00:38:07,310
take a look at how we can use an alias
760
00:38:03,770 --> 00:38:10,820
to replace this command by defining our
761
00:38:07,310 --> 00:38:13,700
own command LS a we can quickly execute
762
00:38:10,820 --> 00:38:17,390
LS - la without having to type any
763
00:38:13,700 --> 00:38:20,240
arguments at all we can see the list of
764
00:38:17,390 --> 00:38:22,960
defined aliases by running alias without
765
00:38:20,240 --> 00:38:22,960
arguments
766
00:38:28,890 --> 00:38:34,900
persistent bash customization the
767
00:38:32,859 --> 00:38:38,170
behavior of interactive shells in bash
768
00:38:34,900 --> 00:38:42,490
is determined by the system-wide bash RC
769
00:38:38,170 --> 00:38:46,660
file located in slash Etsy slash bash
770
00:38:42,490 --> 00:38:48,760
bash RC the system-wide bash settings
771
00:38:46,660 --> 00:38:52,180
can be overridden by editing the dot
772
00:38:48,760 --> 00:38:55,119
bash RC file located in any users home
773
00:38:52,180 --> 00:38:57,970
directory in the previous section we
774
00:38:55,119 --> 00:39:00,099
explored the alias command which sets an
775
00:38:57,970 --> 00:39:02,920
alias for the current terminal session
776
00:39:00,099 --> 00:39:05,710
we can also insert this command into the
777
00:39:02,920 --> 00:39:09,099
dot bash RC file in a user's home
778
00:39:05,710 --> 00:39:11,740
directory to setup persistent alias the
779
00:39:09,099 --> 00:39:14,289
dot bash RC script is executed anytime
780
00:39:11,740 --> 00:39:16,720
that user logs in since this file is a
781
00:39:14,289 --> 00:39:18,970
shell script we can insert any command
782
00:39:16,720 --> 00:39:21,400
that could be executed from the command
783
00:39:18,970 --> 00:39:24,990
prompt let's examine a few lines of our
784
00:39:21,400 --> 00:39:24,990
default bash RC file
785
00:39:25,190 --> 00:39:32,560
you might recognize the hist size and
786
00:39:28,040 --> 00:39:32,560
hist file size environment variables
787
00:39:33,060 --> 00:39:38,070
and the alias command that displays
788
00:39:35,520 --> 00:39:39,780
colored output you will also find some
789
00:39:38,070 --> 00:39:42,500
other aliases in this file there
790
00:39:39,780 --> 00:39:42,500
commented out
791
00:39:47,160 --> 00:39:53,920
wrapping up in this module we took an
792
00:39:51,280 --> 00:39:57,400
introductory look at a few popular linux
793
00:39:53,920 --> 00:40:00,010
command line programs remember to refer
794
00:39:57,400 --> 00:40:05,040
to the kali linux training site for a
795
00:40:00,010 --> 00:40:05,040
refresher or more in-depth discussion
59364
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.