All language subtitles for 3. Command Line Fun

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English Download
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian Download
pl Polish
pt-BR Portuguese (Brazil)
pt-PT Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,280 --> 00:00:07,750 commandline fun in this module we'll 2 00:00:06,070 --> 00:00:09,879 take an introductory look at a few 3 00:00:07,750 --> 00:00:12,550 popular linux command line programs 4 00:00:09,879 --> 00:00:14,950 please refer to the kali linux training 5 00:00:12,550 --> 00:00:17,610 site for a refresher or more in-depth 6 00:00:14,950 --> 00:00:17,610 discussion 7 00:00:18,380 --> 00:00:23,780 the Bosch environment Bosch is a shell 8 00:00:21,470 --> 00:00:25,580 that allows us to run complex commands 9 00:00:23,780 --> 00:00:28,190 and perform different tasks from a 10 00:00:25,580 --> 00:00:30,080 terminal window it incorporates useful 11 00:00:28,190 --> 00:00:32,830 features from both the corn shell and 12 00:00:30,080 --> 00:00:32,830 sea shell 13 00:00:33,130 --> 00:00:38,810 environment variables when opening a 14 00:00:36,620 --> 00:00:41,030 terminal window a new Bosch process 15 00:00:38,810 --> 00:00:44,690 which has its own environment variables 16 00:00:41,030 --> 00:00:46,910 is initialized these variables are a 17 00:00:44,690 --> 00:00:49,309 form of global storage for various 18 00:00:46,910 --> 00:00:51,230 settings inherited by any applications 19 00:00:49,309 --> 00:00:53,540 that are run during that terminal 20 00:00:51,230 --> 00:00:55,580 session one of the most commonly 21 00:00:53,540 --> 00:00:58,400 referenced environment variables is path 22 00:00:55,580 --> 00:01:00,770 which is a colon separated list of 23 00:00:58,400 --> 00:01:02,750 directory paths that Bosch will search 24 00:01:00,770 --> 00:01:05,540 through whenever a command is run 25 00:01:02,750 --> 00:01:07,640 without a full path we can view the 26 00:01:05,540 --> 00:01:10,070 contents of a given environment variable 27 00:01:07,640 --> 00:01:12,619 with the echo command followed by the 28 00:01:10,070 --> 00:01:15,740 dollar sign character and an environment 29 00:01:12,619 --> 00:01:17,509 variable name for example let's examine 30 00:01:15,740 --> 00:01:21,830 the contents of the path environment 31 00:01:17,509 --> 00:01:27,940 variable some other useful environment 32 00:01:21,830 --> 00:01:30,320 variables include user PWD and home 33 00:01:27,940 --> 00:01:33,170 which hold the values of the current 34 00:01:30,320 --> 00:01:35,240 terminal users user name present working 35 00:01:33,170 --> 00:01:38,780 directory and home directory 36 00:01:35,240 --> 00:01:41,060 respectively we can define an 37 00:01:38,780 --> 00:01:44,090 environment variable with the export 38 00:01:41,060 --> 00:01:45,770 command for example if we are scanning a 39 00:01:44,090 --> 00:01:48,649 target and don't want to type in the 40 00:01:45,770 --> 00:01:50,479 system's IP address repeatedly we can 41 00:01:48,649 --> 00:01:54,190 quickly assign it an environment 42 00:01:50,479 --> 00:01:54,190 variable and use that instead 43 00:01:56,479 --> 00:02:01,280 the export command makes the variable 44 00:01:58,820 --> 00:02:05,270 accessible to any subprocesses we might 45 00:02:01,280 --> 00:02:06,740 spawn from our current bash instance 46 00:02:05,270 --> 00:02:09,709 if we set an environment variable 47 00:02:06,740 --> 00:02:12,650 without export it will only be available 48 00:02:09,709 --> 00:02:14,660 in the current shell let's launch 49 00:02:12,650 --> 00:02:17,780 another instance of bash and try to 50 00:02:14,660 --> 00:02:20,030 display the variable again 51 00:02:17,780 --> 00:02:23,150 since we defined our variable without 52 00:02:20,030 --> 00:02:26,380 the export command we can't access it in 53 00:02:23,150 --> 00:02:26,380 the new bash instance 54 00:02:27,790 --> 00:02:32,049 after exiting back to our original bash 55 00:02:29,650 --> 00:02:35,349 session we have access to the variable 56 00:02:32,049 --> 00:02:39,599 again now let's see what happens when we 57 00:02:35,349 --> 00:02:39,599 use export to define a variable 58 00:02:40,330 --> 00:02:45,130 nothing has changed so far but let's see 59 00:02:43,240 --> 00:02:47,820 what happens when we launch a new Bosch 60 00:02:45,130 --> 00:02:47,820 instance 61 00:02:48,870 --> 00:02:54,860 this time we can access the variable 62 00:02:51,900 --> 00:02:54,860 from the new instance 63 00:02:55,830 --> 00:02:59,760 there are many other environment 64 00:02:57,420 --> 00:03:03,390 variables defined by default in kali 65 00:02:59,760 --> 00:03:06,900 linux we can view these by running env 66 00:03:03,390 --> 00:03:09,300 at the command line take some time to 67 00:03:06,900 --> 00:03:12,500 review an experiment with predefined 68 00:03:09,300 --> 00:03:12,500 environment variables 69 00:03:14,569 --> 00:03:20,239 tab-completion the bash shell 70 00:03:17,769 --> 00:03:22,730 autocomplete function allows us to 71 00:03:20,239 --> 00:03:25,489 complete filenames and directory paths 72 00:03:22,730 --> 00:03:28,040 with the tab key this is such a 73 00:03:25,489 --> 00:03:30,970 time-saver that makes other shells which 74 00:03:28,040 --> 00:03:33,439 lack this feature feel clumsy and slow 75 00:03:30,970 --> 00:03:35,540 let's take a look at how this works from 76 00:03:33,439 --> 00:03:37,640 the callee user home directory 77 00:03:35,540 --> 00:03:41,090 we'll start by typing the following 78 00:03:37,640 --> 00:03:44,239 command when we hit the tab key the 79 00:03:41,090 --> 00:03:46,310 first time after D bash suggests that 80 00:03:44,239 --> 00:03:48,439 there are three directories starting 81 00:03:46,310 --> 00:03:51,709 with that letter then presents our 82 00:03:48,439 --> 00:03:54,590 partially completed command for us since 83 00:03:51,709 --> 00:03:57,950 we decide to specify desktop will type e 84 00:03:54,590 --> 00:04:00,019 followed by the tab key again at this 85 00:03:57,950 --> 00:04:02,090 point the bash shell magically Auto 86 00:04:00,019 --> 00:04:04,639 completes the rest of the word desktop 87 00:04:02,090 --> 00:04:08,299 as this is the only choice that starts 88 00:04:04,639 --> 00:04:11,049 with de refer to your lab guide for more 89 00:04:08,299 --> 00:04:11,049 information 90 00:04:12,390 --> 00:04:18,239 bash history tricks when engaged in a 91 00:04:16,109 --> 00:04:19,950 penetration test it's important to keep 92 00:04:18,239 --> 00:04:21,560 a record of commands that have been 93 00:04:19,950 --> 00:04:24,060 entered into the shell 94 00:04:21,560 --> 00:04:26,070 fortunately bash maintains a record of 95 00:04:24,060 --> 00:04:27,360 commands that have been entered which 96 00:04:26,070 --> 00:04:29,199 can be displayed with the history 97 00:04:27,360 --> 00:04:31,870 command 98 00:04:29,199 --> 00:04:33,939 rather than retyping along command from 99 00:04:31,870 --> 00:04:37,389 our history we can make use of the 100 00:04:33,939 --> 00:04:40,029 history expansion facility for example 101 00:04:37,389 --> 00:04:43,060 each entry in our history is preceded by 102 00:04:40,029 --> 00:04:45,189 a line number to rerun a command we 103 00:04:43,060 --> 00:04:48,460 simply type an exclamation mark followed 104 00:04:45,189 --> 00:04:51,159 by the line number in this case we'll re 105 00:04:48,460 --> 00:04:54,580 execute the command clear which is 106 00:04:51,159 --> 00:04:56,800 identified by line number 32 another 107 00:04:54,580 --> 00:04:59,529 helpful history shortcut is the double 108 00:04:56,800 --> 00:05:01,900 exclamation mark which repeats the last 109 00:04:59,529 --> 00:05:04,350 command that was executed during our 110 00:05:01,900 --> 00:05:07,110 terminal session 111 00:05:04,350 --> 00:05:09,630 by default the command history is saved 112 00:05:07,110 --> 00:05:12,470 to the bash history file in the users 113 00:05:09,630 --> 00:05:12,470 home directory 114 00:05:12,520 --> 00:05:20,970 to environment variables control history 115 00:05:14,949 --> 00:05:20,970 size hist size and hist file size 116 00:05:21,030 --> 00:05:25,020 his size controls the number of commands 117 00:05:23,190 --> 00:05:28,350 stored in memory for the current session 118 00:05:25,020 --> 00:05:30,680 and his file size configures how many 119 00:05:28,350 --> 00:05:33,480 commands are kept in the history file 120 00:05:30,680 --> 00:05:35,280 these variables can be edited according 121 00:05:33,480 --> 00:05:38,910 to our needs and saved to the bash 122 00:05:35,280 --> 00:05:41,550 configuration file dot bash RC that we 123 00:05:38,910 --> 00:05:43,500 will explore later one of the simplest 124 00:05:41,550 --> 00:05:45,960 ways to explore the bash history is 125 00:05:43,500 --> 00:05:47,430 right from the command line prompt we 126 00:05:45,960 --> 00:05:49,800 can browse through the history with some 127 00:05:47,430 --> 00:05:52,680 useful keyboard shortcuts with the two 128 00:05:49,800 --> 00:05:55,680 most common being the up arrow and down 129 00:05:52,680 --> 00:05:58,080 arrow the up arrow Scrolls backwards in 130 00:05:55,680 --> 00:06:01,440 history and the down arrow Scrolls 131 00:05:58,080 --> 00:06:04,200 forward last but not least holding down 132 00:06:01,440 --> 00:06:07,350 ctrl and pressing R will invoke the 133 00:06:04,200 --> 00:06:09,870 reverse I search facility if we type a 134 00:06:07,350 --> 00:06:11,640 letter for example C we'll get a match 135 00:06:09,870 --> 00:06:14,790 for the most recent command in our 136 00:06:11,640 --> 00:06:16,410 history that contains the letter C we 137 00:06:14,790 --> 00:06:18,330 can keep trying to narrow down our match 138 00:06:16,410 --> 00:06:21,690 and when we find the desired command 139 00:06:18,330 --> 00:06:23,520 we'll press ENTER to execute it bash has 140 00:06:21,690 --> 00:06:25,860 a number of history features that can 141 00:06:23,520 --> 00:06:28,310 save a great deal of time and repetitive 142 00:06:25,860 --> 00:06:28,310 typing 143 00:06:30,750 --> 00:06:36,540 typing and redirection every program run 144 00:06:34,620 --> 00:06:38,700 from the command line has three data 145 00:06:36,540 --> 00:06:40,830 streams connected to it that serve as 146 00:06:38,700 --> 00:06:43,470 communication channels with the external 147 00:06:40,830 --> 00:06:46,410 environment these streams are defined as 148 00:06:43,470 --> 00:06:49,050 standard input which is data fed into 149 00:06:46,410 --> 00:06:51,750 the program standard output which is 150 00:06:49,050 --> 00:06:54,660 output from the program and defaults to 151 00:06:51,750 --> 00:06:56,880 the terminal and standard error which 152 00:06:54,660 --> 00:07:00,600 contains error messages and are also 153 00:06:56,880 --> 00:07:03,660 displayed by default in the terminal 154 00:07:00,600 --> 00:07:06,220 typing using the pipe operator and 155 00:07:03,660 --> 00:07:09,190 redirection using the left and right 156 00:07:06,220 --> 00:07:11,500 angle bracket operators also known as 157 00:07:09,190 --> 00:07:13,930 Chevron's or greater than and less than 158 00:07:11,500 --> 00:07:17,290 signs connect these streams between 159 00:07:13,930 --> 00:07:21,540 programs and files to accommodate a near 160 00:07:17,290 --> 00:07:21,540 infinite number of possible use cases 161 00:07:23,450 --> 00:07:28,650 redirecting to a new file 162 00:07:26,670 --> 00:07:31,940 in the previous command examples the 163 00:07:28,650 --> 00:07:31,940 output was printed to the screen 164 00:07:31,960 --> 00:07:36,430 this is convenient most of the time but 165 00:07:34,960 --> 00:07:40,000 we can use the right angle bracket 166 00:07:36,430 --> 00:07:41,620 operator to save the output to a file to 167 00:07:40,000 --> 00:07:44,650 keep it for future reference or 168 00:07:41,620 --> 00:07:47,800 manipulation if we redirect the output 169 00:07:44,650 --> 00:07:51,330 to a non-existent file the file will be 170 00:07:47,800 --> 00:07:51,330 created automatically 171 00:07:51,380 --> 00:07:57,570 however if we save the output to a file 172 00:07:54,449 --> 00:08:00,590 that already exists that files content 173 00:07:57,570 --> 00:08:00,590 will be replaced 174 00:08:01,030 --> 00:08:07,530 be very careful with three direction 175 00:08:03,430 --> 00:08:07,530 there is no undo function 176 00:08:08,310 --> 00:08:13,360 redirecting to an existing file to 177 00:08:11,470 --> 00:08:15,819 append additional data to an existing 178 00:08:13,360 --> 00:08:17,949 file as opposed to overwriting the file 179 00:08:15,819 --> 00:08:20,520 use the double right angle bracket 180 00:08:17,949 --> 00:08:20,520 operator 181 00:08:21,250 --> 00:08:26,260 once again be sure to exercise caution 182 00:08:24,250 --> 00:08:29,790 with three directions so you don't 183 00:08:26,260 --> 00:08:29,790 overwrite anything important 184 00:08:31,300 --> 00:08:37,370 redirecting from a file as you may have 185 00:08:35,089 --> 00:08:39,680 guessed we can use the left angle 186 00:08:37,370 --> 00:08:43,519 bracket operator to send data the other 187 00:08:39,680 --> 00:08:46,579 way in this example will redirect the WC 188 00:08:43,519 --> 00:08:49,130 commands standard input with data 189 00:08:46,579 --> 00:08:51,740 originating from the file we generated 190 00:08:49,130 --> 00:08:55,610 in the previous section let's try this 191 00:08:51,740 --> 00:08:56,560 with W cm which counts characters in the 192 00:08:55,610 --> 00:08:59,810 file 193 00:08:56,560 --> 00:09:02,240 note that this effectively connected the 194 00:08:59,810 --> 00:09:06,759 contents of our file to the standard 195 00:09:02,240 --> 00:09:06,759 input of the WC - M command 196 00:09:08,690 --> 00:09:14,940 redirecting standard error according to 197 00:09:12,779 --> 00:09:17,790 the POSIX specification the file 198 00:09:14,940 --> 00:09:20,910 descriptors for standard input standard 199 00:09:17,790 --> 00:09:25,529 output and standard error are defined as 200 00:09:20,910 --> 00:09:27,149 zero one and two respectively these 201 00:09:25,529 --> 00:09:29,070 numbers are important as they can be 202 00:09:27,149 --> 00:09:31,529 used to manipulate the corresponding 203 00:09:29,070 --> 00:09:34,110 data streams from the command line while 204 00:09:31,529 --> 00:09:36,600 executing or joining different commands 205 00:09:34,110 --> 00:09:38,070 together to get a better grasp of how 206 00:09:36,600 --> 00:09:40,860 the file descriptor numbers work 207 00:09:38,070 --> 00:09:43,790 consider this example which redirects 208 00:09:40,860 --> 00:09:43,790 the standard error 209 00:09:46,560 --> 00:09:52,019 note that error dot txt only contains 210 00:09:49,560 --> 00:09:54,779 the error message generated on standard 211 00:09:52,019 --> 00:09:56,699 error we did this by prepending the 212 00:09:54,779 --> 00:09:59,730 stream number to the right angle bracket 213 00:09:56,699 --> 00:10:02,629 operator where two corresponds to 214 00:09:59,730 --> 00:10:02,629 standard error 215 00:10:04,310 --> 00:10:10,579 typing continuing with the example using 216 00:10:07,879 --> 00:10:13,069 the WC command let's have a look at how 217 00:10:10,579 --> 00:10:16,330 to redirect the output from one command 218 00:10:13,069 --> 00:10:19,750 into the input of another 219 00:10:16,330 --> 00:10:21,760 we'll use the pipe character to redirect 220 00:10:19,750 --> 00:10:25,470 the output of the cat command to the 221 00:10:21,760 --> 00:10:25,470 input of the WC command 222 00:10:27,360 --> 00:10:31,949 this concept may seem trivial but piping 223 00:10:30,449 --> 00:10:34,619 together different commands is a 224 00:10:31,949 --> 00:10:36,829 powerful way to manipulate all sorts of 225 00:10:34,619 --> 00:10:36,829 data 226 00:10:41,420 --> 00:10:47,000 text searching and manipulation in this 227 00:10:44,900 --> 00:10:49,250 section we'll gain efficiency with file 228 00:10:47,000 --> 00:10:53,800 and text handling by introducing a few 229 00:10:49,250 --> 00:10:56,030 commands grep said cut and awk 230 00:10:53,800 --> 00:10:57,860 advanced usage of some of these tools 231 00:10:56,030 --> 00:11:01,570 requires a good understanding of how 232 00:10:57,860 --> 00:11:01,570 regular expressions work 233 00:11:02,019 --> 00:11:08,350 grep in a nutshell grep searches text 234 00:11:06,429 --> 00:11:11,259 files for the occurrence of a given 235 00:11:08,350 --> 00:11:13,540 regular expression and outputs any line 236 00:11:11,259 --> 00:11:16,050 containing a match to standard output 237 00:11:13,540 --> 00:11:20,160 which is usually the terminal screen 238 00:11:16,050 --> 00:11:20,160 consider the following example 239 00:11:20,310 --> 00:11:25,950 we listed all the files in the user bin 240 00:11:23,250 --> 00:11:28,770 directory with LS and pipe the output 241 00:11:25,950 --> 00:11:32,340 into the grep command which searches for 242 00:11:28,770 --> 00:11:33,840 any line containing the string zip some 243 00:11:32,340 --> 00:11:36,570 of the most commonly used switches 244 00:11:33,840 --> 00:11:40,410 include - R for recursive searching and 245 00:11:36,570 --> 00:11:42,000 - I to ignore the case of the text refer 246 00:11:40,410 --> 00:11:44,120 to the grep man page for more 247 00:11:42,000 --> 00:11:46,500 information about various options 248 00:11:44,120 --> 00:11:50,690 understanding the grep tool and when to 249 00:11:46,500 --> 00:11:50,690 use it can prove incredibly useful 250 00:11:53,030 --> 00:12:00,890 said said is a powerful stream editor 251 00:11:57,740 --> 00:12:03,500 it's also very complex so we'll only 252 00:12:00,890 --> 00:12:06,440 briefly scratch the surface here at a 253 00:12:03,500 --> 00:12:09,140 high level said performs text editing on 254 00:12:06,440 --> 00:12:13,100 a stream of text either a set of 255 00:12:09,140 --> 00:12:15,610 specific files or standard output let's 256 00:12:13,100 --> 00:12:15,610 look at an example 257 00:12:16,370 --> 00:12:21,680 we created a stream of text using the 258 00:12:18,950 --> 00:12:24,650 echo command and then piped it to said 259 00:12:21,680 --> 00:12:27,800 in order to replace the word hard with 260 00:12:24,650 --> 00:12:29,510 harder note that by default the output 261 00:12:27,800 --> 00:12:31,820 of the entire command has been 262 00:12:29,510 --> 00:12:35,830 automatically redirected to standard 263 00:12:31,820 --> 00:12:35,830 output or the terminal screen 264 00:12:36,250 --> 00:12:43,960 cut the cut command is simple but often 265 00:12:40,810 --> 00:12:46,000 comes in quite handy cut is used to 266 00:12:43,960 --> 00:12:49,360 extract a section of text from a line 267 00:12:46,000 --> 00:12:51,550 and output it to standard output some of 268 00:12:49,360 --> 00:12:54,370 the most commonly used switches include 269 00:12:51,550 --> 00:12:59,230 - F for the field number we are cutting 270 00:12:54,370 --> 00:13:02,800 and - d to define the field delimiter 271 00:12:59,230 --> 00:13:05,380 here we echoed a line of text and piped 272 00:13:02,800 --> 00:13:08,470 it to the cut command to extract the 273 00:13:05,380 --> 00:13:10,990 second field using a comma as a field 274 00:13:08,470 --> 00:13:14,170 delimiter the same command can be used 275 00:13:10,990 --> 00:13:16,540 to cut lines found in text files this 276 00:13:14,170 --> 00:13:19,600 time a list of users is extracted from 277 00:13:16,540 --> 00:13:24,060 Etsy password by using a colon as a 278 00:13:19,600 --> 00:13:24,060 delimiter and retrieving the first field 279 00:13:27,030 --> 00:13:32,910 Ark Ark is a programming language 280 00:13:30,630 --> 00:13:35,310 designed for text processing and is 281 00:13:32,910 --> 00:13:37,460 typically used as a data extraction and 282 00:13:35,310 --> 00:13:40,500 reporting tool it is also extremely 283 00:13:37,460 --> 00:13:42,420 powerful and can be quite complex so 284 00:13:40,500 --> 00:13:45,390 again we will only scratch the surface 285 00:13:42,420 --> 00:13:48,750 here a commonly used switch with awk is 286 00:13:45,390 --> 00:13:51,750 - capital F which is the field separator 287 00:13:48,750 --> 00:13:55,440 and the print command which outputs the 288 00:13:51,750 --> 00:13:57,060 result text here we echoed a line and 289 00:13:55,440 --> 00:14:00,360 piped it to awk 290 00:13:57,060 --> 00:14:03,500 to extract the 1st and 3rd fields using 291 00:14:00,360 --> 00:14:06,120 a double colon as a field separator the 292 00:14:03,500 --> 00:14:09,180 most prominent difference between the 293 00:14:06,120 --> 00:14:11,820 cut and awk examples we used is that cut 294 00:14:09,180 --> 00:14:14,850 can only accept a single character as a 295 00:14:11,820 --> 00:14:17,150 field delimiter while awk is much more 296 00:14:14,850 --> 00:14:19,730 flexible 297 00:14:17,150 --> 00:14:21,830 as a general rule of thumb use a single 298 00:14:19,730 --> 00:14:24,490 op command instead of multiple cut 299 00:14:21,830 --> 00:14:24,490 operations 300 00:14:25,240 --> 00:14:30,100 practical example let's take a look at a 301 00:14:28,360 --> 00:14:32,170 practical example that ties together 302 00:14:30,100 --> 00:14:35,290 many of the commands we've explored so 303 00:14:32,170 --> 00:14:37,899 far we've been given an apache HTTP 304 00:14:35,290 --> 00:14:42,700 server log that contains evidence of an 305 00:14:37,899 --> 00:14:45,670 attack our task is to use bash commands 306 00:14:42,700 --> 00:14:48,220 to inspect the file and discover various 307 00:14:45,670 --> 00:14:51,100 pieces of information such as who the 308 00:14:48,220 --> 00:14:53,640 attackers were and what exactly happened 309 00:14:51,100 --> 00:14:53,640 on the server 310 00:14:53,900 --> 00:15:00,110 first we'll use the head and WC commands 311 00:14:57,620 --> 00:15:04,120 to take a quick peek at the log file in 312 00:15:00,110 --> 00:15:06,970 order to understand its structure 313 00:15:04,120 --> 00:15:10,420 the head command displays the first 10 314 00:15:06,970 --> 00:15:13,360 lines in a file and the WC command along 315 00:15:10,420 --> 00:15:16,149 with the - L option displays a total 316 00:15:13,360 --> 00:15:18,999 number of lines in the file notice that 317 00:15:16,149 --> 00:15:21,819 the log file is text-based and contains 318 00:15:18,999 --> 00:15:26,980 different space delimited fields like IP 319 00:15:21,819 --> 00:15:29,499 address timestamp HTTP request etc this 320 00:15:26,980 --> 00:15:31,689 is a perfectly grep friendly file and 321 00:15:29,499 --> 00:15:33,900 will work well for all the tools we've 322 00:15:31,689 --> 00:15:35,970 covered so far 323 00:15:33,900 --> 00:15:38,970 we'll begin by searching through the 324 00:15:35,970 --> 00:15:41,310 HTTP requests made to the server for all 325 00:15:38,970 --> 00:15:44,610 the IP addresses recorded in this log 326 00:15:41,310 --> 00:15:47,190 file to do this we'll cap the log file 327 00:15:44,610 --> 00:15:50,430 and pipe the output into the cut and 328 00:15:47,190 --> 00:15:52,529 sort commands this might give us a clue 329 00:15:50,430 --> 00:15:55,620 about the number of potential attackers 330 00:15:52,529 --> 00:15:58,050 were dealing with here we see that less 331 00:15:55,620 --> 00:16:00,330 than 10 I P addresses were recorded in 332 00:15:58,050 --> 00:16:03,589 the log file although this still doesn't 333 00:16:00,330 --> 00:16:06,900 tell us anything about the attackers 334 00:16:03,589 --> 00:16:09,900 next we'll use unique and sort to show 335 00:16:06,900 --> 00:16:12,480 unique lines further refine our output 336 00:16:09,900 --> 00:16:16,620 and sort the data by the number of times 337 00:16:12,480 --> 00:16:19,560 each IP address access the server the - 338 00:16:16,620 --> 00:16:21,180 C option of unique will prefix the 339 00:16:19,560 --> 00:16:25,650 output line with the number of 340 00:16:21,180 --> 00:16:27,930 occurrences a few IP addresses stand out 341 00:16:25,650 --> 00:16:32,150 but we'll focus on the address that has 342 00:16:27,930 --> 00:16:32,150 the highest access frequency first 343 00:16:32,620 --> 00:16:37,600 to filter out the suspicious IP address 344 00:16:35,140 --> 00:16:40,570 and display and count the resources that 345 00:16:37,600 --> 00:16:44,040 were being requested by that IP we can 346 00:16:40,570 --> 00:16:44,040 use the following sequence 347 00:16:45,120 --> 00:16:49,500 from this output it seems that the IP 348 00:16:47,310 --> 00:16:53,460 address was accessing the admin 349 00:16:49,500 --> 00:16:55,790 directory exclusively let's inspect this 350 00:16:53,460 --> 00:16:55,790 further 351 00:16:58,540 --> 00:17:03,820 apparently the suspicious IP has been 352 00:17:01,000 --> 00:17:06,970 involved in an HTTP brute-force attempt 353 00:17:03,820 --> 00:17:10,510 against the web server we can verify 354 00:17:06,970 --> 00:17:13,390 this with greps - V flag to reverse the 355 00:17:10,510 --> 00:17:16,480 search and only show lines that do not 356 00:17:13,390 --> 00:17:19,890 contain the word admin as we can see our 357 00:17:16,480 --> 00:17:22,360 log files contain no such entry 358 00:17:19,890 --> 00:17:24,430 furthermore after about a thousand 359 00:17:22,360 --> 00:17:27,580 attempts it seems like the brute-force 360 00:17:24,430 --> 00:17:32,170 attempt succeeded as indicated by the 361 00:17:27,580 --> 00:17:33,970 HTTP 200 message this is a good example 362 00:17:32,170 --> 00:17:37,110 that ties together many of the basic 363 00:17:33,970 --> 00:17:37,110 commands we've explored 364 00:17:40,870 --> 00:17:46,330 editing files from the command-line next 365 00:17:44,170 --> 00:17:48,820 let's take a look at file editing in a 366 00:17:46,330 --> 00:17:50,559 command shell environment this is an 367 00:17:48,820 --> 00:17:52,780 extremely important linux skill 368 00:17:50,559 --> 00:17:55,570 especially if you happen to get access 369 00:17:52,780 --> 00:17:58,000 to a unix-like OS during a penetration 370 00:17:55,570 --> 00:18:00,580 test although there are text editors 371 00:17:58,000 --> 00:18:02,320 like G edit and leafpad that might be 372 00:18:00,580 --> 00:18:05,260 more visually appealing due to their 373 00:18:02,320 --> 00:18:07,750 graphic user interface we will focus on 374 00:18:05,260 --> 00:18:10,650 text-based terminal editors which 375 00:18:07,750 --> 00:18:13,000 emphasize both speed and versatility 376 00:18:10,650 --> 00:18:15,010 everyone seems to have a preference when 377 00:18:13,000 --> 00:18:17,500 it comes to text editors but we will 378 00:18:15,010 --> 00:18:21,660 cover basic usage for the two most 379 00:18:17,500 --> 00:18:21,660 common options Nano and VI 380 00:18:22,230 --> 00:18:29,560 nano nano is one of the simplest to use 381 00:18:25,840 --> 00:18:32,770 text editors to open a file and begin 382 00:18:29,560 --> 00:18:36,250 editing simply run nano passing a file 383 00:18:32,770 --> 00:18:38,380 name as an optional argument once the 384 00:18:36,250 --> 00:18:40,780 file is opened we can immediately start 385 00:18:38,380 --> 00:18:42,900 making any required changes to the file 386 00:18:40,780 --> 00:18:45,940 just as we would in a graphical editor 387 00:18:42,900 --> 00:18:48,100 the Nano command menu is located at the 388 00:18:45,940 --> 00:18:51,130 bottom of the screen some of the most 389 00:18:48,100 --> 00:18:55,510 used commands to memorize include ctrl o 390 00:18:51,130 --> 00:18:58,720 to write changes to the file ctrl K to 391 00:18:55,510 --> 00:19:01,450 cut the current line and control you to 392 00:18:58,720 --> 00:19:05,680 uncut a line and paste it at the cursor 393 00:19:01,450 --> 00:19:10,000 location ctrl W is used to search within 394 00:19:05,680 --> 00:19:12,450 the file and finally ctrl X is used to 395 00:19:10,000 --> 00:19:12,450 exit 396 00:19:13,360 --> 00:19:19,920 for additional information regarding 397 00:19:15,220 --> 00:19:19,920 nano refer to its online documentation 398 00:19:20,400 --> 00:19:27,180 VI VI is an extremely powerful text 399 00:19:24,900 --> 00:19:29,460 editor capable of blazing speed 400 00:19:27,180 --> 00:19:32,310 especially when it comes to automating 401 00:19:29,460 --> 00:19:34,740 repetitive tasks however it has a 402 00:19:32,310 --> 00:19:37,250 relatively steep learning curve and is 403 00:19:34,740 --> 00:19:40,500 nowhere near as simple to use as nano 404 00:19:37,250 --> 00:19:43,710 due to its complexity we will only cover 405 00:19:40,500 --> 00:19:46,470 the very basics here as with nano to 406 00:19:43,710 --> 00:19:48,780 edit a file simply pass its name as an 407 00:19:46,470 --> 00:19:51,990 argument to VI 408 00:19:48,780 --> 00:19:54,930 once the file is opened enable insert 409 00:19:51,990 --> 00:19:59,550 text mode to begin typing to do this 410 00:19:54,930 --> 00:20:02,130 press the i key and start typing away to 411 00:19:59,550 --> 00:20:05,400 disable insert text mode and go back to 412 00:20:02,130 --> 00:20:08,790 command mode press the Escape key while 413 00:20:05,400 --> 00:20:12,090 in command mode use DD to delete the 414 00:20:08,790 --> 00:20:15,330 current line press YY to copy the 415 00:20:12,090 --> 00:20:17,970 current line and press P to paste the 416 00:20:15,330 --> 00:20:20,610 clipboard contents to delete the current 417 00:20:17,970 --> 00:20:24,660 character under the cursor press the X 418 00:20:20,610 --> 00:20:30,620 key to write the current file to disk 419 00:20:24,660 --> 00:20:30,620 and remain in V I type : w 420 00:20:30,909 --> 00:20:36,429 type : Q followed by an exclamation mark 421 00:20:33,909 --> 00:20:39,519 to quit without writing the file to the 422 00:20:36,429 --> 00:20:46,440 disk to quickly save the file and quit 423 00:20:39,519 --> 00:20:46,440 VI enter : WQ exclamation point 424 00:20:47,490 --> 00:20:53,580 because VI seemed so awkward to use many 425 00:20:50,880 --> 00:20:56,309 users avoid it however from a 426 00:20:53,580 --> 00:20:58,500 penetration testers point of view VI can 427 00:20:56,309 --> 00:21:00,809 save a great deal of time in the hands 428 00:20:58,500 --> 00:21:05,270 of an experienced user and is installed 429 00:21:00,809 --> 00:21:05,270 on every POSIX compliant system 430 00:21:05,930 --> 00:21:12,600 comparing files file comparison may seem 431 00:21:10,170 --> 00:21:16,260 irrelevant but system administrators 432 00:21:12,600 --> 00:21:18,630 network engineers penetration testers IT 433 00:21:16,260 --> 00:21:21,540 support technicians and many other 434 00:21:18,630 --> 00:21:24,540 technically oriented professionals rely 435 00:21:21,540 --> 00:21:26,940 on this skill fairly often in this 436 00:21:24,540 --> 00:21:29,520 section we'll take a look at a couple of 437 00:21:26,940 --> 00:21:32,400 tools that can help streamline the often 438 00:21:29,520 --> 00:21:34,850 tedious but rewarding process of file 439 00:21:32,400 --> 00:21:34,850 comparison 440 00:21:35,100 --> 00:21:41,429 calm the calm command compares to text 441 00:21:39,299 --> 00:21:44,039 files displaying the lines that are 442 00:21:41,429 --> 00:21:46,850 unique to each one as well as the lines 443 00:21:44,039 --> 00:21:46,850 they have in common 444 00:21:51,150 --> 00:21:58,470 in the first example comm display the 445 00:21:53,880 --> 00:22:02,309 unique lines in scan - a text the unique 446 00:21:58,470 --> 00:22:04,650 lines in scan - B dot text and the Lions 447 00:22:02,309 --> 00:22:08,670 found in both files respectively 448 00:22:04,650 --> 00:22:11,400 comm outputs three space offset columns 449 00:22:08,670 --> 00:22:14,970 the first contains lines that are unique 450 00:22:11,400 --> 00:22:16,920 to the first file or argument the second 451 00:22:14,970 --> 00:22:19,650 contains lines that are unique to the 452 00:22:16,920 --> 00:22:21,840 second file or argument and the third 453 00:22:19,650 --> 00:22:24,120 column contains lines that are shared by 454 00:22:21,840 --> 00:22:28,529 both files 455 00:22:24,120 --> 00:22:31,710 the - n switch where n is either 1 2 or 456 00:22:28,529 --> 00:22:34,590 3 can be used to suppress one or more 457 00:22:31,710 --> 00:22:37,340 columns depending on the need let's take 458 00:22:34,590 --> 00:22:37,340 a look at an example 459 00:22:37,630 --> 00:22:43,059 this time come displayed only the lines 460 00:22:40,600 --> 00:22:46,740 that were found in both files since we 461 00:22:43,059 --> 00:22:46,740 suppress columns 1 & 2 462 00:22:48,540 --> 00:22:54,870 diff the diff command is used to detect 463 00:22:52,170 --> 00:22:58,020 differences between files similar to the 464 00:22:54,870 --> 00:23:01,170 comm command however diff is much more 465 00:22:58,020 --> 00:23:04,230 complex and supports many output formats 466 00:23:01,170 --> 00:23:06,840 two of the most popular formats include 467 00:23:04,230 --> 00:23:10,170 the context format and the unified 468 00:23:06,840 --> 00:23:14,190 format display results in context format 469 00:23:10,170 --> 00:23:16,710 use the - see option this output uses 470 00:23:14,190 --> 00:23:19,440 the - indicator to show that the line 471 00:23:16,710 --> 00:23:22,740 appears in the first file but not in the 472 00:23:19,440 --> 00:23:24,630 second conversely the + indicator shows 473 00:23:22,740 --> 00:23:28,200 that the line appears in the second file 474 00:23:24,630 --> 00:23:31,820 but not in the first now let's see what 475 00:23:28,200 --> 00:23:31,820 the unified format returns 476 00:23:33,410 --> 00:23:37,610 the most notable difference between 477 00:23:35,240 --> 00:23:40,190 these formats is that the unified format 478 00:23:37,610 --> 00:23:43,100 does not show lines that match between 479 00:23:40,190 --> 00:23:45,169 files making the results shorter the 480 00:23:43,100 --> 00:23:48,549 indicators however have identical 481 00:23:45,169 --> 00:23:48,549 meaning in both formats 482 00:23:51,940 --> 00:24:00,820 vim diff vim diff opens vim an extended 483 00:23:57,280 --> 00:24:03,400 version of VI with multiple files one in 484 00:24:00,820 --> 00:24:05,230 each window the differences between the 485 00:24:03,400 --> 00:24:07,630 files are highlighted which makes it 486 00:24:05,230 --> 00:24:09,450 easier to visually inspect them there 487 00:24:07,630 --> 00:24:13,120 are a few shortcuts that might be useful 488 00:24:09,450 --> 00:24:15,670 for example pressing ctrl W followed by 489 00:24:13,120 --> 00:24:18,760 an arrow key allows us to switch between 490 00:24:15,670 --> 00:24:21,190 windows pressing the right bracket and 491 00:24:18,760 --> 00:24:24,940 the letter C will jump to the next 492 00:24:21,190 --> 00:24:27,370 change in the diff and the left bracket 493 00:24:24,940 --> 00:24:30,640 followed by the letter C will jump to 494 00:24:27,370 --> 00:24:32,740 the previous change the do key 495 00:24:30,640 --> 00:24:34,810 combination will get a change from the 496 00:24:32,740 --> 00:24:37,110 other window and put it in the current 497 00:24:34,810 --> 00:24:37,110 one 498 00:24:39,590 --> 00:24:44,900 combination we'll put the change from 499 00:24:41,600 --> 00:24:47,720 the current window into the other one to 500 00:24:44,900 --> 00:24:50,020 quit vim diff use the same shortcuts as 501 00:24:47,720 --> 00:24:50,020 VI 502 00:24:56,980 --> 00:25:03,050 managing processes the Linux kernel 503 00:25:00,710 --> 00:25:05,630 manages multitasking through the use of 504 00:25:03,050 --> 00:25:07,910 processes the kernel maintains 505 00:25:05,630 --> 00:25:10,790 information about each process to help 506 00:25:07,910 --> 00:25:14,980 keep things organized and each process 507 00:25:10,790 --> 00:25:17,990 is assigned a number called a process ID 508 00:25:14,980 --> 00:25:20,840 the Linux shell also introduces the 509 00:25:17,990 --> 00:25:23,480 concept of jobs to ease our workflow 510 00:25:20,840 --> 00:25:26,059 during a terminal session for example 511 00:25:23,480 --> 00:25:29,410 this is a pipeline of two processes 512 00:25:26,059 --> 00:25:32,270 which the shell considers a single job 513 00:25:29,410 --> 00:25:34,820 job control refers to the ability to 514 00:25:32,270 --> 00:25:37,309 selectively suspend the execution of 515 00:25:34,820 --> 00:25:39,270 jobs and resume their execution at a 516 00:25:37,309 --> 00:25:41,250 later time 517 00:25:39,270 --> 00:25:43,050 we can achieve this with the help of 518 00:25:41,250 --> 00:25:45,530 specific commands which will soon 519 00:25:43,050 --> 00:25:45,530 explore 520 00:25:45,940 --> 00:25:52,700 background is the previous jobs in this 521 00:25:50,960 --> 00:25:55,280 module have been run in the foreground 522 00:25:52,700 --> 00:25:57,650 which means the terminal is occupied and 523 00:25:55,280 --> 00:26:00,440 no other commands can be executed until 524 00:25:57,650 --> 00:26:02,030 the current one finishes since most of 525 00:26:00,440 --> 00:26:04,760 our examples have been short and sweet 526 00:26:02,030 --> 00:26:06,950 this hasn't caused a problem we will 527 00:26:04,760 --> 00:26:09,590 however be running longer and more 528 00:26:06,950 --> 00:26:11,930 complex commands in later modules which 529 00:26:09,590 --> 00:26:14,060 we can send to the background in order 530 00:26:11,930 --> 00:26:17,210 to regain control of the terminal and 531 00:26:14,060 --> 00:26:19,580 execute additional commands the quickest 532 00:26:17,210 --> 00:26:21,680 way to background a process is to append 533 00:26:19,580 --> 00:26:24,260 an ampersand to the end of the command 534 00:26:21,680 --> 00:26:26,660 to send it to the background immediately 535 00:26:24,260 --> 00:26:30,050 after it starts let's try a brief 536 00:26:26,660 --> 00:26:32,630 example we'll send 400 ICMP echo 537 00:26:30,050 --> 00:26:35,060 requests to the local interface with the 538 00:26:32,630 --> 00:26:38,510 ping command and write the results to a 539 00:26:35,060 --> 00:26:39,230 file the execution automatically runs in 540 00:26:38,510 --> 00:26:41,330 the background 541 00:26:39,230 --> 00:26:43,700 leaving the shell free for additional 542 00:26:41,330 --> 00:26:45,290 operations but what would have happened 543 00:26:43,700 --> 00:26:48,680 if we had forgotten to append the 544 00:26:45,290 --> 00:26:50,870 ampersand at the end of the command this 545 00:26:48,680 --> 00:26:52,730 command will run in the foreground and 546 00:26:50,870 --> 00:26:55,340 we are forced to either cancel the 547 00:26:52,730 --> 00:26:57,470 command with control C or wait until the 548 00:26:55,340 --> 00:27:00,050 command finishes to regain control of 549 00:26:57,470 --> 00:27:02,510 the terminal the other option is to 550 00:27:00,050 --> 00:27:05,300 suspend the job using control Z after 551 00:27:02,510 --> 00:27:07,580 it's already started once a job has been 552 00:27:05,300 --> 00:27:11,090 suspended we can resume it in the 553 00:27:07,580 --> 00:27:12,740 background using the BG command the job 554 00:27:11,090 --> 00:27:14,690 is now running in the background and we 555 00:27:12,740 --> 00:27:16,419 can continue using the terminal as we 556 00:27:14,690 --> 00:27:19,149 wish 557 00:27:16,419 --> 00:27:21,789 while doing this keep in mind that some 558 00:27:19,149 --> 00:27:24,820 processes are time sensitive and may 559 00:27:21,789 --> 00:27:27,309 give incorrect results if left suspended 560 00:27:24,820 --> 00:27:30,909 for too long for instance in the ping 561 00:27:27,309 --> 00:27:32,889 example the echo reply may come back but 562 00:27:30,909 --> 00:27:35,590 if the process is suspended when the 563 00:27:32,889 --> 00:27:38,289 packet comes in the process may miss it 564 00:27:35,590 --> 00:27:39,759 leading to incorrect output always 565 00:27:38,289 --> 00:27:42,009 consider the context of what the 566 00:27:39,759 --> 00:27:45,389 commands you are running are doing when 567 00:27:42,009 --> 00:27:45,389 engaging in job control 568 00:27:46,250 --> 00:27:53,690 control jobs and FG to quickly check on 569 00:27:50,810 --> 00:27:55,550 the status of our ICMP echo requests we 570 00:27:53,690 --> 00:27:59,240 need to make use of two additional 571 00:27:55,550 --> 00:28:02,180 commands jobs and FG let's begin by 572 00:27:59,240 --> 00:28:04,810 starting and suspending to long-running 573 00:28:02,180 --> 00:28:04,810 commands 574 00:28:10,340 --> 00:28:12,400 you 575 00:28:12,890 --> 00:28:18,470 the built-in jobs utility lists the jobs 576 00:28:16,490 --> 00:28:21,679 that are running in the current terminal 577 00:28:18,470 --> 00:28:25,340 session running the F G command followed 578 00:28:21,679 --> 00:28:28,220 by a % and job number returns a job to 579 00:28:25,340 --> 00:28:30,679 the foreground will use control-c to 580 00:28:28,220 --> 00:28:33,220 terminate this ping process and run jobs 581 00:28:30,679 --> 00:28:33,220 again 582 00:28:33,840 --> 00:28:39,060 with only one job running we can run FG 583 00:28:37,170 --> 00:28:42,080 without any additional arguments to 584 00:28:39,060 --> 00:28:42,080 return it to the foreground 585 00:28:42,760 --> 00:28:50,679 specific jobs can also be referenced by 586 00:28:45,409 --> 00:28:50,679 their process ID number or command name 587 00:28:56,239 --> 00:29:02,549 process control PS and kill one of the 588 00:29:00,899 --> 00:29:04,919 most useful commands for monitoring 589 00:29:02,549 --> 00:29:07,979 processes on almost any unix-like 590 00:29:04,919 --> 00:29:09,889 operating system is PS which is short 591 00:29:07,979 --> 00:29:13,289 for process status 592 00:29:09,889 --> 00:29:16,259 unlike the jobs command PS lists 593 00:29:13,289 --> 00:29:18,629 processes system-wide not only for the 594 00:29:16,259 --> 00:29:20,700 current terminal session PS is 595 00:29:18,629 --> 00:29:23,549 considered a standard on unix-like os's 596 00:29:20,700 --> 00:29:26,549 and its name is so well recognized that 597 00:29:23,549 --> 00:29:28,979 even on windows powershell PS is a 598 00:29:26,549 --> 00:29:31,619 predefined command alias for the get 599 00:29:28,979 --> 00:29:34,310 process command --let which essentially 600 00:29:31,619 --> 00:29:37,010 serves the same purpose 601 00:29:34,310 --> 00:29:38,900 as a penetration tester one of the first 602 00:29:37,010 --> 00:29:41,420 things to check after obtaining remote 603 00:29:38,900 --> 00:29:43,280 access to a system is the software 604 00:29:41,420 --> 00:29:46,190 currently running on the compromised 605 00:29:43,280 --> 00:29:48,200 machine this could provide clues to help 606 00:29:46,190 --> 00:29:50,270 elevate our privileges or collect 607 00:29:48,200 --> 00:29:52,580 additional information in order to 608 00:29:50,270 --> 00:29:55,850 acquire further access into the network 609 00:29:52,580 --> 00:29:58,750 as an example let's start the leafpad 610 00:29:55,850 --> 00:29:58,750 text editor 611 00:30:02,490 --> 00:30:07,740 now let's try to find the leafpad 612 00:30:05,190 --> 00:30:09,270 process ID from the command line using 613 00:30:07,740 --> 00:30:13,020 the PS command 614 00:30:09,270 --> 00:30:16,590 we'll run PS with the - EF options where 615 00:30:13,020 --> 00:30:20,790 e selects all processes and F displays a 616 00:30:16,590 --> 00:30:22,830 full format listing finding our leafpad 617 00:30:20,790 --> 00:30:25,230 application that massive listing is 618 00:30:22,830 --> 00:30:27,660 definitely not easy but since we know 619 00:30:25,230 --> 00:30:30,060 the application name were looking for we 620 00:30:27,660 --> 00:30:33,270 can replace the - e switch with - 621 00:30:30,060 --> 00:30:37,350 capital C and specify the command name 622 00:30:33,270 --> 00:30:39,300 which is leafpad in our case the process 623 00:30:37,350 --> 00:30:43,530 search has returned a single result 624 00:30:39,300 --> 00:30:46,020 which contains leaf pads process ID take 625 00:30:43,530 --> 00:30:48,120 some time to explore the PS manual as it 626 00:30:46,020 --> 00:30:51,060 really is the Swiss Army knife of 627 00:30:48,120 --> 00:30:53,040 process management let's say we now want 628 00:30:51,060 --> 00:30:55,320 to stop the leaf pad process without 629 00:30:53,040 --> 00:30:58,050 interacting with the GUI the kill 630 00:30:55,320 --> 00:31:00,180 command can help us here as its purpose 631 00:30:58,050 --> 00:31:02,880 is to send a specific signal to a 632 00:31:00,180 --> 00:31:05,130 process the kill command requires the 633 00:31:02,880 --> 00:31:07,650 PID of the process we want to send the 634 00:31:05,130 --> 00:31:10,520 signal to since we've already gathered 635 00:31:07,650 --> 00:31:13,620 leaf pads process ID we can proceed 636 00:31:10,520 --> 00:31:17,220 because the default signal for kill is 637 00:31:13,620 --> 00:31:19,950 sig term or request termination our 638 00:31:17,220 --> 00:31:22,440 application has been terminated we can 639 00:31:19,950 --> 00:31:24,740 verify this with PS after killing leaf 640 00:31:22,440 --> 00:31:24,740 pad 641 00:31:30,149 --> 00:31:35,099 file and command monitoring it's 642 00:31:33,599 --> 00:31:37,799 extremely valuable to know how to 643 00:31:35,099 --> 00:31:39,749 monitor files and commands in real time 644 00:31:37,799 --> 00:31:41,879 during the course of a penetration test 645 00:31:39,749 --> 00:31:45,830 two commands that help with this task 646 00:31:41,879 --> 00:31:48,100 include tail and watch 647 00:31:45,830 --> 00:31:50,169 tail 648 00:31:48,100 --> 00:31:52,299 most common use of tail is to monitor 649 00:31:50,169 --> 00:31:54,600 log file entries as they are being 650 00:31:52,299 --> 00:31:54,600 written 651 00:31:54,690 --> 00:31:59,489 for example we may want to monitor the 652 00:31:57,179 --> 00:32:02,009 Apache logs to see if a web server is 653 00:31:59,489 --> 00:32:04,349 being contacted by a given client we are 654 00:32:02,009 --> 00:32:07,649 attempting to attack with a client-side 655 00:32:04,349 --> 00:32:10,320 exploit the dash F option is very useful 656 00:32:07,649 --> 00:32:13,229 it continuously updates the output as 657 00:32:10,320 --> 00:32:15,119 the target file grows since our local 658 00:32:13,229 --> 00:32:17,070 Apache web server is already running 659 00:32:15,119 --> 00:32:19,700 will visit the default page using 660 00:32:17,070 --> 00:32:19,700 Firefox 661 00:32:22,890 --> 00:32:29,750 if we go back to our terminal we should 662 00:32:25,530 --> 00:32:29,750 see the requests made in the log file 663 00:32:33,850 --> 00:32:40,630 another convenience which is - NX which 664 00:32:38,260 --> 00:32:44,740 outputs the last X number of lines 665 00:32:40,630 --> 00:32:46,600 instead of the default value of 10 tail 666 00:32:44,740 --> 00:32:50,040 has a number of other useful options 667 00:32:46,600 --> 00:32:50,040 outlined in its mane page 668 00:32:52,400 --> 00:32:59,510 watch the watch command is used to run a 669 00:32:56,750 --> 00:33:03,080 designated command at regular intervals 670 00:32:59,510 --> 00:33:05,330 by default it runs every two seconds but 671 00:33:03,080 --> 00:33:08,360 we can specify a different interval by 672 00:33:05,330 --> 00:33:10,240 using the dash NX option to have it run 673 00:33:08,360 --> 00:33:12,980 every X number of seconds 674 00:33:10,240 --> 00:33:16,310 for example this command will list 675 00:33:12,980 --> 00:33:20,270 logged in users output from the W 676 00:33:16,310 --> 00:33:22,130 command once every 5 seconds to 677 00:33:20,270 --> 00:33:24,020 terminate the watch command and return 678 00:33:22,130 --> 00:33:26,650 to the interactive terminal use 679 00:33:24,020 --> 00:33:26,650 control-c 680 00:33:30,780 --> 00:33:36,420 downloading files next let's take a look 681 00:33:34,290 --> 00:33:39,960 at some tools that can download files to 682 00:33:36,420 --> 00:33:43,870 a Linux system from the command line 683 00:33:39,960 --> 00:33:46,539 w get the W get command which we use 684 00:33:43,870 --> 00:33:51,640 extensively downloads files using the 685 00:33:46,539 --> 00:33:54,340 HTTP and FTP protocols W get can be used 686 00:33:51,640 --> 00:33:56,049 along with the - capital o switch to 687 00:33:54,340 --> 00:33:59,820 save the destination file with a 688 00:33:56,049 --> 00:33:59,820 different name on the local machine 689 00:34:01,530 --> 00:34:07,910 w get has many features and can do far 690 00:34:04,290 --> 00:34:07,910 more than simply download files 691 00:34:08,040 --> 00:34:13,170 refer to its documentation for more 692 00:34:10,480 --> 00:34:13,170 information 693 00:34:16,520 --> 00:34:23,600 Curl Curl is a tool used to transfer 694 00:34:20,450 --> 00:34:26,330 data to or from a server using a host of 695 00:34:23,600 --> 00:34:29,090 protocols a penetration tester can use 696 00:34:26,330 --> 00:34:32,780 curl to download or upload files and 697 00:34:29,090 --> 00:34:35,419 build complex requests its most basic 698 00:34:32,780 --> 00:34:38,480 use is very similar to W get but with a 699 00:34:35,419 --> 00:34:40,750 lowercase o to specify the output file 700 00:34:38,480 --> 00:34:40,750 name 701 00:34:41,390 --> 00:34:46,070 curl is incredibly versatile and you'll 702 00:34:43,820 --> 00:34:49,060 find ample documentation and example 703 00:34:46,070 --> 00:34:49,060 usage online 704 00:34:50,600 --> 00:34:57,740 axel axel is a download accelerator that 705 00:34:54,500 --> 00:35:00,530 transfers a file from an FTP or HTTP 706 00:34:57,740 --> 00:35:02,930 server through multiple connections this 707 00:35:00,530 --> 00:35:05,540 tool has a vast array of features but 708 00:35:02,930 --> 00:35:07,250 the most common option is dash n which 709 00:35:05,540 --> 00:35:09,980 is used to specify the number of 710 00:35:07,250 --> 00:35:12,260 multiple connections to use we also like 711 00:35:09,980 --> 00:35:15,950 using the dash a option for a more 712 00:35:12,260 --> 00:35:17,810 concise progress indicator and - o to 713 00:35:15,950 --> 00:35:20,590 specify a different file name for the 714 00:35:17,810 --> 00:35:20,590 downloaded file 715 00:35:21,300 --> 00:35:25,680 axl speeds up downloads extremely well 716 00:35:23,730 --> 00:35:28,280 and is especially useful for large 717 00:35:25,680 --> 00:35:28,280 downloads 718 00:35:33,170 --> 00:35:37,339 customizing the Bosch environment 719 00:35:39,310 --> 00:35:45,190 bash history customization earlier in 720 00:35:43,270 --> 00:35:47,890 this module we discussed environment 721 00:35:45,190 --> 00:35:49,720 variables and the history command we can 722 00:35:47,890 --> 00:35:51,790 use a number of environment variables to 723 00:35:49,720 --> 00:35:55,120 change how the history command operates 724 00:35:51,790 --> 00:35:58,930 and returns data the most common include 725 00:35:55,120 --> 00:36:04,390 his to control hist ignore and hist time 726 00:35:58,930 --> 00:36:06,310 format the hist control variable defines 727 00:36:04,390 --> 00:36:09,040 whether or not to remove duplicate 728 00:36:06,310 --> 00:36:12,640 commands commands that begin with spaces 729 00:36:09,040 --> 00:36:14,800 from the history or both by default both 730 00:36:12,640 --> 00:36:17,440 are removed but you may find it more 731 00:36:14,800 --> 00:36:20,980 useful to only omit duplicate commands 732 00:36:17,440 --> 00:36:23,050 the histogram is particularly useful for 733 00:36:20,980 --> 00:36:27,310 filtering out basic commands that are 734 00:36:23,050 --> 00:36:32,170 run frequently such as LS exit history 735 00:36:27,310 --> 00:36:34,510 BG etc let's run a few commands to see 736 00:36:32,170 --> 00:36:37,170 if history ignores our specified 737 00:36:34,510 --> 00:36:37,170 commands 738 00:36:42,609 --> 00:36:44,670 you 739 00:36:45,880 --> 00:36:52,650 as expected the ls and history commands 740 00:36:49,210 --> 00:36:56,650 do not appear in our command history 741 00:36:52,650 --> 00:36:59,500 lastly hist time format controls date 742 00:36:56,650 --> 00:37:02,280 and/or time stamps in the output of the 743 00:36:59,500 --> 00:37:02,280 history command 744 00:37:03,230 --> 00:37:12,109 in this example we used percent capital 745 00:37:06,290 --> 00:37:17,090 F or year-month-day ISO 8601 format and 746 00:37:12,109 --> 00:37:20,420 percent capital T 24-hour time 747 00:37:17,090 --> 00:37:23,980 other formats can be found in the strf 748 00:37:20,420 --> 00:37:23,980 time man page 749 00:37:30,609 --> 00:37:37,760 alias an alias is a string we can define 750 00:37:34,609 --> 00:37:39,800 that replaces a command name aliases are 751 00:37:37,760 --> 00:37:42,349 useful for replacing commonly used 752 00:37:39,800 --> 00:37:45,740 commands and switches with a shorter 753 00:37:42,349 --> 00:37:48,230 command or alias that we define in other 754 00:37:45,740 --> 00:37:50,750 words an alias is a command that we 755 00:37:48,230 --> 00:37:54,950 define ourselves built from other 756 00:37:50,750 --> 00:37:58,790 commands for example we typically tend 757 00:37:54,950 --> 00:38:02,150 to use LS - la to display results in a 758 00:37:58,790 --> 00:38:03,770 long list including hidden files let's 759 00:38:02,150 --> 00:38:07,310 take a look at how we can use an alias 760 00:38:03,770 --> 00:38:10,820 to replace this command by defining our 761 00:38:07,310 --> 00:38:13,700 own command LS a we can quickly execute 762 00:38:10,820 --> 00:38:17,390 LS - la without having to type any 763 00:38:13,700 --> 00:38:20,240 arguments at all we can see the list of 764 00:38:17,390 --> 00:38:22,960 defined aliases by running alias without 765 00:38:20,240 --> 00:38:22,960 arguments 766 00:38:28,890 --> 00:38:34,900 persistent bash customization the 767 00:38:32,859 --> 00:38:38,170 behavior of interactive shells in bash 768 00:38:34,900 --> 00:38:42,490 is determined by the system-wide bash RC 769 00:38:38,170 --> 00:38:46,660 file located in slash Etsy slash bash 770 00:38:42,490 --> 00:38:48,760 bash RC the system-wide bash settings 771 00:38:46,660 --> 00:38:52,180 can be overridden by editing the dot 772 00:38:48,760 --> 00:38:55,119 bash RC file located in any users home 773 00:38:52,180 --> 00:38:57,970 directory in the previous section we 774 00:38:55,119 --> 00:39:00,099 explored the alias command which sets an 775 00:38:57,970 --> 00:39:02,920 alias for the current terminal session 776 00:39:00,099 --> 00:39:05,710 we can also insert this command into the 777 00:39:02,920 --> 00:39:09,099 dot bash RC file in a user's home 778 00:39:05,710 --> 00:39:11,740 directory to setup persistent alias the 779 00:39:09,099 --> 00:39:14,289 dot bash RC script is executed anytime 780 00:39:11,740 --> 00:39:16,720 that user logs in since this file is a 781 00:39:14,289 --> 00:39:18,970 shell script we can insert any command 782 00:39:16,720 --> 00:39:21,400 that could be executed from the command 783 00:39:18,970 --> 00:39:24,990 prompt let's examine a few lines of our 784 00:39:21,400 --> 00:39:24,990 default bash RC file 785 00:39:25,190 --> 00:39:32,560 you might recognize the hist size and 786 00:39:28,040 --> 00:39:32,560 hist file size environment variables 787 00:39:33,060 --> 00:39:38,070 and the alias command that displays 788 00:39:35,520 --> 00:39:39,780 colored output you will also find some 789 00:39:38,070 --> 00:39:42,500 other aliases in this file there 790 00:39:39,780 --> 00:39:42,500 commented out 791 00:39:47,160 --> 00:39:53,920 wrapping up in this module we took an 792 00:39:51,280 --> 00:39:57,400 introductory look at a few popular linux 793 00:39:53,920 --> 00:40:00,010 command line programs remember to refer 794 00:39:57,400 --> 00:40:05,040 to the kali linux training site for a 795 00:40:00,010 --> 00:40:05,040 refresher or more in-depth discussion 59364

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.