Pentesters are ethical hackers who look for vulnerabilities in target system, and report results to company that hired them, and help to patch (fix) found vulnerabilities before criminals use these vulnerabilities earlier.
Pentesters are also called: 'Red Team Hackers'.
Operating Systems for Pentesters.
Beside Kali Linux (successor of the BackTrack Linux), there's Parrot OS, BlackArch Linux, BackBox, probably more as well. All of these are Operating Systems made for Pentesters.
But Kali Linux is industry's standard, widely used OS for Pentesters.
Directory Structure in Kali Linux:
| /bin (binaries) | This directory contains Linux binaries like the cd and ls commands. |
| /sbin (system binaries) | This directory holds system binary files that serve as administrative commands (like fdisk). |
| /boot | This directory contains the Linux bootloader files. |
| /dev (devices) | This directory contains the device configuration files (like /dev/null ). |
| /sys | This is similar to /dev, which contains configurations about devices and drivers. |
| /etc (etcetera) | This directory contains all the administration system files (like /etc/passwd shows all the system users in Kali Linux). |
| /lib (libraries) | This directory hods the shared libraries for the binaries inside /bin and /sbin. |
| /proc (processes) | This directory contains the processes and kernel information files. |
| /lost+found | As in the name, this directory contains the files that have been recovered. |
| /mnt (mount) | This directory contains the mounted directories (example, a remote file share). |
| /media | This directory holds the removable media mounted directories (like DVD). |
| /opt (option) | This directory is used for add‐on software package installation. It is also used when installing software by users (example, hacking tools that you download from GitHub). |
| /tmp (temporary) | This is a temporary folder used temporarily, the holdings are wiped after each reboot. The tmp folder is a good place to download our tools for privilege escalation once we got a limited shell. |
| /usr (user) | This directory contains many sub-directories. In fact, /usr/share/ is a folder that we need to memorize because most of the tools that we use in Kali Linux (like Nmap, Metasploit, etc.) are stored there, and it also contains the wordlist dictionary files (/usr/share/wordlists). |
| /home | This is the home for Kali Linux users (example /home/kali/). |
| /root | Home directory for root user. |
| /srv (serve) | This folder contains some data related to system server functionalities (like data for FTP servers). |
| /var (variable) | This folder contains variable data for databases, logs, and websites. For an example, /var/www/html/ contains the files for the Apache2 web server. |
| /run (runtime) | This directory holds runtime system data (like currently logged‐in users). |
Commands & Important ideas.
Basic Commands:
- pwd: print working directory
- cd: change directory
- sudo: executing commands with root privileges
- ls: listing directory contents
- ls -l: as ls, but more details provided
- ls -a: as ls, but listing all files, not ignoring hidden ones
- man: displaying manual for commands
- man -f: short explaination of a command
- apropos: searching for commands using keywords
- history: displaying used commands history
Search Commands:
- find: detailed search
- locate: fast search using informations stored in database
- which : searching for executable files locations
- whereis: searching for executable files and related files locations
also, updating database for use of 'locate' command can be done using: 'sudo updatedb' command.
File & directory operations:
- touch: creating empty files
- mkdir: creating directories
- rm: removing files and/or directories
- tree: displaying directory tree structure
- cp: copying files and/or directories
- mv: moving files and/or directories
- echo: printing text
- cat: displaying file's contents
- wc -l: counting lines
- sort: sorting content
Streams:
- stdin: standard input (0)
- stdout: standard output (1)
- stderr: standard error (2)
Redirect operators:
- redirecting stdout (overwriting file): 1>
- redirecting stdout (adding to file): 1>>
- passing stdout to another (next) command (pipe): |
- redirecting stdin: <
- redirecting stderr (overwriting file): 2>
- redirecting stderr (adding to file): 2>>
Collecting System Info:
Informations about users:
- whoami: displays current user's name
- id: detailed information about current user & groups
- who: list of logged in users
Informations about system:
- hostname: name of the host
- uname (-a): (detailed) information about operating system
- env: displays all environment variables
- ps (aux): displays list of processes of all users
- top: monitoring processes in realtime
Network informations:
- ifconfig: displays network interfaces & their configurations
- ip addr: displays ip addresses
- netstat: displays network connections
- ss: socket statistics
Informations about devices:
- df -h: disk space usage, printed in 'human-readable' form
- lsblk: block devices list
- lsusb: USB devices list
- lspci: PCI devices list
Linux Text Editors:
Nano:
nano [file_name]: open/create file
Ctrl + G: help
Ctrl + X: exit
Ctrl + /n: move to line n
Ctrl + K: delete line
Ctrl + F: searching
Vim:
vim [file_name]: open file
i: insert text mode
ESC: return to command mode
dd: delete line
yy: copy line
p: paste
/text: search for text
:w: save
:q: exit
:wq or :x: save & exit
:q!: exit without saving
:set number: display lines numbers
vimtutor: interactive tutorial
Privileges:
Basic Privileges:
- r: read
- w: write
- x: execute
Categories:
- user
- group
- others
Main commands:
- chmod: change privileges
- chmod u+w: adding write privileges for file's owner (user)
- chmod g-w: remove write privileges for file's owner's group
- chmod o+x: adding execute privileges for other users
- chmod 644: privileges in octal notation
- chmod 755: standard privileges for directories
Special ('sticky') bits:
- SUID: execute with owner's privileges
- SGID: execute with group's privileges
System files:
- /etc/passwd: informations about users
- /etc/shadow: encrypted passwords
- /etc/group: informations about groups
Users management:
Managing users:
- useradd: creating user
- useradd -m: creating with home directory
- useradd -s: defining default shell
- useradd -g: setting primary group
- usermod: modifying user
- usermod -g: changing primary group
- usermod -aG: adding additional groups
- deluser: deleting user
- deluser --remove-home: removing with home directory
Managing groups:
- addgroup: creating group
- groups: displaying user's groups
- deluser user group: removing user from group
Managing sudo:
- sudo -l: checking sudo privileges
- visudo: safe editing of sudoers
- su: switching user
- passwd: changing password
Configuration files:
- /etc/sudoers: sudo configuration
- /etc/sudoers.d/: additional configuration files
Installing software:
APT (Advanced Package Tool):
- sudo apt update: refreshing packets list
- sudo apt upgrade: upgrades all packages to newest versions
- apt list --upgradable: shows list of available package upgrades
- apt list --installed: shows list of installed packages
- apt search [name]: searching for package
- apt show [name]: details about package
- sudo apt install [name]: installing package
- sudo apt remove [nazwa]: remove package
DPKG:
- dpkg -l: list of installed dpkg packages
- dpkg -l | grep [name]: search within packages
Additional tools:
- git clone [url] - cloning git repository
- pip install [name] - installing python packages
Useful options:
- --only-upgrade: upgrading only specified package
- -y: automatic install confirmation
Processes & services:
Managing processes:
- ps aux: processes list
- ps auxf: processes list displayed in form of tree
- kill [PID]: termination of a process
- kill -9 [PID]: forced termination of a process
- killall [name]: terminating all processes with given name
- jobs: listing background tasks
- fg %[numer]: moving task to foreground
- ctrl + Z: sending process into background
- &: executing process in background
Managing services:
- systemctl list-units --type=service --all: shows services list
- service --status-all: shows status of all services
- systemctl status [service]: detailed status
- systemctl start/stop/restart [service]: service management
- service [service] start/stop/restart: alternative service management
- journalctl -u [service]: service's logs
Monitoring:
- top - monitoring processes in realtime
- ps auxf | grep [name] - searching for processes
Wordlists.
Wordlists can be used, for example:
- for executing dictionary attacks that find passwords,
- for finding file names when we can't just list the containing directory's contents
(webpage server's directories sometimes deny listing files in these directories).
One of the most popular wordlist is named 'rockyou.txt'.
In Kali Linux it's available in compressed form, in following path:
No comments:
Post a Comment