COS30015 Lab 1 Solution PDF

Preview

Summary

Tutorial...

Description



COS30015 IT Security Lab 1 In this lab you will investigate Linux commands 

   

1. Kali 1.1 What is Kali operating system? And why using Kali for this Unit? (Look it up with Google). Don't copy and paste – write down what it is in your own words. Kali is a Linux-based penetration testing platform. Kali is used in this unit as it provides a range of useful penetration testing tools.   



1.2 Which Linux distribution is Kali OS based on?

 Debian  

 

2. Getting Started with Kali Linux Virtual Machine (VM)  

2.1 Start Oracle VirtualBox and load the Kali virtual machine (to be provided by your tutor). Log in using the root account. username log in as root toor

 Open a console window:

password



2.2 What do the following commands do? (Write down the answers here) After running the command, try --help man or info for more information. Typing q will get you out of the manual. ls ls –l Directory listing – what files and folders are there. Option -l is a long list (ownership, permissions, dates).  

pwd Print working directory – shows which folder we are in. 

  COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 1



ps ps –al Process statistics – list processes (programs, threads) running and PIDs 

 cd / cd cd ~ cd .. Change directory: . / is root folder is home folder ~ is home folder .. is up one folder

uname uname –a Names of operating system, name and version numbers of OS components.     

 df df –hi 

Display disk information – drives, partitions, sizes, %full Use the ‘man’ command to find out what the –hi option is for.    

 echo $PATH echo $Path The current search path – where commands will be looked for when issued. 

    

Is Linux case sensitive? Yes 

history history | more history –c Previous commands used by this user. ‘more’ shows one page at a time. -c clears the history. 

 COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 2

 

Try a ping command: ping 127.0.0.1 What does it do? Sends an ICMP packet to a server, and counts the hops and travel time. Use CTRL + C to stop the pings 

  

2.3 More advanced Linux commands: Smbstatus Shows network shared (samba shares) - mapped drives. To know more: https://www.samba.org     



dig telstra.com DNS lookup     

 nslookup -sil telstra.com DNS lookup     

 netstat netstat | grep CONNECTED netstat | grep ESTABLISHED Shows current TCP, Unix and UDP “connections” and listening ports.     



/usr/sbin/lsof List of open files and the various users on the system using them. 

     COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 3

  

Note: Executables in Linux have no extensions. zip files have tar or gz extensions To run a program, type it's name. If it is in the current directory, type ./program

 Try these commands to find the ifconfig program:

 locate ifconfig which ifconfig find / -name ifconfig

 You can get rid of the error messages this way: find / -name ifconfig 2>/dev/null Where is ifconfig? /sbin/ifconfig

 COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 4



2.4 Type in the following command:

 who whoami Who is logged in at the moment? root. 

       

Try this command finger root What can you find out about this user? Name, how long he’s been logged on (if finger command is not available, you need to install it by issuing the command apt-get install finger). 

      

3. More Advanced Linux Commands on Kali  3.1 Try out these commands:

 top What does it do? (type q to quit) Instead of typing Top, you should use top command (recall that Linux is case sensitive). The command displays process list, memory use, CPU use. 



ls ls –l ls – al List files, long list files (details), list for all users.

 How many files are directories? (look for d ) 16   



Type pwd to see where you are. /root Is this location in the search path? (echo $PATH) No. 

      COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 5

 

3.2 To create a text file:

 cat > hello //where hello is the name of a new file echo Hello World! //...type stuff into hello Ctrl+C //stop

 To see what's in a file: cat hello  



To run the file, you must first set its executable bit:  chmod +x hello

 Now run it:

 Type the name of the file: e.g hello

 Does it work? No. Use file hello1 to see what sort of file it is.



Linux does not use file extensions to determine file type. There are no .exe files in Linux. Linux uses commands like chmod to set permissions which include read, write and execute. Any file can be marked as executable, but only files which contain recognisable bash script or compiled code will actually run. Type this to add exe rights to a file: chmod +x

Linux uses the search path (type echo $PATH to see it) to decide where an executable program can be found.

 Preceding a program with ./ tells Linux to ignore the search path and run the program found in the current directory.

 Try: ./hello Does it work now? Yes. 

rm -i (delete the file)

 You can also create an empty file this way:

 touch touch hello1.asm 



3.3 Edit the file:

vi (vim) is useful to know because it's really old and EVERY version of Linux and Unix has it

  vi hello

 vi commands: - toggle between insert and replace mode - go back to command mode - delete characters

 Kali also has Leafpad - a GUI editor similar to notepad.exe

 : - enter a command e.g. :w - write file  COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 6



:q - quit file :wq - write and then quit a file

 Try editing hello1.asm with leafpad. You can start it from the command line:

 leafpad hello1.asm 

 

Add in this code:

This is assembly language (AT&T syntax). _start is the main(), %eax if the function (system) call number (syscall). the movl lines are loading parameters. int calls the "syscall".

 .section .data text: .ascii "Hello assembly\n\0" .globl _start _start: movl $4, %eax movl $0, %ebx movl $text, %ecx movl $16, %edx int $0x80 movl $1, %eax int $0x80

 $4 means write(…) $1 means exit()



Assemble: as -o hello1.s hello1.asm

Explain the command syntax here: as -o

Link: ld -o hello1 hello1.s

ld -o

  Set permission: chmod +x hello1

 Run: ./hello1

 What type of file is this? Try file hello1

ELF 32bit LSB exe, Intel 80386

 COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 7



3.4 Linux Directories are equivalent to Windows folders.

 mkdir

 rmdir 

 

3.5 Which of these commands can you access? Write down what they do.

 locate ifconfig locate finds all files (too much).

 updatedb updatedb updates the file location database find / -name ifconfig find -name finds exact match

 find / -name msf > temp && more temp (this takes a while)

 which ifconfig which finds the path used for a command

 If you were refused permission, you could try 'su' (substitute user) to escalate your privileges to root. 





the root password type in su root toor (logs you in as a the root user)

 sudo allows you to run root commands as a temporary root user.



Note: su is not a user name. It only works after you have logged in. It changes your current user name to root (default) or whatever you type after su. e.g. su -changes you to root, su jim – changes you to jim. You still need the password.

You need to type in your non-root password. 



4. Shut down 4.1 Try these:

 exit - logs you out of the su shell 

(halt - shuts the Linux VM down. –but this leaves the VM running with the OS shut down. Then use the VMWare menu - Player – Power – Shut down guest. Not so good)

 While in Linux, try poweroff – the best way to shut down. halt –p does the same as poweroff.

 If poweroff doesn't work, try sudo poweroff  COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 8



4.2 If you get this:  

There are stopped jobs. 

You have left a process running – use ps –l to see what it is

the process that is still running

     

then type fg

where is the name of the process you started (what you typed to run it)

 to bring the process into the foreground.

 e.g. fg cat 

 

Stop it the correct way: Ctrl+C for most programs 

     

look for this  

If this doesn't work, use ps to get the PID number, and try

 kill where is the PID of the process you want to kill  



5. NETWORKING without DNS (try at home)  Instructions for testing your HOSTS file: 1. You will need to have the DNS client service running in Windows, and administrator access (to \windows\system32). 2. If you want to use HOSTS to map a public site, you may have to bypass your ISP's proxy which may cache DNS replies. Change your browser settings to "no proxy" or "direct connection" or something similar. If it is a site on your ISP's domain or your own domain, the proxy server will not be used. 3. Open a console window (START Run cmd) and ping a domain you want to create a hosts entry for. 4. Note the IP address. 5. Open C:/Windows/system32/drivers/etc/HOSTS in a text editor 6. Scroll down to the bottom of the file and type in the IP address followed by the

 COS30015 Lab 1. Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Page 9

 

fully qualified domain name (e.g. host.domain.com), or the short version you want to use. 7. Save the file 8. Refresh the local DNS service cache: ipconfig -flushdns 9. Open a browser and type in the domain name or the short version and see if it takes you there. You should be redirected to the IP address you added to the HOSTS file.

 Try pinging a blocked site to get its IP address. Add it to your hosts file to see if you can bypass the blocked list.

 To use your HOSTS file to block domains, add the loopback address 127.0.0.1 followed by the domain name to your HOSTS file. 

 

If it doesn't work, you probably have Windows 8. I'm sorry.

host/ domain name: 

    

IP you will get it to redirect to:

 COS30015 Lab 1 (week 1). Based on notes prepared by James Hamlyn-Harris (SUT). Updated by Yakub Sebastian (SUTS) on 30-Aug-16.

Pa ge 10...