Understanding the Command Line

00:01

understanding the command line

00:03

are learning objectives are to understand why the command line is important for penetration testers and also explain how the Lennox file system is structured.

00:11

So you'll see this graphic here from the matrix many many years ago but you'll see here trinity is actually using N. Map which is a tool that will learn about later. But um that's to say that most movies are not true to life. Most movies you see things like hacking the Gibson with flashing lights and it's really cool and all these gu ease and

00:31

you know I do enjoy the movie hackers but it's not really true to life.

00:35

So typically when you get a shell on a machine, a remote machine when you're exploit works um you'll get a that access to the command line and that's why the command line is so important. Um

00:46

You know maybe our gps enabled in a box, maybe the N. C. Is enabled. These things allow you to graphically interact with the machine but typically you won't find services like this open especially should not be open out there to the internet. That that's pretty bad. Um But you typically don't have access to a machine through our D. P. R V. N. C.

01:06

That's why it's really important that we learn about the command line.

01:08

This is also something that I guess and I struggled with when I first got to the P. W. K. Labs is I didn't really know the command line and I didn't really know the Lennox file system and I think this goes towards that that graph that we saw a few lessons ago where

01:23

when people had hacked into more machines, uh they had more success in O. S. C. P. Probably because the more reps you get, the more you understand how these file systems work. So the root directory, that's where the root user's home is typically in a C T. F or hack the box or P W K.

01:38

This is we're going to be this is going to be where your proof file is that you need to get to

01:44

because only the root user can get into this. So you need to be route to get into that directory.

01:49

Home directories. Another good directory to know because we can see the users that have their own home directories and maybe they will store some sensitive files in there. Maybe they're ssh keys are stored in there. So another good directory to look in,

02:04

Etsy has the system configuration files, the most frequent frequent ones that we look for our password and shadow. Because the both of those combined, we can start cracking passwords and then get out of the box that way.

02:17

But password file will show us all the users on the machine,

02:22

Ben, and espen. So these are the system binaries. So, um you know, let's say, we want to know if Net Cat is on a machine, we can look in the bin directory to see if n c net cat is in there.

02:35

Also the user directory is important because sometimes net cap may not be in been maybe it might be an user bin. Uh And this is something I had to learn as well in the P W K labs because, you know, if I was looking for python, maybe pythons not and been maybe it's an user bin python

02:53

to execute python on that box

02:57

var is good. That contains logs, var logs access dot logs. A good one. Um Also var logs, Apache. And also Apache itself has has all of its files in var dub dub dub html is going to be our Apache server and all the files uh

03:15

that that server has in that directory.

03:17

Mhm.

03:20

Here's some other directories. Dev device drivers, lib shared libraries, boot. Uh As you can see file system for booting mount mount points. So if you have a cd rom or a USB on on your machine, it will be in the mount directory proxy. That's the processes,

03:38

but also by number on that machine. Temp

03:40

temps important because

03:43

when you get into a box and you want to say, bring an expert on that machine, you want to put it in the temp directory because even as an unprivileged user is globally readable and writable, meaning you can write into that directory as any user on that box. So if you want to do privilege escalation

04:00

the temp directories, we're gonna you're gonna bring your file into

04:03

to execute that privilege escalation exploit.

04:08

So as you as you heard, I like being the root user in Cali I can tell that because I have the hashtag the hashtag or pound symbol um as opposed to the dollar sign which is a non root user. The default shell in Cali now is E S H R Z shell.

04:27

Whereas before it was bash, I like the sea shell more than bash,

04:30

just because I think it has more functionality. Um

04:33

and this is really simplified. But Lennox treats everything as a file. So coming from the Windows world where things are a lot different, I needed to learn that you know, in Lenox everything is a file. Even directories are considered files and Lennox

04:47

if you're in doubt and you don't know something is you can use the file command, you know, file space, whatever you're looking at. You know, maybe file Bennett should tell us the directory. Um No, to get help. So if you don't know what a command does, you can always do MAN space. And that command like LS. That should tell you what the LS command does and all the different flags.

05:08

Speaking of flags, you'll see here something like N map space tack. H

05:13

for help should tell you all the different flags and help you with what that command does,

05:18

permissions are very important as well. And Lennox because

05:23

it tells me if I can read two or write to or execute something depending on what user I am. And this is something I'd ask you to go out and research more. We'll see this a lot more later when we get more hands on. But something like a global, globally readable and writable etc. Password file is bad. Really bad.

05:41

So if you know what that looks like. if you type in Ls L A in the etc. File and you see that password is globally readable, writable and executable, you'll know you that privilege escalation is pretty easy from there on out

05:55

tilda is the home directory. So I, you know, do C d space tilda forward slash dot ssh. One dot ssh means hidden, but we'll go into whatever user Urs ssh directory and that's where the ssh keys can be found.

06:10

Tab completion. So we saw that in the video, I can start typing something out. Maybe something has a long file name. I can start typing out the name. Maybe three or 4 letters hit tab and it should fill out the whole name of that long file.

06:24

Up arrow goes through your command history. Um this is history is also important because if you get onto a box as a user and you type in history, maybe you can see that users history sensitive, file names, passwords, things like that.

06:38

Change directory. That's important to uh, cd dot is the same director. You're in c d dot dot goes back a directory. That becomes important with local file inclusion, vulnerabilities. That's why you'll see dot dot slash dot dot slash dot dot slash. Because we're trying to get back into maybe the etc. Password

06:56

rfc directory. So we're going down that slashed at that slashed at that slash

07:00

to get all the way back into etc.

07:01

Um, also Lennox is case sensitive, so cyberia, lower Casey and sai Buri upper case C are not the same file. Their different files, which is different from being a Windows user where its case insensitive, just know Lennox is case sensitive

07:17

to make a file. You want to do the touch, command, touch, lower case t touch new file crease that new file. Of course we have the underscore there because if we had new Space file, that would not be the same. It would not be one file.

07:32

Make directory MK DE IR same in Windows. So example, make directory cyberia will make the cyber directory. Cat reads files. That's an important one to know. Cat command line. Way to read files. You also create files, so you'll see Cat cat

07:49

greater than cyber dot txt. You enter some text hit, enter

07:54

control D will create that file with that text. Cyberia is awesome in it,

08:00

remove files are m you know, maybe we didn't like that new file. Rm space, the new file name. We'll delete that file.

08:07

R M D I R. That, you know, maybe we want to remove the cyber directory. If something's in it though, it's not gonna work, you have to do. M. R. D. I. R. Space tack are to recursive lee remove all the files in that directory.

08:22

Cp copies files. You can copy multiple files into one directory. Using CPI. Also move maybe they don't like the name new file. You could do move the name new file and then call it old file and it should change the name to old file.

08:37

Mhm.

08:37

So in summary that was a very quick lesson. But now we understand why the command line is important for pen testers.