Who, What, When, Where and How of the Linux Command Line

00:01

the who what when where and how the Lennox command line.

00:05

So in this lesson we'll learn the who what when where and how the Lennox command line and why did I break this lesson out into who? What when where who what when where and how. It's because when I was a police officer um and I would have to write a report. My training officers would say well if you want to cover everything

00:23

make sure you cover the who what when where why? Which we don't

00:26

why why are we here? What we're here to pass the Osc. P. And how um in your reports you cover everything. So hopefully I will cover as much as I can

00:35

in this. You know it's impossible to cover everything within the command line in one lesson. But hopefully I can cover this with these different who what when where and how tags in them. So you can remember more about the command line. So who who am I? You'll see this in some I. T. Or tech conferences.

00:53

Someone will put up who am I on the board? Well, it's a command in the Lenox terminal. It's also a command on Windows. It works on either. That's why I really like this command because if I'm a new rating system and I do, who am I? Um Hopefully we'll come back with either system or route because it will work on either Lennox or or Windows. I. D. Will only work on Lenox. It displays your user. Uh And what groups you're in? Maybe you're in the doctor groups. It will say that when you do the I. D. Command,

01:19

you name that Prince, the operating system, you name Space tack. A will show all the information. This is a great one to use to see if that operating system has a kernel exploit for it.

01:30

What So what can I do? Can you run something as the root user? Sudo space tack. L will list all the commands that you can perform as the root user. Maybe you'll do that and it will say, you know, you can perform bin bash as as the root user. Then you just simply have to run that command as with pseudo.

01:52

And you're the root user.

01:53

Easy privilege escalation day

01:55

I. D. When you do that command normally you'll see Zero is the root user If you C zero. That's really, really good. If you see 1000, it's normally the first user that's been registered on that box. Um If you see below that, it may be a service on that box. Maybe you're dub Dub. Dub data. Maybe you're a demon or Damon. I don't know either one. Um That will just tell you the number of that service or user

02:19

What is in a file. Cat will show you everything in the file strings. Maybe you're looking at a binary and you just want to see the printable characters in the binary strings. And then that binary name will show you all the printable characters. Head shows the 1st 10 lines, tail will show the last 10 lines in a file. You can change that with the head and tail command. Of course, you can figure that out.

02:40

Looking at the man page, right? We learned about that. What permissions do you have? So there are three permission groups owner uh the group and the users. Um And you'll see things like our W. X. Like we talked about globally readable and writable files.

02:57

Here's a globally readable and writable directory with the D. All the way at the left hand side.

03:01

If you saw it wouldn't have the D. But the password file has R. W. X. R W X, R D W exits globally. Readable. Writable execute Herbal. That's good for us. That's bad for that. That host,

03:13

what is running

03:15

PS space AUX will print all the running processes from all the users on that box

03:23

when So the Cron tab or Cron jobs that are running. So this is important also for privilege escalation. Maybe you look at all the Cron jobs and one is running as root, but you can write to it as an unprivileged user. You can then, you know, maybe change that Cron job

03:40

so that it executes as root, but it makes you the root user or you can do a reverse shell with it.

03:46

Um So that's also an important one for privilege escalation.

03:52

Where so where are we? Ls will show all the files in that directory.

03:58

Also also show other directories. Ls I usually do space tack, L, A or a. L. Doesn't matter. As long as the letters A and L. Are in their uh will show you the long format. It will show you, you know, if it's readable and writable and who can read and write to that file For permissions. PWd print working directory.

04:16

That will show you which directory you're in. That's also good because if I get into a box, one of the first commands all runs PWD to figure out where am I on that box?

04:25

Find. That's also an important It's also important command because what if I want to find the flag, maybe I know the name of the of the flag document is flagged at txt.

04:36

Um For that capture the flag, I'll do fine forward slash name. Flag dot txt. Um to greater than dev null. That just writes some output to knoll so that you know maybe you're you're searching a directory but it says permission denied.

04:53

If you do that to greater than dev null it won't print that. It will just print what what it finds

04:58

where is locates programs that you don't know where python is on that box you do. Whereas python I should tell you where it is.

05:04

Apropo I propose um that can help you find different commands. So maybe I'm looking for all the commands that can help me search for something. I can do a proposed search and it should show me all the commands that I could run to search for different things

05:18

grip, grip just searches for different words in a file. Um This is something that I may use as well grip. Uh attack R. N. W. Four slash pastor looks for all the different passwords you see to greater than Devono again there so I just see the output that where it finds something. Um This can be very verbose though

05:38

because you're looking for everything that has the word password in it.

05:44

How

05:45

so it's very important to know what commands are using and what they do. So when you're getting onto a box usually going to get a shell and you need to know what commands you've you've issued and also you need to know

06:00

why you're doing it. So enumeration. People always say you know the key to escape

06:04

is enumeration. Enumeration. Enumeration. You need to know how you found that vulnerable binary or that vulnerable file or that you had different sudo permissions. So make sure you document how you achieve privilege escalation or where you found certain files um when you're writing your report.