I want to introduce a few terms that should clarify some concepts .
Binaries This term refers to files that can be executed, similar to executables in
Windows. Binaries generally reside in the /usr/bin or usr/sbin directory and include
utilities such as ps, cat, ls, and cd (we’ll touch on all of four of these in this chapter) as
well as applications such as the wireless hacking tool aircrackng and the intrusion
detection system (IDS) Snort.
Case sensitivity Unlike Windows, Linux is case sensitive. This means that Desktop is
different from desktop, which is different from DeskTop. Each of these would represent
a different file or directory name. Many people coming from a Windows environment
can find this frustrating. If you get the error message “file or directory not found” and
you are sure the file or directory exists, you probably need to check your case.
Directory This is the same as a folder in Windows. A directory provides a way of
organizing files, usually in a hierarchical manner.
Home Each user has their own /home directory, and this is generally where files you
create will be saved by default.
Kali Kali Linux is a distribution of Linux specifically designed for penetration testing.
It has hundreds of tools preinstalled, saving you the hours it would take to download
and install them yourself.
root Like nearly every operating system, Linux has an administrator or superuser
account, designed for use by a trusted person who can do nearly anything on the
system. This would include such things as reconfiguring the system, adding users, and
changing passwords. In Linux, that account is called root. As a hacker or pentester, you
will often use the root account to give yourself control over the system. In fact, many
hacker tools require that you use the root account.
Script This is a series of commands run in an interpretive environment that converts
each line to source code. Many hacking tools are simply scripts. Scripts can be run with
the bash interpreter or any of the other scripting language interpreters, such as Python,
Perl, or Ruby. Python is currently the most popular interpreter among hackers.
Shell This is an environment and interpreter for running commands in Linux. The
most widely used shell is bash, which stands for Bourneagain shell, but other popular
shells include the C shell and Z shell. I will be using the bash shell exclusively in this
book.
Terminal This is a command line interface (CLI).
With those basics behind us, we will attempt to methodically develop the essential
Linux skills you’ll need to become a hacker or penetration tester. In this first chapter,
I’ll walk you through getting started with Kali Linux.
The Linux Filesystem
The root (/) of the filesystem is at the top of the tree, and the following are the most
important subdirectories to know:
/root The home directory of the allpowerful root user
/etc Generally contains the Linux configuration files—files that control when and how
programs start up
/home The user’s home directory
/mnt Where other filesystems are attached or mounted to the filesystem
/media Where CDs and USB devices are usually attached or mounted to the filesystem
/bin Where application binaries (the equivalent of executables in Microsoft Windows)
reside
/lib Where you’ll find libraries (shared programs that are similar to Windows DLLs)
BASIC COMMANDS IN LINUX
Finding Yourself with pwd
kali >pwd
/root
Checking Your Login with whoami
kali >whoami
root
Navigating the Linux Filesystem
Changing Directories with cd
kali >cd /etc
root@kali:/etc#
To move up one level in the file structure
root@kali:/etc# cd ..
root@kali:/# pwd
/ r
oot@kali:/#
You would use .. to move up one level.
You would use .. .. to move up two levels.
You would use .. .. .. to move up three levels, and so on
kali >cd .. ..
Listing the Contents of a Directory with ls
kali >ls
| bin initrd.img | media | run sbin | var vmlinuz |
| boot initrd.img.old mnt | |||
| dev lib etc lib64 | opt | srv | vmlinuz.old |
| proc | tmp | ||
| home lost+found | root | usr |
you can also use this command on any particular directory.
ls /etc shows what’s in
the /etc directory.
To get more information about the files and directories, such as their permissions,
owner, size, and when they were last modified, you can add the -l switch after ls (the l
stands for long). This is often referred to as long listing.
Some files in Linux are hidden and won’t be revealed by a simple ls or ls -l command.
To show hidden files, add a lowercase –a switch, like so:
kali >ls -la
If you aren’t seeing a file you expect to see, it’s worth trying ls with the a flag.
Getting Help
kali >aircrack-ng --help
Note the double dash here. The convention in Linux is to use a double dash (--) before
word options, such as help, and a single dash (-) before singleletter options, such as –h.
In some cases, you can use either -h or -? to get to the help file.
kali >nmap -h
Referencing Manual Pages with man
kali >man aircrack-ng
NAME
aircrack-ng - a 802.11 WEP / WPA-PSK key cracker
SYNOPSIS
aircrack-ng [options] c.cap / .ivs file(s)>
DESCRIPTION
aircrack-ng is an 802.11 WEP and WPA/WPA2-PSK key cracking progrant.
It can recover the WEP key once enough encrypted packets have been
captured with airodump-ng. This part of the aircrack-ng suite deter-
mines the WEP key using two fundamental methods. The first method is
via the PTW approach (Pyshkin, Tews, Weinmann). The main advantage
of the PTW approach is that very few data packets are required to
crack the WEP key. The second method is the FMS/KoreK method. The
FMS/KoreK method incorporates various statistical attacks to dis-
cover the WEP key and uses these in combination with brute forcing.
Additionally, the program offers a dictionary method for determining
the WEP key. For cracking WPA/WPA2 pre-shared keys, a wordlist (file
or stdin) or an airolib-ng has to be used.
FINDING STUFF
Searching with locate
kali >locate aircrack-ng
/usr/bin/aircrackng
/usr/share/applications/kaliaircrackng.desktop
/usr/share/desktopdirectories/05101aircrackng.directory
snip
/var/lib/dpkg/info/aircrackng.mg5sums
Finding Binaries with whereis
kali >whereis aircrack-ng
aircarckng: /usr/bin/aircarckng /usr/share/man/man1/aircarckng.1.gz
Finding Binaries in the PATH Variable with which
kali >which aircrack-ng
/usr/bin/aircrackng
Performing More Powerful Searches with find
Here’s the basic syntax for find:
find directory options expression
So, if I wanted to search for a file with the name apache2 (the open source web server)
starting in the root directory, I would enter the following:
kali >find /➊ -type f➋ -name apache2➌
My results for this search are shown here:
kali >find / -type f -name apache2
/usr/lib/apache2/mpmitk/apache2
/usr/lib/apache2/mpmevent/apache2
/usr/lib/apache2/mpmworker/apache2
/usr/lib/apache2/mpmprefork/apache2
/etc/cron.daily/apache2
/etc/logrotate.d/apache2
/etc/init.d/apache2
/etc/default/apache2
we could start the search in
the /etc directory, and Linux would only search as far as its subdirectories. Let’s try it:
kali >find /etc -type f -name apache2
/etc/init.d/apache2
/etc/logrotate.d/apache2
/etc/cron.daily/apache2
Filtering with grep
Very often when using the command line, you’ll want to search for a particular
keyword. For this, you can use the grep command as a filter to search for keywords.
kali >ps aux
This provides me with a listing of all the processes running in this system—but what if I
just want to find one process to see if it is running?
I can do this by piping the output from ps to grep and searching for a keyword. For
instance, to find out whether the apache2 service is running, I would enter the
following.
kali >ps aux | grep apache2
root 4851 0.2 0.7 37548 7668 ? Ss 10:14 0:00 /usr/sbin/apache2 k start
root 4906 0.0 0.4 37572 4228 ? S 10:14 0:00 /usr/sbin/apache2 k start
root 4910 0.0 0.4 37572 4228 ? Ss 10:14 0:00 /usr/sbin/apache2 k start
snip
MODIFYING FILES AND DIRECTORIES
Concatenation with cat
The cat command followed by a filename will display the contents of that file, but to
create a file, we follow the cat command with a redirect, denoted with the > symbol, and
a name for the file we want to create. Here’s an example:
kali >cat > hackingskills
Hacking is the most valuable skill set of the 21st century!
When you press ENTER, Linux will go into interactive mode and wait for you to start
entering content for the file. This can be puzzling because the prompt disappears, but if
you simply begin typing, whatever you enter will go into the file (in this case,
hackingskills). Here, I entered Hacking is the most valuable skill set of the 21st century!.
To exit and return to the prompt, I press CTRLD. Then, when I want to see what’s in
the file hackingskills, I enter the following:
kali >cat hackingskills
Hacking is the most valuable skill set of the 21st century!
If you don’t use the redirect symbol, Linux will spit back the contents of your file.
To add, or append, more content to a file, you can use the cat command with a double
redirect (>>), followed by whatever you want to add to the end of the file. Here’s an
example:
kali >cat >> hackingskills
Everyone should learn hacking
File Creation with touch
kali >touch newfile
Creating a Directory
kali >mkdir newdirectory
To navigate to this newly created directory, simply enter this:
kali >cd newdirectory
Copying a File
kali >touch oldfile
kali >cp oldfile /root/newdirectory/newfile
kali >cd newdirectory
kali >ls
newfile oldfile
Renaming a File
The mv command can be used to move a file or directory to a new location or simply to
give an existing file a new name. To rename newfile to newfile2, you would enter the
following:
kali >mv newfile newfile2
kali >ls
oldfile newfile2
Removing a Directory
The command for removing a directory is similar to the rm command for removing files
but with dir (for directory) appended, like so:
kali >rmdir newdirectory
rmdir:failed to remove 'newdirectory': Directory not empty
It’s important to note that rmdir will not remove a directory that is not empty, but will
give you a warning message that the “directory is not empty,” as you can see in this
example. You must first remove all the contents of the directory before removing it.
If you do want to remove a directory and its content all in one go, you can use the -r
switch after rm, like so:
kali >rm -r newdirectory
