Linux Essentials for Ethical Hackers - Full InfoSec Course

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

this linux course will teach you the basics you need to know as a penetration tester it was created by hackersploit who has one of the most popular cyber security channels on youtube hey guys hackersploit here back again with another video and welcome to the linux essentials for hackers the 20 you need to know and uh first of all let me explain to you what this series is about before we actually take a look at what we'll be covering and the various issues that uh you know uh beginners in infosec and ethical hacking usually face when dealing with the topic of linux so uh it comes as no surprise that linux is very very important uh to learn if you are going to get into infosec because uh you will be using various linux based uh offensive distributions like kali linux or parrot os and it's it's imperative that you understand how to use the system to your advantage how to become efficient at it and that's primarily what this course is focused on now if you are a system administrator then it is uh worth also going through this course because we'll be covering a various aspects that you might not have known about but again if you're a beginner this is perfect for you this will cover exactly what you need to know to be efficient and effective with linux uh when it comes down to pen testing or ethical hacking getting started is very simple if you are a pen tester or you're a beginner to linux uh you can install linux from scratch or run it in a virtual machine i prefer running you know installing it from scratch on a physical machine however if you are interested in you know delving into the various distributions that exist you can check out distrowatch.com and you can start playing around with them uh you know in a vm or you could opt to set up a linux server all right so that's pretty much all that i wanted to talk about in regards to an introduction to this course and without further ado let's get cracking in this video we're going to get started with taking a look at the various keyboard shortcuts that will help you navigate around the system much easier and work with the terminal at a much more efficient rate all right so let's get started now i'm currently using ubuntu you can be using any other linux distribution that you want and we're going to be primarily working with the terminal first before we actually delve into desktop environments uh and you know various other distributions so we're going to be using debian and again ubuntu is based off debian and for our package manager we'll be taking a look at the aptitude package manager but as i said we'll be delving into all of that later on all right so with ubuntu uh getting opening up a terminal with your keyboard is very simple you have your control alt n t key or you have your super and t if you're running debian or any other distribution so on ubuntu it's ctrl alt n t or your super nt and you can customize your keyboard shortcuts uh however you want all right so let me just uh let me just minimize this now uh the other interesting thing that you can do or very helpful thing that you can do when working with various windows it doesn't have to be a a terminal window is you can perform tiling and that is by using the super key and your arrow keys to direct the location of the windows and you can tile them appropriately right so as you can see i've used the super and up key and that maximizes it and of course i can take it to the left or i can take it to the right and i can you know leave it where where it was previously right so let me just expand it now let me talk about a font size right so font size is very easy to change and to actually increase and reduce so if i wanted to increase my font size i would use the control shift and the plus key on my keyboard and that would increase the font size right i can then minimize it by using the control and the minus key on my keyboard and that will reduce the font size so again increasing it is ctrl shift and and the plus key and reducing the font size is control and the minus key on your keyboard right so that is how to increase and reduce your font size now let's talk about actually clearing your screen which is very very simple so i'll just use a generic command here you don't have to worry about what that command is so if i wanted to clear my terminal i would simply say clear and that will get rid of all the content that was currently on the terminal however i can also use a keyboard keyboard shortcut so again if i just list the same command here i can use the control and l key and that will clear the terminal for me without me having to type the clear command all right so let's talk about some uh some other keyboard shortcuts that you should be aware of right so uh if we are working with a particular process so for example i can say nmap i can run a quick nmap scan here and i can just say sv 192.168.1.1 and we can hit enter i can use the control c key to actually end the currently running process and it will return you back to your uh to your shell uh in this case we're using the bash shell so if i want to end a process that's currently running like the one i was running which was nmap i use the control and c keyboard shortcut right now if i wanted to suspend or to pause this or to pause a particular task or a process i can use the control and z key right so if i was running nmap s v the same key or the same command i can type that out however here are other useful keyboard shortcuts that you can use so i can cycle through my previously used commands by using the up arrow key and that will again cycle through all my all my previously used commands so again i can just go to this previous command and hit enter and then i can use ctrl and z to actually uh pause and suspend that process uh in memory and remember it hasn't stopped it you have just suspended it all right now let's talk about tab uh let's talk about the tab key and auto completion right so uh we can use the tab key uh to auto complete file and directory names so let me just clear this out and i can use the control and l key so if i go to my uh well i can actually work from my home directory but let's say i wanted to cat a particular file so let me just list all the files in here so let's say i wanted to cat my let's see or let's say i wanted to get my my password file so again i can say cat etsy and i can say password right now if i wanted to auto complete this i could use the tab key and again it'll if i use it two times it will give me the various suggestions here so a single tab will auto complete it if it has an accurate uh id of of the particular file or directory you're referring to so again if i said uh if i give it a bit more information in regards to the file or directory i was looking for i would simply just hit tab and it gives me the file there however i can hit double tab and that again gives me the files that are related to the particular data that have entered here so again if i reduced it just to ap and i hit tab twice it will give us the recommendations as to uh in in reference to the to to the to the particular files that uh that begin with the word p and again if i can increase that uh probability or the specification of the file i'm looking i'm looking for by increasing the amount of letters so again again i can tap it twice and now you can see the results are more fine-tuned so again i can i can use tab to auto complete it to password and i can hit enter and that displays the contents of the password file so that is how to use uh the tab key and those are the various uh you know commands that uh or keyboard shortcuts that you can use while working in the terminal and hopefully those will make your life a whole lot easier so again control and l that clears everything for me now let's talk about how to close your terminal so again closing your terminal is very simple you can use the control shift and w key so again i can say control shift and w here right over here and that works pretty universally among all distributions so again control alt d that opens up your terminal uh increasing the font size control shift and the plus key and so on and so forth and you can tile your terminal or any window in your system by using the super key and your arrow keys or your directional keys here all right so those are all uh the basic keyboard shortcuts that i wanted to start off with i'll be referencing others throughout the series uh let me know which ones are i missed and i'll be seeing you in the next video in this series in this video we're going to be taking a look at file management and file manipulation uh in linux so let's get started so i'm just going to open up my terminal here and let's just expand this and let's increase the font size so we can see what's going on all right so let's start off with a bit of directory navigation and understanding uh what files exist within a directory right so the first question any beginner to linux has is when the in the terminal is how do i know where i am or how do i know what directory i'm in right so they want to know where where they actually exist in the linux file system so by default if you are logged in as a user uh you know that a user is not the root user uh so you know a normal user account for example i'm logged in as a lexis so i'm going to be in my current home directory now you can confirm this by typing in pwd all right pwd means print current working directory or print working directory and that is self-explanatory it prints the current directory that you are in and that you uh will be working in or any commands that you actually run will be executed within this directory right so i'm going to hit enter and as you can see it tells you i'm in the home alexis directory now user accounts are usually sorted out this way so the root account usually has its own folder in the root directory of the file system of the linux file system whereas other users like alexis here will be found within the home directory and then furthermore their own individual directories based on their usernames and this is where all their files will be stored all right which brings us to the next question which is how do i list the files within a particular directory and this is very simple we use the ls command which means list all right so i'm going to hit enter and this will list the files and the directories within the current directory right so i'm going to enter and as you can see it tells us within this current directory we we have the desktop directory uh the documents directory downloads etc etc right so this is the simple way of listing files now the ls command has the ability to be run with other arguments or commands or options that allow you to increase or to modify the way the output is or the way the files are displayed to you right so a quick example of this is by using the ls hyphen or dash l command all right so this will list all the files and directories in this directory uh in the format of a list or a table which makes it easier to read for users right so i'm going to hit enter and immediately you can see it gives you a vital information like the total right of here the permissions the owner the ownership of these files and directories you have the date modified and the name of the file uh of the files and directories all right so that is how to use ls in combination with another command now you can also get more output by combining the ls command with other options so again if we wanted to list all the files that are all the files and directories that are currently in this working directory i can use the a command which essentially is an abbreviation for all now when i say all in the context of a linux it means all hidden files all files within this directory will be displayed all right so if i list the files again here you can see that it only displays the the files and directories that are visible to users if we want to display all the files and directories including hidden files and directories we can say ls and we can say a all right and this again will give us all files and directories including hidden files and directory so you can see the hidden files in linux have the dot or the full stop before the file name here so again the bash aliases file is a file that is used in configuration of your bash profile so again it allows you to configure aliases when working with bash again so the hidden files in nx typically are used for configuration of various system uh system environment variables or various system tools uh you know so on and so forth we'll be working with this later on and it will all make sense shortly now the great thing about the list command is that i can use it in combination with the previous command so if i wanted to list this in a way that was much easier to read i can say ls a l and this will list all the files and directories including the hidden files and directories in the format of a list or a table and i hit enter and there you are you can see it displays all the files and directories in the form of a list here and again it gives you information in regards to the ownership and the permissions more of which we'll touch upon later on in the course all right so i'm just going to clear the terminal here and let's take a look at the ls command a little bit more all right so let's say i wanted to um to actually list the files um in a more readable format for users so again i can just type in ls l and i can use the h command all right so if i hit enter again this displays it in a much easier way for uh for users to understand what's going on and the context i'm referring to is more to do with the size all right so if i say ls l you can see that the data here or the size of the files is in bytes right now when we use the ls h or the h where the h stands for human readable format you can see it displays the actual size in kilobytes a much easier way for you to understand the sizes of files etc etc all right so let me just clear the terminal here and let's take a look at one more uh command that we can use with ls and that is if we wanted to uh show uh subdirectories right so remember when we show when we use the ls command it shows us the directories within this current working directory but let's say we had other directories within um let's see within pictures right so we could have other directories within pictures or documents or the downloads folder etc so again we can say uh if i wanted to list the the the subdirectories within the desktop folder i can say ls l and we'll use the capital r command and this again means recursively so we can then specify the folder we want which is going to be desktop or the directory we want again it's going to be desktop and we hit enter and again it will list for us the files that exist on the desktop first of all and again it shows us that we have a directory called c and a txt file called todo.txt all right within the c folder or the c directory we have three files we have a temp dot c we have a test binary and a test.c file so again it's displayed to us what is on the desktop and then what is uh what is in the directory c on the desktop so again it's used for recursive a listing of the of files and directories and sub directories that way all right so i hope that makes sense now let's talk about uh some directory navigation all right which is quite important here uh before we actually talk about uh file manipulation um and copying files etc so as i said we are currently in the home alexis directory now if i wanted to move a step back or to move to a parent directory i can say cp all right so cd will change directory to the actual home directory uh so again if i type in pwd you can see it will not do anything now if i wanted to go a step back i can type in cd and i can follow that or yes i can follow that up with two full stops and that will take me a step back and immediately on your bash shell you'll be given the current directory that you're in now so again it's telling us we are in the home directory and we can confirm this by typing in pwd right so if we list the files within the home directory you can see that the only directory that exists is the alexis folder and that's because that's the only use on the system so let's take a step back right so i can take a step back and i hit enter and now we are currently in the root directory the root file system directory for the off for linux right so again i can list all the files in here and i can hit enter and as you can see we are now in the root this is the actual root directory of the linux file system not the root folder or the root user directory just the root of the file system so you can now see all the various folders that the linux file system is comprised of all right so that is how to actually navigate a step back now if i wanted to navigate into any one of these directories i could say cd and then i specify cd is an abbreviation for change directory and i can specify the directory i want to move into so i can say cd home right and again that will take me into my home directory and then i can list the files in here and this tells me oh we have a directory called alexisd and then i can say change directory into the directory alexis and that will take me into the uh the directory alexis all right now i can also use um i can also use the forward slash to refer to a directory that is currently not in this particular directory so let's say i wanted to move into the um let's see i wanted to move into the um let's try the etsy folder i can say cd forward slash etsy and this refers to a directory that is currently not in this directory but at the root at the root of the linux file system so i hit enter and that takes us into the etsy folder so again i can confirm this by typing in pwd and again it tells me i'm currently in the etsy folder right now if i want to navigate back to my user home directory so i'm currently logged in as the user alexis if i want to go back to alexis home directory i can simply do this by typing home alexis right that's very very simple but if i want to even make this shorter i can use the command right over here and again i can hit enter and i can easily just navigate back to my home directory so if i hit enter you see and i type in pwd it's going to take me into my home directory right over here all right now that we have taken a look at you know directory navigation and moving around directories let's take a look at uh creating files copying etc all right so i'm currently on my in my home directory so let's talk about actually copying a file now before we actually do that we need to actually understand how to create files really really quickly right so the first thing i want to do is i'll go into my desktop here and i'll say cd desktop and i'm going to hit enter and i'm in my desktop now all right so if i wanted to create a file really easily i can use touch all right so touch is a is a tool or a utility that allows you to you know easily create files again let me show you a command that will help you understand what various commands and tools are so if i want to know uh i want information about a particular command i can use the what is the what is command so i can type in what is and then i can say what is touch and i can hit enter and again it tells me change the file timestamps all right or so i can also say what is uh let's see what is nano right nano is a text editor so i can hit enter and it's going to tell nano is another editor etc so it gives you information about a particular command or tool all right so i can use touch to create a file remember without any content right so i can say touch and i can say the file name is going to be test.txt all right i can hit enter and if i list all the files in the desktop you can see i have the test.txt file right over here all right so i can now direct data into this file so again i can use the ech command and if we want to learn more about the echo command i can type in what is and i can say echo and i can hit enter and it's going to say display a line of text right so we can say echo alexis is alexis is you can say alexis is not cool i know something like that and i can just hit enter and again it will display on our terminal alexis is not cool all right so it simply just displays a line of text however we can redirect this data into a particular file and in this case we want to dis we want to redirect this data into the test.txt file right so i can say echo we can say hello and we'll just use this simple string of text here and i can say redirect to this and we use the greater than sign to redirect data to a particular file or to a particular command so i can say test dot txt all right and i hit enter and now this file should have the words or the string hello now if you want to easily just display the context uh or the content of a file i can use the cat command all right now again we can use the what is command to find uh to find out more about what the cat command does so i can hit enter and it's going to tell us it concatenates files and prints on the standard output so again it gives us the output of all the content it prints out the content of a particular file uh so again i can say cat test dot txt and hit enter and again it prints out what we had redirected into it all right so that is how to use the cat command now again i can redirect a lot of text into this uh so let's say i wanted to edit this uh this file or i wanted to remove this file which is a much better way of actually taking a look at you know file manipulation technique so again i've shown you how to create a file a very simple file redirecting output we can also use cat to redirect output so for example if i wanted to redirect the contents of the password file i can say cat hc password and i'm using the relative directory you can see here so the the the contents of the password file i want to redirect into the test.txt file however if i wanted to create another file i could easily do it directly from here i could say password dot txt and i hit enter and now we can display the contents of the password.txt file and again i can use the tab autocompletion here and i hit enter and again it gives us all the content was redirected into this new txt file excellent so now let's talk about actually you know create removing files copying them etc so if i wanted to remove this file here the test.txt file i use the rm command which stands for remove right again you can use the what is command and again use it again it tells you this is used to remove files and directories so let's talk about removing files first all right so we can say remove uh test dot txt all right and again we use tab auto completion and i hit enter and this will have removed the file over here right so um that is essentially how to remove a file now uh if i want to remove a directory uh i can now i need to specify that it is a recursive action but before we do that let's talk about creating a directory first because that that's quite important as well so if i want to create a directory i use the make directory command which is abbreviated into mkdir so make a directory and i give it a name so i can say test all right so this is going to create a folder or id or a directory called test right once i hit enter and i list all the files here you can see we have the test directory over here uh so what i can do is i can you know i can navigate into it i can copy files into it so let's say i wanted to copy a file into this uh directory so again i can say let's say i wanted to say touch um or we can do the same thing so i can say cat etsy password and i want to redirect this into a file called password.txt and once that is done i want to copy the file so i want to say cp that means copy and i want to specify the file that i want to copy which is going to be password dot txt and i want to copy that into the test directory so i specify the directory i want to copy in i want to copy it into in this case the test directory is within the current working directory so i don't have to specify a relative path if i was specifying a relative path i would use the forward slash here so i can just say test and i hit enter and now if i remember if i wanted to list the contents of the sub directories recursively i could say ls lr and i hit enter and you can see the contents of the test directory uh password.txt excellent so again if i want to remove the the password file i can say removepassword.txt if i want to remove a directory and the directory what we want to remove is the test directory i can say remove and i use the capital r which means recursively remove and i say test and i use the tab autocompletion and i hit enter and now if we list the files in the on the desktop you can see we've gotten rid of all of these folders and files all right so now that we know how to actually create a directory we can actually um let me talk about removing a directory i actually covered it with the remove command however we can also use um another command called remove directory which is abbreviated into rmdir this will only allow you to remove a directory if you do not have any files within that directory right so let's say i uh by the way you can cycle through your previously used commands using your arrow keys in this case you can use the uh the up arrow key so let's say i wanted to catch i wanted to you know redirect output of the password file into a file called password.txt and i wanted to copy this file or let's actually talk about moving files so if i wanted to move a file i would say mv and again you can use the what is command so what is mv so i can say mv i want to move the password txt file into the test directory here i'm going to hit enter and now you can see that the the password file has been moved into the test directory so again i can i can list all the files within the test directory here and that again it tells me that we only have the password.txt file in here so if i use the rm dir command which means remove directory and i say test remove directory test you can see it's going to tell me that this directory is not empty so as a result we need to specify remove recursively test and we're going to hit enter and now it gets rid of the test directory for us all right so those are uh very very simple ways of you know creating copying and of of course deleting commands now uh before we actually end this video which i know has been going on for quite a while i'm going to be covering file directory permissions later but i want to talk i want to talk about file manipulation a little bit more uh so we've talked about uh you know using the cat command redirecting output uh using touch as well moving files let's talk about you know renaming files uh and also taking a look at the content of particular files here so what i want to do now is let's actually take a look at um at actually renaming files all right so i'm going to again use the similar command that we had used i'm just going to you know i'm going to redirect the output of the password file into a file called password.txt and now if i wanted to rename the filepassword.txt into something else i would use the mv command right so there isn't a command to rename files in linux you use the mv command which means move in this case it's very simple the syntax is uh you specify the file that you want to change the name of which is going to be password.txt and i changed the file name to let's say test dot txt and hit enter and now if we list all the files in the directory you can see that it changes it to test.txt and indeed if we actually uh if we actually display the contents of the file you can see that the the content is preserved while we've changed the name and we can also change the extension of the file so i could say move test.txt into test let's say test.c we can we can change the contents into a c file right and now if i say uh cat test dot c i can hit enter and there you are now let's talk about uh editors and then i'll talk about the content of the files uh before we actually end this video so um there are two uh standard editors that are pretty much the standard when it comes to linux and working within the terminal i'm not talking about graphical uh gui based editors like uh g edit and stuff so if i wanted to edit this file within the terminal i have two options i have nano so again i can use the what is command and say what is nano and again that's an editor and i have we have vim which is pretty much the most popular option and i'll be making independent videos on this editors and how to configure them so again if i want to edit the test.txt file i can say nano test.tx test.c let's actually rename it back to test.txt dot txt and we say nano test dot txt and we're hit enter and that takes us into nano now exiting nano is very simple again you can navigate around make changes uh exiting it we use control and x and that's it now with v vim or vi we simply type in vi or vim and we say test.txt hit enter and again with them the syntax is very different if i want to make changes or i want to add content i type in i to insert text and again i can play around with it and once i'm done i hit escape and then i can write changes to this file or i can quit and discard any changes by typing in q and the exclamation mark and hit enter and that's how to use the various editors i'm not covering them uh you know to their full to their fullest extent and that's because we have various videos that will be actually focused on editors themselves so um that's pretty much all that i wanted to cover in this video there's quite a bit hopefully you guys can actually learn a lot from this video in this video we're going to be talking about file and directory permissions and ownership all right so again there's quite a bit to cover and hopefully i'll explain the various ways of doing it and i hopefully i can explain it as best as i can all right so let me just open up a terminal here and we can get started immediately right so let's just expand this and there we are all right so the first thing i'm going to do is i'm just going to go on to my desktop or change my directory onto my desktop and i'm just going to clear this now one thing i want to talk about before i actually get started if i list all the files in here you can see that directories will typically be highlighted in blue and to keep this on a standardized basis you want the color scheme for your terminal to be the linux console or you can use xterm if you want and again that will just keep it really standardized but for the purpose of this video i'm just going to stick to the linux console again just so directories and your directories are highlighted blue and again executable files are highlighted green all right so that'll keep things uh more simple and very easy to understand all right so let's get started so again if i list all the files in this directory uh you can see that um typically when i list it in the form of a list or a table we have various bits of information right so again i can also you know type this in and print it out print it out in human readable format but again that doesn't explain a lot of the information that already is here all right so we have the first column which is your file permissions file and directory permissions um you then have the user and the group all right so this is to do with ownership these two are to do with ownership you then have the file size uh and the date modified and of course you have the the file or the directory name as is as as is and as was created all right so what i'm going to do is the first thing i want to do is i'm just going to create a simple file i'm just going to call it test test dot sh because i know many of you don't like me sticking with one type of file and what i'm going to do is i'm just going to cut the contents of the password file into the test dot sh file right and i can just hit enter and we can clear this out and let me also create a directory here and we'll just call it test and let's clear this out all right so now if i list all the files here you can see that we have the new files that we just created test.sh and the test directory so if we take a look at the permissions for the sh file which is a shell file and is potentially executable however in this current state it isn't and you might be asking well why isn't it executable and that's where file and directory permissions come into play now permissions in linux are very very simple to understand now many people usually you know complicate it quite a bit and there isn't a need for this uh again there are two ways of handling it which is where most of the confusion starts that is the symbolic mode format and the uh the octal mode or the binary mode as it's so referred to as all right and these basically deal with various techniques as to which you can ascertain or set uh you know their various permissions for files and directories but the first thing you need to understand first of all if you're a beginner is there three types of permissions that you can apply to a file or directory in linux those are read which is represented by r as you can see right over here uh the the second one is the w or the right permissions and the last one is the x permission which stands for executable so these basically mean read this allows this means that you're allowed to read the file uh the right permission means you're allowed to write changes to the file and the x permission means you're allowed to execute the file now you might be saying well we have various uh various sequences of these permissions appearing here how is it sorted out and that's a very good question so let's take a simple example of the test.sh file right over here all right so first of all uh as you'll see right over here each of these is sorted into six uh into six columns however they're really not separated but that's how you have to understand them so you have your first one here you have your second one here and you have your third one here now this initial prefix here is is there to tell you the type of file you're dealing with in this case we're dealing with a file so it leaves that blank in the case of if of a directory it will be annotated by a d and that tells you that you're dealing with a directory all right so let's let's talk about the other columns here so the first uh the first one here is for the owner of the file alright so these are the owner permissions now when we're talking about ownership for this particular file we can see that the owner of the file and the group that it belongs to is alexis all right now if it belonged to another user that means that these permissions were specific to that particular user or the owner of the file the second column here is in uh these are the permissions for the group all right so again these are group permissions and the last one are for all other users on the system so let's say i created a file and i'm currently in the alexis uh the home alexis desktop directory here uh let's say i was logged in as another user and i navigated into this directory and i tried to execute this file over here well given that i would be i was using another user the permissions for this file explicitly state that i can read the file however i cannot execute it or i cannot write any particular changes to it so hopefully that makes sense now let's talk about changing these permissions or setting these permissions for these files now this is where the chmod command comes into place all right so the chmod commands allows you to change the mode for files and directories and allows you to change permissions for the file and directories so again i can say i can use the what is command with chmod and you can see it allows you to change the file mode bits and change the permissions of a file or directory right quite simple now let's talk about this for a second it's very easy to use we say chmod and then we specify the options that we want and finally after the options we specify the file to which we want to apply these permissions to all right so very very simple syntax however as i mentioned there are two ways of doing this many people are comfortable with their own way and i recommend that you find your own way of going about this but i will make a recommendation to make things a whole lot easier and maybe uh one way that you can understand it you know a whole lot better all right so that the the first way is by using the symbolic mode format all right and the second way is by using the octal or the binary mode all right so let's start off with the symbolic mode format all right so let's say i wanted to change the permissions for the file the file test dot sh right over here all right so you can see that we we currently cannot execute it so uh what i'm going to do is let me just remove or i can just what i can do is just get etsy or we can just say dev null and don't worry what i'm doing here i just want to dot sh and we can actually just say echo um we can say echo hello world and we can just use this and we can pipe that into the file test.sh and now if we try and execute this file you can see that we hit enter we can see that we do not have the particular or the necessary permissions to execute this so that will be our goal here our goal is to set uh or to provide uh the user lexis with executable permissions all right so let me just list this one more time and we can take a look at the permission so for the owner alexis he can only read and write changes to the file which we we pretty much did already uh for the group they can only read the file uh and for all other users they can only read it all right so let's talk about the symbolic mode format so the symbolic mode format is very simple to understand of course i've mentioned it has to do with the various permissions so read write and execute and it is done in conjunction with the chmod command all right so now with the chmod command i can now specify the specification in regards to the uh to the user the group uh the uh the other or for all users all right so what this means is if i wanted to specify permissions or set permissions for uh for the current user i would do that by typing in chmod u and then i can add permissions i can say you um i can say i can add permissions by using the plus sign or i can say u is equal to and then i would set the permission so i can say user the current user is going to be read write and execute we're going to provide this user with the read write and execute permissions and then we specify the file that we want to apply these permissions to so i can say test dot sh all right and i can hit enter now if i list all the files here again you can now see that the the user alexis or the owner alexis has read write an executable permissions which means we can now execute this file and we just entered a simple piece of uh code here so again we can say test.sh and again we we cannot we can actually just modify this sorry uh we can say just going to test.sh and we can just say echo so that whenever we print it out we can actually get those this little string of text here again so let me just write and exit there and you can see that that was successful so again if we execute the file here you can see it prints out the string hello world excellent so now we have set the permissions for the user using the symbolic mode format all right so we can also remove permissions uh and again i've shown you how to explicitly set the permission so again let's go over that one more second one more time so chmod and now let's say we wanted to apply uh these same permissions for all the users on the system all right and for for for for the group all right so to do this we use the group uh and the o sign uh or we can also use the a sign all right and that will mean a group and all other users on the system so group and all of these users on the system so again the standard definition is for use the current user or the owner of the file g is for the group uh and again o is for other and a is for all all right so that will set for all so we can say group and we can then say group and other uh is will have read write and executable permissions and then we specify the file here and we hit enter and then that will set the permissions explicitly so again if we list all the files now you can see that the the the current user uh the group and all other users have read write and executable permissions which means i can now execute this file if i was logged in as another user that belongs to any other group on the system which is not recommended so let's talk about how to remove these permissions all right so i can say chmod and let's say i wanted to remove the uh the right and executable permissions for for the groups and other users on the system so again we say go and now we say minus wx so the right and executable permissions and we say test dot sh and we hit enter and now if we list all the files here you can see that now we have removed all these permissions so the only the current user is only allowed to read write and execute the file however the group and the other users on the system are only able to read it so that is essentially how to use the symbolic mode format so you can see it's a very simple system to use let me just go over it one more time we use the chmod command we then specify the user uh the group uh other uh other or all all right so again ugo a that is the standard uh the standard definition there and then of course we use the plus or the equal signs to add permissions or to explicitly set them so for example if i wanted to give the group execute executable permissions i would say chmod group plus x all right so we're setting it for the group and we're giving it executable permissions we then specify the file and we hit enter and now if we list all the files here you can see that it gives the group executable permissions so it can read the file and execute it however it cannot it cannot write changes to the file so i can i can also get rid of it so again chmod minus we can say group minus x uh so remove the executable permissions and then we specify the file we hit enter and again if we list the files here you can see we're back to the old uh permission so again a very simple way of setting permissions all right now let's talk about uh the binary or the octal mode of setting permissions all right so now let's talk about the octal or the binary mode of setting permissions right which is again very simple and is my preferred way of actually going about doing it now again as i said it's entirely up to you all right so again we are still using the chmod operator here and again this is the standard so again we can say chmod and then now when dealing with the binary or the octal mode of setting permissions the read write and executable permissions are now denoted in a binary format and you might be saying well if that's the case doesn't that make it a little bit complex well i'll explain why it it will not make it complex all right so let me explain something so typically as i said the read uh right and executable permissions are now represented by a binary value all right so the read value is the the read permission is represented by a value of four all right the right permission is execute is uh is denoted or represented by a value of two sorry and the executable permission is represented by a value of one all right and again we're still following the previous uh the previous format of going of actually uh understanding permissions here so again we have the uh the owner now the owner of the file or the directory uh you then have the group and others uh other users on the system all right so let's work with the test.sh file and i'll talk about setting directory permissions which is again very very simple as well all right so let's say we wanted to get rid of the the write and execute permissions for the owner of the file which is right over here you can see it has read write and execute permissions so to do this with the the binary mode or the octal mode again we need to specify chmod and now the permissions if you already know about this are now represented by the by binary values all right so as i said for the owner we want to actually specify the following so again we can say chmod and for the owner we need to specify the we want to get rid of the right and executable permissions so we only have the the write permission which again as we said is going to have a value of four all right so we start off with the value of four so we're going to say chmod four and then for the other files uh uh also for the other for the group and for the other uh users on the system we want to use the same permission we so we're gonna say chmod four 444 and then we specify the file name test.sh and we hit enter and now if we list the files in here you can see that now the file only has read permissions for the owner the group and other users on the system all right so that's how to set it now if i wanted to give the um the owner of the file read write and execute permissions we would need to add these binary values together all right so read is going to be equal to four all right right is going to be equal to two and um and execute is going to be equal to one all right so two plus four is going to be six six plus one is going to be 7. so we say chmod 7 that is for the user permissions or the owner permission so read write and execute let's say for the group and the other users on the system we want to give them only read permissions which again is denoted by four so that's four uh read permissions for the group and for other users on the system the same thing and then we type in the name of the file all right and i'm gonna hit enter and we can now display this and immediately you can see we now have read write and executable permissions for the owner for for the group we only have read permissions and for other users on the system we only have read permissions all right so that's very easy to understand now if it is complex i will leave a uh a resource in the description section that has a table of all of these permissions but the math is very simple right so again we're simply adding 4 plus plus 2 plus 1 and that is for all permissions so this is right so again this is sorry this is read write and this is execute so 4 plus 2 plus 1 is going to be 7. if i only want read permissions it's going to be four if i only want read and write permissions it's going to be six again that would be uh seven six six or if i only wanted um read uh and execute permissions that would be uh so for example if we wanted for the user or the owner read write and execute permissions that would be seven and then for the group and for all of the users we only wanted read and execute permissions that would be seven five five all right so it's very easy to set permissions this way and again you're always setting explicitly for the user uh for for the owner the the the user the group and then all the other users on the system so that's something you need to take into consideration all right so now let's move on to actually uh changing you know directory permissions all right so if i list all the files here again you can use the symbolic mode or the uh the octal mode whatever is comfortable with you we have the test directory that we created so again if we wanted to provide it with all permissions you can see that it has read write permissions for the current user and for the group and the other users it only has read permission so again we can say chmod uh user we if we use the symbolic mode we can say user uh user group and other that's going to be equal to read write and execute and then we say test the name of the directory and we hit enter and now if we list all the files in here you can see that the permissions have been set uh and then again if we wanted to go back i can say chmod and let's say we only wanted the file to be re we only wanted the user to be able to read and write to this particular directory then we would say this is going to be equal to 4 plus 2 is going to be 6 4 4 and then we say test and we hit enter we again we can just confirm the permissions have been changed and there you are so that's how to set uh permissions on a directory however if there are other directories and files within this directory then we need to set these permissions we can set them recursively and to do this we can then type in chmod and if we use the r command the capital r command that means recursive permissions so again we can then say uh before we do that let's actually move this file the test file the test.sh file into the test directory and you can see it it tells us that we do not have adequate permissions and that's because again if we list all the if we list all the permissions here for the the directory uh if we say for example uh for this particular file let's say we want to say chmod 755 test dot sh and now we say move uh test dot sh into the test directory and we hit enter that is telling us that we cannot move it nuts primarily because of the the the permissions for the directory so we can say chmod 755 a test and we hit enter and then we can say move we can then say test.sh into the test folder here and we hit enter and now we can move it all right so that proves again that the importance of permissions and understanding them so now if we check the directory test uh the the files within the directory test we have the test.sh file so now if we wanted to to actually provide this directory and all the files within it files and directories within it recursively with all permissions i could say chmod 777 and that gives it read write and executable permissions for the the owner uh the group and all other users on the system so again i would say chmod recursively 777 and i'm using the octal mode as you would have guessed and then we specify the directory and hit enter and now if we list all uh the directory itself you can see it has all permissions if we list uh all the files uh within the the test directory if we list the permissions here you can see that the test.sh file now has all has also uh those permissions and they have been applied recursively so if i had any other files or directories within this directory uh they would have been applied as well all right so now that we have actually uh taken a look at file ownership uh sorry file permissions let's take a look at file ownership in this video we're going to be talking about file ownership which is a fairly simple topic to understand and again in the previous video we used the chmod operator or the chmod tool and in this video we're going to be using the ch own tool again which is quite self-explanatory it allows us to change the ownership of files and directories which is quite important all right so as we did in the previous video you can see that we were able to change the permissions for this for the test directory and the test files within it and i've just changed them back to some pretty standard uh uh to some pretty standard permissions here and again uh we also had the we also had the uh the test.sh file within the test directory so let's talk about ownership so as i mentioned the current owner of this file right over here is alexis and this is the this is denoted uh right over here so the ownership information and the group ownership information if there is any now as i said uh we we haven't talked about adding users and groups which is fairly simple we haven't talked about you know setting particular permissions for users uh you know uh within the uh the sudo as file but that's something we'll get to later so if we wanted to change the ownership of this file to uh to to let's say the root user i can do that very very easily so again i can say let me just go into the the root user here and now i'm currently logged in as the root user so if i wanted to change the ownership and i'll go into the test directory if i wanted to change the ownership of the test.sh file what i can do now is i can say ch own and again you can use the what is tool or the what is utility to actually give you some more information about the the ch own tool so again it tells you this allows you to change your file owner and group and of course change the ownership of a file all right so now if i wanted to change the ownership of the test.sh file from alexis to to the root user i can do this very very easily so i can say i can say ch own and then i specify the the the user i want to uh to actually change the ownership to in this case to the root user and then i'll specify the file name which is going to be test.sh and i hit enter and now if i list all the files here you can see that the owner of the file has been changed to root however the group of this file is still alexis all right so that's something that we also have to change to change the group or to change the group order here it's very simple we use the change group command which again is denoted by uh it is denoted by change grp so chgrp and again we can use the what is tool change drp hit enter and this allows you to change group ownership so let's say we want to change the group ownership to root as well or to the root group if we type in groups and we say root again that tells us what what group the root user belongs to and as you can see it belongs to the root uh due to the root group uh and again we can say groups alexis and uh you can see these are the groups that the user lexis belongs to it belongs to the to the group alexis adm cd rom sudo etc etc all right so let's say i wanted to change the group of this file so change group um and then i say change it to the group root and i want you to change the file test.sh and now if we list the permissions here or the ownership sorry um we can see now that the owner of the file is the root user and the the group ownership of this file belongs to the to to to the group uh two to the root group right over here all right so that is how to use the ch own and the ch group or the change group command to change the ownership of a file now again we haven't experimented with users yet and that's something we'll be touching upon quite soon so we'll be explaining this as we move along in this video we're going to be talking about how to use the grep tool in regards to looking for data or information in files all right so this is one of the most important linux utilities or tools that uh you can you can learn how to use and it will really improve your efficiency when dealing with data and working in the terminal okay so let's actually get started with understanding what it is and what it does all right so the first thing we can do is we can just use the waters command to give us a bit of a context or information in in regards to what this tool is and what it does so again it tells you this prints lines matching a particular pattern and again if you're interested in learning more about the tool you can always use the manual pages or go through the manual pages for the particular tool so there you are it gives you information or in regards to how to use it the purpose of this video is to show you how to use it in the most efficient way or in a way to therefore in increase your understanding on on how to use the tool and how to make you efficient with using it all right so uh before we we actually take a look at a concrete example of how to use grep we must understand two things all right the first thing you need to understand is there are two ways of using grip the first way is by using grip on its own all right so again we can just type in grep here uh and the other way of using grip is by actually piping the output of another command into grep and then finding what you're looking for all right so you might be a little bit confused but let me explain what it does in a very simple way so grep is a tool that allows you to find strings or patterns in files alright so that means you can search or specify for the data or the strings you're looking for in a particular file all right so let's take a look at a com at a concrete example uh we're going to be looking for a word within a the proxychains.configuration file now if you're not familiar with what proxychains is uh you can check out my proxy change video where i show how to set it up uh and install it but again it's it really doesn't matter because you can follow up with any other files you're working with all right so let's say i i wanted to find the word dynamic within the file the cro the proxy chains configuration file let's let's take a look at how to use it using the first method which is using grep on its own without piping the output of another command so we can say grep and then the command we want to specify after or the parameter or the variable rather is the the data we're looking for so again you want to encapsulate this within double quotation marks so again if it's a word we can type in dynamic now the thing you you must ensure is that this this search will be case sensitive and i'll show you how to omit at the case sensitive searches so let's say we're looking for the uh the the word dynamic and then we specify the location of the file we want to search for this particular word in so again proxychains.conf and again we can use the double tab here like so and we hit enter and again that displays the word dynamic chain to us again that's the the word that it was able to find within the entire file however as i said this say this particular search is going to be case sensitive now if we want to omit the case sensitive search we can use the i parameter or the i argument here so once we hit i that means that it will search for all files or for all words within this particular file uh called a dynamic all right so once we hit enter you can see now it gives us two lines in the files uh they are both different in the fact that the first one is in case and the second one starts with an uppercase d all right so again it's a very simple tool to to use and again you can now see how efficient and how great it is at finding bits of information within files so again we can say let's say we want to look for particular users within the password file so i can say grep and i can say let's say we're looking for the user alexis in the password file and then i say etsy password and we hit enter and then it displays the user account information for the user lexis all right so that's very simply how to use it now let's take a look at the second method or way of using grep and that's by piping the output of one command into crep and then of course finding the data you're looking for that way and the way to do this is by using the pipe the pipe symbol or the pipe key on your keyboard now you can find this key on the extreme right of your keyboard just before your numpad if you do have one all right so the way we use it is let's say we wanted to cut the contents of the password file so let's say we wanted to say cat etsy password and we say we want to look for a particular string within this file and to do this with grep we now enter the pipe symbol which means we are redirecting the output of this initial command and we are now passing it on to grep so now grep can do something with this output so we say grep i want you to look for the word dynamic all right and we type we hit enter and we and there you are so again it does not give us any options here um and that's because i did not specify user here so again say alexis and again that gives us the using the user account information for the user lexus and again we can just change it to the proxychains.configuration file here and we hit enter and we change this to dynamic sorry um like so and it gives us the data now a lot of people have been asking me since uh since i covered redirecting output uh as i mentioned there are two ways of redirecting output the pipe key or the pipe command is used to redirect output and you know further process the data that you're outputting the difference between the pipe uh the pipe uh command or redirecting output with pipe and the greater than symbol is the greater than symbol will not display the information on to your terminal it will actually just output everything or redirect all the output of the command that you have that you've used into a file or even another command so again if i say cat fc password and i use this i wanted to redirect the output into it uh into a txt file i can say desktop and say test.txt and i hit enter and now if i actually get uh the the the file on my desktop sorry i believe i'm in my home directory here and i say test.txt hit enter it it actually has the content of the file so again that's the difference when uh when i'm actually talking about uh redirecting output with both the pipe and the greater than sign uh which is very different so again the pipe symbol is the preferred way of using or actually passing the output of one command and processing it with another command like leg grip and you can use it with other utilities that will actually show you how to use uh for the further further along the series here so you can use this with any other command that displays output onto the screen so i'm just going to use one more command just to show you how efficient this is so let's say i typed in ifconfig and i just want my inet information i can pipe the output of the ifconfig command and i can say i net uh and i can just say grab i net here and i hit enter and it gives a it gives me my inet information whether that be ipv4 or ipv6 all right so you can now see how useful this is and i want you guys to experiment with this let me know what you think where you're not understanding how to use it and i'll be sure to make up for full follow-up videos if you guys are interested in it in this video i'm going to be showing you how to use the locate utility to find files and i'll be also making an another video after this to show you how to use the find tool to actually find files as well so they're two utilities that you can use in this video we're going to be taking a look at how to use the locate tool it's a tool that goes ignored by many beginners or newcomers mostly because of its relative simplicity but it's a very efficient tool and does what it's supposed to do so again we can use the what is uh utility here to tell us more about what this tool is so again we can just say what is locate and as you can see it tells us it finds files by the name which is very simple and again you can use the manual page you can use the manual for this particular tool to learn how to use it so i'm just going to be covering just enough to make you efficient with the tool and make you understand how it works and how you can use it in conjunction with grip all right so uh let's actually get started with a very simple example right so let's say i wanted to locate a file on the system right and i wanted to locate a the password file so i can say locate password and hit enter and you can see it's given me a lot of a lot of information here a lot of files called password on my system right now this is really not efficient because um again i'm looking for a particular file that i'm looking for which is bill which actually exists in the etsy file and we can see the result well that's not actually the result here with this is the result right at the top here all right however this really is not efficient or an efficient way of going about it right so uh this is where we can now specify the options that we can use uh that we can use with uh with a tool like locate so let's say we wanted to get only the files that match this particular pattern or these particular uh strings here so the password string so to do this we type a or we use the uh we can use the all parameter or option here and once we hit enter again that gives us the same information so what does that means is it's actually displaying all the files on the system uh that actually match the patterns of password here and because this file really doesn't have any extension we now have to deal with the actual path or the path that we we might want to be uh finding this file in now of course that is counter intuitive given that um i can say that this belongs in the etsy in the etsy directory and again that now it now actually narrows down uh the files into what they may be so again that's the the actual file where we were looking for but you can see how tedious this is so we can actually shorten this now by actually using the grep tool which actually showed you how to use and it's very very simple so again we're simply going to use grip to look for particular information related to the uh to the information that is is given to us by locate so we can now say locate and then we say we're looking for password and we close that and now we say we pipe the output and we say grip let's look for password uh within etsy within the etsy directory so again we can now say etsy here sorry fc and we say password or we can just say the etsy directory here and then we can hit close and you can see it gives us the results we're looking for it highlights them in red or depending on the color scheme you're using in your terminal so again we can improve the efficiency of this by typing in etsy password and we hit enter so this is a file without a particular extension which makes it relatively difficult to actually find but you can find it relatively easily if you use grep here um so so let's actually talk about um about another file that has an extension that we can use to explain this here all right so um let's say we're working with the the the resolve file or the resolve configuration file which is used for to modify your name servers which is available on our linux systems what we can say is we can say locate resolve and uh sorry resolve and we hit enter and again tons of files but now we know that this file has an extension so we can say uh locate it's uh we can say locate resolve uh dot conf and read enter and again it still gives us a lot of files but we're looking for the one that belongs in the that exists in the etsy folder again so what we can do now is we can say locate and we want to actually we're looking for we can use the all uh the old parameter here and then we say we're looking for uh all files with an extension or we're looking for a file with the with an extension of uh conf or config here so we'll use the wildcard option to mean that this we're looking for for all files with this particular extension so we say um all and then we say conf and we close those um these quotation marks and now we pipe the output into grep here and now with grep we can then say we are looking for resolve here and we sorry that is we're looking for resolve when we enter and now it gives us the information we're looking for and the first option here so again that's with the the actual extension of confirm so again we're limiting the results to only the files that have an extension of config or configuration and then we can use grep to find the particular string that is most important to us so let me give you another example because this seems very simple so let's say we're looking for the proxy chains right uh so we can say proxy change and hit enter and there you are you can see immediately now because that is a unique string it gives us the results immediately with the uh we with the uh the extension here and that's because we specified it so again we can just say locate you know proxy chains and hit enter and there's a ton of files now another thing you might find useful is actually displaying how many results are matching the particular pattern you have specified exist so let's say i want to say locate i can say all that means all the the the matching uh the matching patterns here so we say all and then we can use the c uh the c argument here which specifies or prints the number of matching results and then we say we specify the string we're looking for or we can just say we're looking for proxy chains and we enter and it tells us here that we have 25 uh files uh or results that actually have the matching patterns here now if we limit it to conf and we hit enter now you can see we only have two so that's essentially how to use this tool uh in regards to you know displaying the amount of matching uh patterns you have and if you wanted to locate so if we get rid of this here and let's hit enter you can now see the results that it tells us here so we have the one in the etsy folder and one in the the debian package management uh the debian package management folder uh in regards to its actual configuration there so that's how to use the locate tool now again let me just cover one more additional parameter you can use and that is the the eye parameter which again is very important and that means that you want to ignore case uh that's something i should have mentioned earlier all searches with locate are typically going to be case sensitive so again i can say proxy chains and i hit enter and we have no results right so if i wanted to ignore the case sensitivity of what i've just hit uh of the the pattern i've just entered i can just hit i and i'd enter and again we get the same results and i can now limit this to proxychains.conf and there you are and again i can i can partner these or i can actually combine these commands with each other to give us the information we're looking for so again a very very simple tool to use but again it gives you very consistent results in this video we're going to be taking a look at how to enumerate uh system information on linux now you might be wondering what exactly do you mean here well i'm simply referring to uh important information about your system and the user currently logged in as just information that you might need when you're currently logged onto a system and you might want to know more about what you're dealing with all right so let's get started now the first uh the the first thing we need to do is we need to find out what user we're currently logged in as and the host name and the use id etc etc all right so let's get started with that so the first thing i want to know when i'm logged in is who am i exactly and that tells me the current user that i'm logged in as and then if i type in host name uh that again gives me the current hostname of this workstation or of this computer in my case it tells me i'm running uh the hostname is alexis workstation now if you do want to change your uh your hostname you can you can do so by by modifying the host name file i believe that's what it's called the yeah there we are and you can see that mine is set to alexis workstation or ws which is an abbreviation of workstation so you can change this and in my case i don't want to do this so i'm just going to exit out of here so that is how to find out the current user logged in as and the host name now if you want to find the user id that you're currently logged in as you can simply type in id that gives you the current use id and again of course the user you then have the group id which is quite important and the other groups that this user is currently a part of now um in regards to groups and the groups that a particular user may be part of the way to enumerate this information is by typing in groups and then the name of the user so we can type in groups alexis and once we hit enter again it tells us the user lexis is a part of these groups so it's a part of the group alexis sudo among the other ones here that are essentially system uh system accounts here that you or system groups that uh really have to do with just permissions to a particular service um so that is basic user enumeration now let's talk about a little bit about the system and enumerating information like um like your uh like your linux distribution the version stuff like that so uh i'm currently using a debian system or i'm using ubuntu so again it's based on debian so the the practices are all the the techniques and the commands are quite similar on both ends now when dealing with uh you know systemd based distributions uh and all of course red hat based distributions the process is going to be slightly different and i'll explain why and how um so on linux if you on sorry on on on tpn or on ubuntu if you want to enumerate your linux uh if you want to enumerate your linux distribution version and the name you simply type in lsb release a and of course lsb is a utility and you may not have it installed but again it comes with um with db and ubuntu by default so again that tells us the distributor the distributor id the description again ubuntu 18.04 0.3 lts the release name sorry the release version and the code name here which in this case is bionic beaver so again you can also use the check the contents of the issue file so if we type in cat etsy issue you can see it tells us the same thing here um so that is for debian based distributions now um when dealing with system d distributions like um centos arch red hat also debian to to some extent you can also use the you can also take a look at the content within the os release file which will also enumerate on debian as well but i just wanted to explain that so you guys don't get confused all right so what you can do is just simply type in cat let's see os os release and again that gives us the information that we were looking for now on um on ubuntu and on db and if i hit enter it tells us nothing there if i then use the star or the wildcard we hit enter that gives us the linux distribution information and a bit more information regarding the privacy policy uh support url stuff like that and um now that's uh now that we've also covered the system the uh base distributions let's talk about uh dealing with red hat now on red hat um if you want to take a look at the uh the red hat release version uh you can i believe you can find it if i type in cat hc and then you type in red hat release now i'm currently not using a red hat based distribution so that would pretty much give you the red release version um so that's basically enumerating your distribution name uh your distribution version and name um if you are using you know some of these uh distributions based on debian or the systemd based distributions like arch centos or red at enterprise linux so again let's talk about you know enumerating information about your processor or your cpu so you can easily do this by typing your ls cpu and we can hit enter and again that enumerates information about your cpu so it gives you information like your architecture and the instruction set um the amount of uh the amount of cores the threads per core the cost per socket sockets vend id cpu family the model model name in this case it's an i5 8400 uh the stepping the the frequency here in megahertz so max and minimum as well so 4 gig by 4 gigahertz and the minimum of 800 megahertz uh virtualization and then the l1 l2 and l3 cache and so information about your cpu all right so now that we've taken a look at enumerating cpu information let's take a look at enumerating kernel uh information which is done using the you name uh using the unnamed command or utility which essentially stands for unix name so again if we just type in what is your name here and you can see it says prints system information and guess the name and information about the current uh kernel so using it is very very simple so if you type in your name a that displays all the information so again it gives you information about like your uh your host name the current linux kernel that's that's installed and currently running and then you have the uh you then have the instruction set here i'm going over the the important information so again we can uh we can actually take a look at the various options that are available here so again we can say if we want the kernel uh we if we want the kernel version here we can type in uh we can say you name s and that tells us the kernel that we're currently running which is the linux kernel the version here can be printed out by typing you name uh i believe it's your name r that's the current release so in our case it's version 4.15 which i believe is stable not too sure um and then if you want again if you want the the information about the the instruction set for your processor you can type in your name you name p again that gives you the instruction set in our case x 86 64. uh and then if we want the hardware platform we can type in you name i so we can say you name i the hardware platform again that's the that's uh the information in regards to the architecture and then the operating system uh we can say you name o and it enter gnu linux so again just basic information regarding your system but uh the key bits of the important pieces of information here are your kernel and the instruction set of course so that's essentially all the information uh that you might want to enumerate regarding your system or you might be interested in now dealing with um with disk usage and um disk uh and disk usage disk space i'll be making a separate video on that so uh you guys can stay tuned for that but in regards to your system this these all the commands that you can use to find information about your the current user that's logged in uh so again if i type in who again that tells me the current users that are logged in in my case it's uh the only user is alexis so that's just an additional tidbit so again we've covered you know the user id the group id and we've also covered enumerating distribution information and the kernel information so in this video we're going to be covering how to use the find tool and we'll also be taking a look at some challenges on of the wire bandit uh more related to what we're taking a look at in this video which is how to correctly utilize the find command to look for files or directories within your system so an extremely uh you know very useful tool that will really help you save time when looking for particular files and i'll be showing you how to use it right now most efficiently so again we can use the what is utility to find out more information about the tool so again it tells you at this this tool allows you to search for files and in a directory hierarchy you can also check out the man pages for this particular tool and again you can go through all of this if you want to i'm going to be covering all uh the the information that is necessary or that will make you the most efficient with this tool all right so let's get started let's stop wasting time so using the tool is very simple we say find and then after sayings find we need to specify uh the directory we want to we want to search in so again we can specify the current directory that we are currently in uh by you know using the full stop or the dot uh or we can specify the entire linux file system directory which is done by using a forward slash like so as you would when navigating directories or i can specify an individual directory that i want to uh that i want to search in so i can say home alexis which is pretty much the directory we're working in so what i'm going to do is i'm just going to search the entire linux file system directory which if you're going to do you do require root or pseudo privileges otherwise you'll not be able to access files and directories that you know you do not have adequate permissions to access so i will also add the pseudo command here so again we're going to find files within the linux file system directory we then specify the other bit of information that uh will help us fine-tune our results which is of course going to be the type that we're dealing with so the type in regards to the find command is very simple it simply refers to what you're dealing with so are you looking for a file or a directory and that can be denoted by either using f for file or d for directory in our case we're looking for a file so we're just going to hit file all right so very simple next we specify the other variable that again will help us fine-tune our search results and is very important which is the name so what is the name of the file you're looking for so i can say proxy chains and i know i'm using the same example but again i'll show you how robust this is in a second so i can say proxychains.conf and after this i can pretty much hit enter now the important thing to note here is that i can use uh the grep command in conjunction with find to you know pipe output and specify configuration files by themselves similar to what we looked at when we're taking a look at the locate tool uh so i can just hit enter and you can see we found the configuration file and we didn't have adequate permission for some files which is perfectly fine um so that's how to use the find tool and i've shown you the various parameters you can use so you can specify the type uh the name uh which i'll show you how to how robust it can be in a second so let's take a look at the same example so i'm just going to say find um and you know we can just say sudo sudo find and we say the type is going to be a file which you can also change to directory if you are looking for a directory so for example i can say directory and then i can say name and their name is going to be alexis look for the directory lexis and hit enter and their ui tells us oh we have various uh directories here so we can see we have um we have the home directory here and a few other files here that uh i've actually popped up from my external hard drive which i don't think are that important but there you go that just shows you how robust this tool is in regards to you know looking for particular files so you can change that up so so let's go back to our previous example so i'm just going to say the name is going to be proxy chains now i mentioned in the previous video the the case sensitivity which is quite important so if you are performing a search uh in which you do not want any case sensitivity you use the i name command instead of the name command and then after this you can say i can say alexis for example and of course it will ignore all the cases here so i can you know i can combine it with whatever uppercase up and lowercase uh characters i want and i'll still get i'll still get the same results uh and i can just hit enter and uh this time again it gave us uh the same results but uh it gave us different results because we are looking for a file so if we change this into a directory here you can see that it's going to give us the same results that we had in the in the initial run when we're looking for uh you know directories uh called alexis so that's how robust this tool is so i talked about using um using extensions which is again very very simple so let's say we're looking for extensions and we're looking for all uh conf files which belong in the etsy directory so i'm just going to say etsy and we've now written it down we can say name is going to be i can say um uh we can just say conf and we'll use the wildcard uh so i say conf we'll just use the same configuration file extension uh and then i can say grep and then i specify the name of the file right so uh you know i can hit enter and this is going to display all the configuration files within the etsy directory but again i have to specify the uh the file specification here and i'm going to enter and there you are so it gives you all the configuration files so very simple tool to use now let's talk about the other variables that you can use to specify that will help you fine-tune your your search results and that is by specifying the size of the file and the permissions all right so again we can just use a simple example i'm just going to say find and i'm going to say we'll say type and that's going to be you don't really need to specify the type if you don't want to it's just there to help you fine tune your results so i can perfectly ignore it if i know what i'm looking for precisely i can then say you know name and the name is going to be proxy chains i can say epoxychains.conf you know i have the whole name and then i can say size i'm looking for a file with a particular size so i can then use the various options i have so i can say it's going to be plus one megabyte which can be done like so uh or i can you know i can save plus a hundred megabytes whatever i want to say so in this case let me just say plus one megabytes and hit enter and uh well we're getting uh various permission errors here and that's because we'll just say etsy hit enter and i will say sudo and there we are and we got no results at all i just wanted to to actually provide it with the adequate the adequate permissions so that i can show you that if we use uh you know if we use parameters like these size and we specify it down to due to the actual size of the file we can sort of uh fine-tune our results very very uh to a very deep granular level so if i just um let's say um etsy and i can then grab proxy chains conf and i hit enter here you can take a look at let me just change this to a human readable format so you can say it's about uh four kilobytes here and uh we can then you know you can specify the size depending on on how you want it and i'll get back to this uh when we'll be taking a look at the uh the over the wire banded challenges because that's where i really want to showcase the power of the fine tool let's talk about permissions before we actually get started with at the over the wire bandit challenges and the permissions are very simple to to actually specify here i'm going to be covering you know users and groups and we'll be taking a look at that example but let's talk about uh permissions first so permissions allow you to find again files that have particular permissions very very straightforward here so you know i can say um let's say i create a file go to my desktop here and i'll say touch alexis dot sh you know just a simple shell script or a bash script here hit enter and i say chmod 400 alexis dot sh and hit enter and they say find within the home directory i can then say let's say we're looking for a file type is going to be a file we don't have a name but we have permissions so i can say firm let's look for let's look for files with the permission of 400 which means um which means that the the the owner or the user can read the file um but the other group and all other users on the system are not able to access it so again uh that should give us a few results but we don't have adequate permissions for the other files so you can see we get the result right over here so you can use permissions to help fine-tune your search results and get the exact results you're looking for you know we can also specify 744 we hit enter and uh it looks like we had a few files with those particular permissions but nothing no no important files that we that don't have the correct permission so you can see that this can help you find a files on your system that have incorrect permissions and then you can rectify them uh you know like so instead of going manually and checking for their permission so very useful tool now that we've taken a look at how to use the tool let's take a look at how to implement it in some challenges and that's what we're going to do in the next step which is the over the wire challenges so you can follow along if you want to and i'll see you there all right so we are back on over the wire and i'm currently on the bandit uh on the bandit web page here and uh you you can get access to this challenge by following the instructions on level zero uh the levels we're interested in are going to be levels four five uh level fours uh to level four to level six so again we'll just go to level four here and i currently have access and i've solved the challenges uh all all up till level four so we can get started all right so uh you can see that uh level four pertains uh actually finding a file so you can see the password for the next file or for the next level is stored in the in the only human readable file in the in here directory uh tip if your terminal is messed up you can try the reset command and again it gives you the various commands that you can use to solve this level so again let's go back into our terminal as you can see i'm currently on bandit 4 and we can list the files within this home directory and you can see we have an in here directory so let's uh let's go in here let's see what's going on so if you list the files here you can see we have various files and if i if i try cutting one of these uh one of these files you can see that um sorry let's specify that hyphen there let's say file zero zero we can hit enter and you can see it has a various uh it has various pieces of data and of course our job is to look for files within this in here directory that have uh human readable data so again what we can do is we can use the find command here uh to actually find uh you know the various files that have human readable data so i can say uh in this current directory and we are looking for um [Music] we can actually just say find and then in this directory uh we're looking for the type it's going to be a type of file here and then we can grip the output or we can pipe the output sorry and within we can use the x args command here to look for um i believe it's uh if we just expand this uh let's take a look at how to use x cogs one more time uh we wanted to display uh the file read items from a file uh instead of standard uh standard input uh and yeah this if we type in file that should tell us the files that we're dealing with all right and this will help us shorten the process so let's go back in here as we say file in it enter and as you can see it tells us that in file 0 7 we have some ascii text however in all the other files we have data so again we can access this file now we can just cap the contents of this file and we should get the password next level all right excellent so we can copy this let me exit and we'll go to bandit level five here i'm going to enter we'll just paste in the password and we can get started now all right so let's take a look at what a challenge or level five uh pertains so again it says the password for the next level is stored in a file somewhere under the in here directory and has all of the following properties it's human readable um okay all right it's going to be a human readable file um 1033 bytes in size and it's not executable all right so that's uh an option these are all the these are all parameters that we'll have to specify to some extent so let's actually get started so uh these are going to be in the in here directory so i'll just go into the in here directory and you can see we have uh other directories within this so we're going to just say find uh and we're going to say type is going to be a file uh we were told that we have it's going to be human readable so you can use x args there uh size i showed you how to specify size now the the thing about specifying size in bytes is if we just take a look at um we take a look at the at the find tool and we just grip for some for size you can see that it tells us the size does not count indirect blocks uh etc so size one megabyte is not equivalent is not equivalent to size so if you're specifying it in bytes you need to specify uh the actual number and then the c here all right so that's what we have to do so um we just go back in here and we go to type a file and then we say size is going to be 10 33 c and then after this um we're supposed to us the file is not is not executable so we can then use the logic um operators here so we're going to say not executable and executable is another parameter you can specify and then we can use xrx here and we're going to say file and hit enter and you can see it tells us that maybe here07 and file2 has some ascii text with very long lines all right so let's cut the content off this file and just get it we're just going to enter here and we have the password so let's exit and go on to the final level in this particular video so i'm gonna go into level six hit enter and i'm gonna paste the password in here and we can now take a look at what level six pertains uh so level six the password for the next level is stored somewhere on the server and has all of the following properties so yeah this is now where we have the user and group specifications which is really simple so again we're told to look for a file on the entire server owned or the the entire linux file system that is owned by the user bandit seven and is owned by the group bandit six and in 33 bytes in size all right so we can then say um it's on the entire server we have any files here no we don't so we can say find and we're looking for a user which is going to be bandit seven and a group which is again very easy to specify group is going to be bandit 6 the particular file we're looking for is going to be 33 bytes so 33c [Music] i think that's pretty much it in regards to the options or the parameters that we were given so let's actually see if we can find this file when it enter and we get various you know permission denied errors here and it looks like we get a password file here so that's under the var folder or the var directory and it's a bandit 7 password so let's copy the directory do that the actual file path the relative file path and cat the contents of that and we get the password to the next level and i'm just going to hit exit and we can move on to bandit level 7 which is now is is going to pertain to another challenge which is out of the scope of this video so in this video i'm going to be talking about shells now this might be a little bit confusing for you if you're a beginner to linux but um you the only thing you need to understand is that your the various types of shields you can use on linux now if you're using ubuntu or debian the default shell that you'll be you'll be given is going to be called the bash shell all right and again i can confirm this by echoing my variable my shell variable here so i can say echo shell and again it tells you the the current shell that i'm using which is bash now bash is an acronym for the born again shell uh so that means that there was a born shell and you're familiar with it and that is the sh or the sh shell so uh all of these shells can be used to to actually work with the linux system that's that's entirely up to you my objective in this video is to explain how to change your default shell and not work with the bash shell all right now on linux if you want to actually display all the shelves that you currently have that can be used uh you can essentially just read the contents of the shells file in the etsy directory and i can hit enter and you can see it's going to tell me it's going to tell you the valid login shells you have so we have the born shell which is the sh we have the born again shell which is bash which is the preferred shell to use you then have our bash and dash which is pretty good and then you have fish now i just installed fish and again many of you have been asking me to cover this i'll explain it after i've after actually explained passion how to use it how to customize it and stuff like that so for the purpose of this video i'm going to be using i'm going to be using bash and i'll later on cover the other the other shelves that you can use and you know using fish so the first thing is how to switch from shell to shell within a given terminal instance so i'm currently using the bash shell if i wanted to switch into the bond shell i can just hit sh and hit enter and you can see i'm now in the bond shell and again all the linux commands work perfectly fine i can hit all the various linux commands that i could run so i can list all the files in here etc etc you get the idea right so i can then say cat etsy shelves and again we can take a look at the shelves we have i can now go back into bash i can go into dash if i want to and again that takes me to in into into dash you can say echo and we can again confirm this and hit enter and it tells us we're still in pin bash that is because we're currently within this instance but if i changed it as my default login shell which i'll show you in a second how to do so let me just go back into bash and we will actually let me just clear this out so there we all right so you can see how easy it is to switch between shells in a particular terminal instance now by default as a user account on a linux system uh a you will be specified a particular shell to use and that can be found in the password file so if i hit enter so let me just grab it and display my account you can see that the shell is specified here and i'll explain this when talking about users and groups you can see that uh the default login shell that i have been specified to use is the bash shell which is perfectly fine now the great thing about linux is when creating the user you can specify the shell that they're going to use however you can also change the shell of the user or the user can change the shell that they want to use when they log in or every time they log in and the way we do that is by using the change shell command or the change shell utility which is defined by chsh or that's an actual abbreviation of the command so i can type in what is chsh and i'm going to enter you can see it tells you this allows you to change the login shell all right so if i want to change uh the default login shell all i need to do is let me first display the shells that i have here one more time all i need to specify is their relative path all right so if i say chs8 it's going to ask me for the password of my user here when it enter and it's going to say changing the login shell for the user lexis enter new value or press enter for the default the default login shell for me is bash so if i wanted to change it to to fish for example i would say user sorry that is user bin and i say fish i'm going to enter and that changes it for me all right so what this means in essence if i type in cat hc password here what this means let me just display the results here you can see that it changes uh the default login shell so this means that uh when i log out and i log back in uh what's gonna happen is that i'm gonna be given the fish shell as my default shell instead of bash so if you're wondering what the fish shell is uh you can install it very easily by typing sudo apt install or apt-get install whatever you find is useful for you just hit enter and i already have it installed so that's how to install it so what is fish fish is a friendly as a friendly interactive show it's a great show for beginners extremely customizable and you can see once i typed in fish it allowed me to log in the great thing about fish is it allows allows me to actually it actually gives me predictions in regards to the commands that i might be interested in running we'll get to this in a second let me go into bash all right so that is how to change your default login shell all right so again i'm right now i'm currently set to use fish as the default shell when i log in every time but let's talk about bash because that's uh that that's the primary goal of this video because it's the most used shell and the one you'll be coming across mostly so in my current home directory so in the user lexis directory here i have various bash files bash configuration files uh within this directory so i'm just gonna grab them and i'll say bash and of course they're gonna be hidden so i'm just gonna hit enter and as you can see i have a bash aliases file which you're not going to have by default i created this and i created it to to prove a point and to actually demonstrate an example here we then have the bash history uh file which has uh all your history of all your commands and this is very different to your actual gnu history uh utility um you have bash log out and bash rc bash rc is your bash configuration file i'm not gonna cover how to configure it it's extremely straightforward and you can pretty much configure it directly uh by using the preferences tab right over here but we can take a look at it i just want to show you how it is so and if we take a look at it here through vim you can see that it essentially allows you to to configure set variables i change the color change the the size of the history of the history file um let's see what else you can actually do here so there you can you can change the color this is all to do with color and you can you can do a lot of other stuff with uh in regards to customizing how it appears and and how it works so for example if i wanted um if i wanted bash to actually run the fish shell instead of the bash shell every time i started up i started bash up i would type in fish right just at the bottom here and let me save this file now and if i open up a new terminal you can see immediately it opens up the fish shell so that's pretty cool but this isn't the correct way of doing it or the preferred way of doing it so i'll just get rid of this fish command here and i'll save the changes here all right so now that we've talked about um now that we've talked about the bash rc file let's talk about the bash history file which is very important all right so by default in linux you have the history command um which again let me just type it in the history command is essentially the new history library now the the history uh this essentially allows you to to actually check uh a lot it stores a history of all the commands you've run and uh you know you can clear your history very easily by typing in history c right and it's as simple as that but it's not to be mistaken or confused with bash history which is again uh is specific to the bash shell or the bone again shell so again this file will contain a list of all the commands that i've run and and i'll show you how to clear it so if i get the contents of the file uh you can see that it it has all of these commands that i've been running so far you know perfectly fine and if i wanted to clear it it's very easy i can just redirect the the contents of the so i can say dev null and then [Music] i can redirect the output into the actual bash history file they bash history here hit enter clear this out if i now try and catch the contents of the bash history file you can see it has nothing so i've been able to clear my bash history i think i've covered this in my one of the videos where i spoke about uh actually clearing your tracks on linux so this is a great way of doing that and of course you can then use the history command if you want to do that so that's to do with actually using the um with actually working with the actual bash history here now let me talk about the bash aliases file all right so the aliases file is very simple it allows you to specify aliases or command aliases that you'd like to use now you can just create a file within your home directory and just name it bash aliases so what i'll do is i'll actually just show you the contents of the file so i can just show it show it to you right over here so bash aliases hit enter and you can see i have two aliases i have alias update which runs the command sudo apt-get update and then i have upgrade which runs the command sudo apt-get upgrade so it's fairly simple to understand what happens so i can just type in update and that will update my packages and then i can type in upgrade and that will upgrade my packages instead of typing the commands over and over again so that is what you know the command aliases are and how to specify them so again it's very simple in regards to configuring it in this video i'm going to be showing you uh how to enumerate intermission in regards to your current disk usage and in information you know in regards to how much storage your system is consuming how much you have left the various disks attached to your system etc stuff like that all right so as i said in the previous videos in regards to enumerating you know information about your system it's very important to know uh the state of view system and that you know could include the current ram usage uh what you the temperature of your processes are you know so again it's very important to know as a system administrator or someone who is going to be you know using linux uh you know more and more every day uh how to enumerate information and useful information like your current disk usage and the various drives that you have installed on your system so let's talk about disk usage first which is quite important right because when working with the terminal you have no gui you know programs that can actually you know visualize this for you so it's very important that you understand how to do this extremely important so the tool we're going to be using is a tool called du right and again it's fairly straightforward what that means that means disk usage so i can just say what is what is du and i can hit enter and as you can see it tells you this allows you to estimate file space usage right now du is a very simple tool to use and you can take a look at the man pages or in regards to how how to use it um so let's actually just run a simple command within this current directory and i'll show you what i mean so if i if i hit du uh you can see that this is um there's something weird happening here right so it's displaying a lot of files and uh when i say that it really is displaying it's displaying all the sizes of all the files within this directory recursively all right now you might be saying well what does that mean exactly well it means that it's actually showing you the size of all the files within a current working directory all right that's essentially what it means now what current directory am i working in i'm working in my home directory so we need to make this a little bit more human readable and the way we do this is by typing du and then we specify some arguments the first thing we want to do is we want to summarize all of these results into a uh into a format that we can understand right so instead of displaying recursively all the files here show us the top level directories and the total sizes of those directories and then we can go recursively within those particular directories if we wanted to all right so the s command is going to summarize everything up and then we want to use the h command the human readable format within this current working directory and i'm going to hit enter and as you can see right over here tells you it gives you a beautiful list of all the directories you have in this particular directory and on the left hand side you have their sizes in human readable format which means they have uh they have that they have size uh they have uni their various units in megabytes and in gigabytes and you know so far the the only file that's crossed at the threshold of one gigabyte is my virtualbox folder so again you can use a tool like trep to if you're going through tons of files on a system i'm just using simple examples here so you know i can say grep and you know i can say one uh one gig and we can hit enter and again that can be used to enumerate all of these all of this type of information or i can just say g g would be much better and there you are so again that's how to use grep in conjunction with all of these commands so that's how to use the disk usage tool now again i can go on to my um let me just go uh actually let's let's just go into the linux file system itself and say sudo uh eush and we'll run the same command and again we can hit enter and again that starts to enumerate the sizes of all of these directories now mind you it has to go through all of these directories and the subdirectories uh directories recursively to get this size so again for some particular files you will not have the adequate permissions to actually access so again there you are it gives you uh all the information you're looking for here and we can you know we can grab it to we're looking for the the big g for a gigabyte so the home directory has quite a few files the media directory uh the snap swap file user var etc etc um so let's take a look at one command i'll just go back into my home directory and i'll say man eu and we'll hit enter let's look for one one more command that yes the c command which will produce a grand total which i wanted to explain so i can say to you shc and hit enter and again that gives you a total of um it gives you a total of all of these files uh it gives you a total of all of the files and directories in this current working directory all right so that's pretty much how to use the disk usage tool uh to analyze the current disk usage within a particular directory now let's talk about the df tool so i can type in what is the fn8 enter and this is going to report file system disk space usage so we were talking about disk usage in a particular directory right but now we want to know our disk usage in relation to the total amount available right so we want to know how much we've consumed uh in our current uh disk where we have our home directory or just on all our drives right and to do this we type in df so again let me just open up the man pages so df um you can go through all the other arguments you want and we'll just quit and we'll say df for example all right so that displays a lot of information here that we we really don't need we're pretty much looking for our our system disks uh only and uh we can sort of narrow this down first of all by typing in so we can say df h is going to be for human readable format so again we can say man df and we say grep we're looking for h like so and uh sorry let me just uh we're looking for h here so again h is for human readable format all right so we can then say dfh and we can pretty much hit enter all right and what this does now is it's going to display all of all of your drives for you here and you then have the various so for example storage device c is the current uh file uh the current drive that i have my system installed on so it gives you uh it sorts it out into the file system size and a human readable format so gigabyte megabyte etc uh the amount used the amount available the usage percentage and where it's mounted so uh you can see that dev sd storage device c1 is mounted is the actual linux file system directory i then have various other external right so let's say i just wanted to display the storage devices right so i can you then utilize the grep tool i can say uh i can say grip uh sd and hit enter and there we are so it tells me all right so um you have sd sdc one and sdd1 so sdc1 has a total space of 117 gigabytes um and again we can what we can do here is uh we yeah that's perfectly fine so you have the um you have the current usage percentage which is 16 percent uh the amount point and then for my external drive you can see uh this is the total amount available uh the amount used the amount remaining and the usage percentage and where it's mounted on which is the media because it's an external drive all right so that is essentially how to use the df tool now we can specify additional options to uh to to actually only display results that we're looking for in regards to um to actually file file system formats so if you're looking for xt for ntfs what we can do is we can say uh we can say df h t right so t will specify the the file system for format so again we can say xt4 and we hit enter and that's going to only it's going to it's only going to display linux file systems and i'm going to enter and you can see it tells us sdc1 and it gives us all the relevant information regarding the the size used uh used uh data the amount available and the usage percentage which is currently at 16 so again that is how to analyze your disks uh your disk usage on linux and uh how to you know actually deduce how much disk space you're using how much is left the usage amount of where your various disks are mounted on etc etc uh in this video going to be talking about creating archives so you know creating tar files dart or gzip files and then extracting them so just how to manage and maintain the various archives you will be creating now there are many reasons to create archives on linux of course one of the reasons is it saves space uh you can if you're taking backups of particular directories uh it's great to have an autumn an automated script to to actually automate the process of archiving the files uh that's something that you can take a look at with my shell scripting series uh the link to that will be in the description section if you're interested in learning some shell scripting uh but let's get started with this video so uh the tool we're gonna be using is the tar tool now tar is an archiving utility as you can see here and again if we if we take a look at the man pages for this particular tool uh it gives you the various options that you can use you know in regards to creating uh archives comparing them deleting them etc so there's a lot of stuff in here the purpose of this video is to show you uh or to and to explain to you how to create uh how to create archives uh how they differ in terms of the extension and of course how to extract the various archives that i that you'll come across all right so uh on my desktop what i've done is um i've created a simple directory here uh let me just uh remove this uh this directory right over here um there we are and um so i created a directory called file and within this directory uh you can see that i've created a a test.txt file that contains uh the contents of the password file so just a random file that you know you may want to uh you may want to archive or random directory that you you may want to archive so if i wanted to create a tar archive of this file directory what i would do is i would say tar and then i would specify you know some arguments here in in regards to what i want star to do so first of all i would want dart to compress the file um and then of course i want uh i wanted to compress this file so we're specifying the file um now after this we specify the name of the archive that we want to give it so we'll just call it file dot dar this is different than a dar.gz archive and i'll explain how that differs shortly so then we specify the the directory that we want to actually archive and we hit enter and there you are so you can see it created uh the tar file for us and of course if we type in um file and file.tar you can see it tells you that this is a tar archive gnut or archive here so that means it was it worked correctly now um let me remove this uh the star archive here and if we run the same command that we did sorry about that let me just um let me let's do it one more time so you can say tar we can also use the uh the v command and that will give us some verbose output in regards to what files are currently being processed uh you know in the overall archiving uh process so again we can say tar cvf and then we say dar we can just say file.um file.tar and then we specify the directory and we hit enter and you can see it then gives you a the post output and we get the dar the file.tar archive here so if we want to extract a tar archive that's a very very simple thing to do all we need to do is we say tar guitar and now that we want to extract it we use the x command uh by the way you can you can negate or not use the iphone here but i personally like using the iphone just so that i understand where my syntax is going so i can say extract and we can verbose you know we can have some verbose output and we say extract the file and then we specify the file so we say file.tar and then we can provide an output for it or you can just hit enter and it you know it extracts it for us and because we already have the file here uh it will essentially overwrite the uh the newer files if the if there are any new changes etc so we can uh we can remove this directory and do that one more time here so we can say star xvf file dot r and we hit enter now if we list this you can see that we have the file directory here all right excellent so that's uh working with star files and that's you know a standard tar a guitar file here uh now let's talk about gzip files so if i say what is gzip and uh you can do this with star again uh it's a very very simple you that's the preferred way of doing it so uh let's take the um the same or we can just remove the file dot our here so let's take the same file directory here and if we want to now use the or compress it into a third or gzip file using gzip of course then we would say tar uh now we are compressing it so we say c z uh f or c z c v z f or c z v f whatever you want to use in our case we we don't want to work or we want to display uh you know some the verbose output so we can just use the czf and then we specify um we specify the name so we're going to say file.tar register and then we specify the directory that we want to archive or compress and we hit enter and you can now see that we created the gz file here so if we type in file and then you know just to find out what we're dealing with the ui tells you we're dealing with a gzip compressed data so again we can extract it really simply by saying dar um dar x z f x z f and then we say file dot r g z but uh before we do this uh let's remove uh let's remove the actual file directory here so we say term x zf and then we say file.gz and we hit enter and it'll then give us the file directory which is right over here so again we can cut the contents just to show you that it's worked just fine um you can see that it's the entire content of the password file so that's pretty much how to work with archives i'm not going to be covering the various other utilities that you can use so for example bc2 which is again very simple use uh in regards to using bzip2 for compression i wanted to show you how to use the tar uh guitar utility for archiving files archiving them and then of course extracting them so it's the most reliable and consistent way of working with archives on linux and it's great for you know taking backups and with the help of a shell script you can easily automate the process in this video i'm going to be talking about uh you know adding managing users and groups and then in the follow up videos we'll be talking about user security and sort of securing the authentication uh section or area of of linux so let's get started now i just want to give you a bit of a premise i'm currently running a um currently logged in by ssh onto one of my uh linux servers and the reason being is as we move on into this series to to the end or to the completion uh i'll be covering security uh you know various security aspects that we will require a lot of testing so again uh that's primarily the reason so let's get started now by default uh you can see that i've created another user called admin and i'm currently running ubuntu server so what's going to happen is uh it is recommended never to only be using the root user and that you need to have another user in which you can then uh start you know applying various permissions to so by default on ubuntu uh when working with users again is a very very simple syntax in regards to adding them so what we're going to do is we're just going to create a user here we're just going to say user add and you can take a look at all the uh the various options you can use when specifying a user so if i just say uh user add and i hit enter you can see it doesn't give me any prompt but if i say user add alexis and i hit enter it will give me an error with the um it will give me an error with with a lack of permissions now i did this uh you know deliberately so that i can demonstrate uh how to use groups before we actually take a look at that so i'll just switch i'll just switch into the root user here and we'll go into my home directory and we'll just say v sudo here uh so we'll say v sudo and what we want to do now is we have the user admin uh but we want to we want to actually have this user [Music] we want to add this user admin into the sudo group which will essentially allow members of the group to execute any command now i can do that or i can also add them to the admin to the admin group which which would be better um so again we can sort of customize the various uh the various commands that we can specify and i'll get to this in a second so uh what we want to do now is i'll just exit and i'll say user mod and i'll say user mod a g ad group and then we say admin and the user admin and we hit enter and that's going to add the user admin into the group admin so you specify the group first and then the user there that might might seem a bit confusing but if i just say groups uh groups admin you can see that it tells me that the user admin is in the group admin all right so if we go back into the user admin here you can see it tells you to run a command as administrator use user root use the sudo command so again we now have permissions to do whatever we want so if we go back here we can say sudo user add user add and again that will give us the same option so if we say user ad alexis uh it's going to add the user now the problem with this if i display the password file you can see that the user alexis by default will be given a home directory that's perfectly fine and the diff the default shell will be set to the bond shell so what i want to do is let me show you how to remove a user so to remove a user we say user dell and then if we want to remove their home directory we say uh r or we use the recursive command and then we specify the user so we can say alexis and again we need to use um the we need to use the sudo command here because we require root privileges so it's going to remove it's going to remove the user so if we just display the uh the contents of the home directory we can see that the only user directories we have are for the user admin all right so now that i've explained that let me show you the correct syntax for adding a user here so again i can just say user ad now uh in regards to the actual commands you can use you can take a look at the man pages uh sorry um user ad and you can take a look at all of these options and there's a quite extensive options you can use in regards to creating user but in our case we want to say user ad and um the first thing we want to do is we want to make sure that this user has a home directory with its username appended so we can say m and then we can add a comment so again this can describe uh you know something about the account and what it's used for we can just say alexis and we can then specify the shell this is very important if you want a uh if you want the user account to to use a custom shell in our case we'll just say bin bash and then we specify the name of the user account or the username and we hit enter all right so again it tells us we need sudo privileges so let's add that and i'll just hit enter and the the user is added now this user doesn't have a password yet so to add a password for a user we can say we can use the password command all right and again it requires root privileges so if i wanted to change the password for the admin account or for the current account that i'm using i simply type in password and it'll say changing password for admin and it'll ask me for my current password i'll enter a new password here and the password isn't changed so i just wanted to demonstrate this so again i can just say let me just change the password here and i'll just change it to something different and there we are so the password for the admin user has been updated successfully if i wanted to change the password for another user i would say password alexis and hit enter so again we we can use the sudo privileges because we're now modifying and sorry about this let's just add um and there we are so now we've added the password for the user lexis so i can directly switch uh into this user account and i'll show you something interesting here so i can say sudo alexis um and i switch into it and um there we are so now if i try and do something like sudo apt update here uh it'll ask me for the user for the password and um well i think i entered the correct the incorrect password here so if i enter the correct password you can see it's going to tell us that alexis is not in the sudoes file this incident will be reported all right so that's um that's essentially telling us we don't have adequate adequate permission so if we go back into the admin account um we can now play around with the sudoers file so again we'll say sudo vsudo and we'll hit enter and let's talk about now adding permissions and before we actually take a look at groups right so typically with ubuntu uh you can see that it gives you all of these various groups you know right out of the bat and you you can specify specific user privileges under this right over here so you can see for the root user um it can run it from all uh sessions irregardless of whether it's a tty uh or a remote session uh and then you know for all users in all groups and it can run all commands so again again just say alexis and let's say all or you know i can just simply say uh all sorry that's always going to be equal to all and so that's pretty much uh all users um and then in regards to the command specification which you specify here so this user can actually run all permissions or i can limit it to you know certain permissions if i want to right now again this will pretty much this this will pretty much allow me to to actually run uh specific commands so for example if i wanted to only allow this user to say for example user bin apt get for example um so what i'll do is i'll just save this file and we'll go back into the user lexis here um and we'll say and then we say sudo apt get and many of you might be catching on and you'll see what happens here so you can see that that works now and we're able to run only that command with root privileges so we'll just wait for this to actually update the repositories let's try and run another command with root privileges and i'll show you what will happen here so again my apologies my internet is really not that quick um so we'll just wait for this to complete and um so there we are got the repos and you know i can pretty much install software and i can use the app to get a utility so if i say sudo um let's say vim hc ssh sshd config if we open this you can see we're not allowed to do this so if we go back into the admin user you can see now this is a great way of you know specifying um specifying permissions for users so additionally what i can do is i can use groups right now i have the user alexis here and let me just comment this if i say all commands uh that means it can run all commands here without any uh without any restrictions so we then have groups right now groups allow groups essentially allow users to allows you to group users you know based on their particular role or responsibilities now in this case we have two groups we have admin and sudo and they essentially allow users to execute all commands with root privileges here um so uh what we can do is uh we can create another group here so uh we can just exit out of this uh well actually no we can just modify this one more time because uh i want to actually comment this in regards to the permissions here so we'll just exit and let's talk about groups all right so let's talk about groups in linux now groups are a great way of sort of collectively applying permissions to you know groups of users that you know you may want to have uh you know the same privileges uh or permissions uh and you know it's a great way of blanketing various permissions on different users and a great way of of course segregating roles and duties within a system so it's a great way of actually actively uh actively approaching uh the whole idea of segregation of roles and duties so let's talk about uh creating groups uh deleting groups and of course working with permissions with groups so we're going to follow this the same scenario we have the admin user uh and of course we then have the user alexis here so the user lexis currently is not part of any any any particular group so again it's a standard user account that doesn't have root privileges and is simply just allowed to operate within those constraints now if i wanted to add a group here i would say group add right and then i'll specify the name of the group so let's say we want to add the the user alexis to a group called developers right so we're going to say group add developers let me just prepend this with sudo because we do need root privileges to create new groups and we're going to hit enter all right so now we have the group created so if we want to display groups for a particular user or the groups that a user is in again we use groups and then the name of the user and you it tells you that alexis currently is is in its own group we can view all the groups on the system by visiting the or cutting or displaying the contents of the group a file if we hit enter you can see that we have the various groups and you can see we have all the system accounts as well as pretty much they're going to be in their own group unless uh specified otherwise um so let's uh let what we're gonna do is we're going to add the user alexis into this developers group and then i'll show you how permissions can sort of be uh be manipulated that way so we're gonna say user mod and we're gonna say we're gonna append append the user lexis and we're going to say the group by the way you can use a lowercase g here the lowercase g primarily means you need to specify the group ids in our case we'll just use the capital g because we know the names of head so we'll say developers and we want to add the user alexis to the group developers i believe we need root privileges for this so i'm going to enter and that should do it all right so now if i say groups alexis you can see that alex is going to be part of its own group and uh and the developers group now when we talk about having its own group that simply refers to you know user specific privilege specifications so again if we visit the uh the v sudo uh utility uh to modify the sudoes file you can see that we talked about user user privilege specification and we had actually added a uh you know some privileged specifications for the user alexis where you know we can access it from all hosts and we've specified all users however not all groups so this essentially will restrict uh this will restrict the user alexis uh and it will essentially allow him to run uh you know the apt-get utility with root privileges here however that's one way of doing it so if if i use this if i use this this same syntax uh then i can also you know allow it to run all commands and you know i can also specify the uh the exp explicitly to refuse to refuse it to use the root uh to actually have pseudo privileges so it will only run this command uh and and you know so on and so forth so i can do that actively if i wanted to however i don't want to so what we'll do is let's just test this out to see that it works and of course you can change this to whatever whatever command that will require you know root privileges so we can just use app to get here and i'll save this now v sudo when saving and exec and exiting if you do have a syntax error it will tell you so again if we go here and we say let's uh let let's actually mess around with the syntax here so again i can just say add a few uh commas there you can see that it tells us uh in the etsy pseudo as well as syntax error near line 21 and we can use the e command to edit it so again that's a great uh that's the great uh reason for using these the uh the v sudo utility it actually points out logical and uh and syntax errors so we'll save this now and we'll exit and what we'll do is we'll now switch into the user lexis and um i'll go here and you can see that now if i type in apt-get update you can see that we can run this command but it still requires administrative privileges or root privileges so if we pre-pend it with root or sorry sudo if we say sudo and we hit up and we just enter the password you can see that we're able to run the command however if we wanted to display the um we say cat etsy shadow uh cat etsy shadow is going to tell you these alexis is not allowed to execute cat etsy shadow with you know root privileges so again we can say cat hc password here that works because it doesn't require root privileges and we are pretty much allowed to view the contents of this file all right so that's how to apply permissions based on a user all right now i can also change this up and we can use the the example of the group here so we can just go back into the user admin and just enter the password here and again we'll say sudo vsudo and we'll get into this so we'll comment this uh you know user privilege specification entry and we can enter our group anywhere here we can just add a comment if we wanted to specification um developer group we can just say developer group and then we say when adding a group we prepend it with the the modulus sign and then we say we specify the name of the group so we say developers and then after this we specify the permissions here so again we can say all all hosts and then we'll say all users of all groups that's because we need a sudo that's very important we need the ability to access all the groups so again we can all we can always limit it to uh all users and then the admin group if we wanted to but again we say all and then instead of all commands we say user bin we can say apt user pin sorry user bin apt get update uh sorry apt-get sorry not update um so we can save this and if we exit you can see we have no syntax errors so again back to alexis here and i will enter the password and uh yeah so now we can say sudo apt uh get update and that works fine uh for some reason uh not allowed to execute uh let me just check this right now uh yeah it's part of the developers group uh let me just go back into the admin group here oh sorry into the admin user and uh let's see what the issue is what's the issue is with the specification of uh of permissions here um so what i'll do is um let's see what can be this shouldn't be causing any issues uh let's try apt and let's just see whether this works i'll just say i have to update that that works fine um i believe you need to add yeah you need to separate the commands and it would be wise to use command command aliases so yeah i i simply forgot about that sorry about that guys um so so that will work fine so again if we say sudo cat etsy shadow for example yeah because we wanted to view it you can see it again it restricts us to running uh only the apt update utility or running the app utility here so that is how to you know sort of segregate permissions based on a user whether you want to specify the permissions you know on a user to use a basis or how to specify the permissions on a you know in in regards to adding users to a group and then applying them that way sort of blanketing the users that way so again it's all about you know what philosophy you are you adapt to and if you're a system administrator it'll also depend on the use case and the use you usage scenario in which your server is being deployed in we're going to be talking about networking uh in the command line all right so let's get started now um if you pretty much watched any of my older videos where we were working with networking within the linux terminal you know that i would typically use the ifconfig utility however you know the standard has changed now and what we have to use or what is the preferred method of getting information and interacting with various network interfaces is by using the ip command right so the ip utility allows you to you know show manipulate routing network devices interfaces and tunnels etc all right so let's get started by first of all um understanding how to display your current uh routing table so again we can do that by typing in ip route show and that's very simple so ip route show and this will show you your current uh routing table so you can see this is my uh this is uh this is currently my router's ip address or my gateway uh this is my interface name here and this is the source ip which is my ip address so that gives you an idea of uh of your ip routing table uh currently now again you can take a look at uh we can grip route here and uh in the man pages and you can take a look at all the options you have available for you um so you can pretty much change the route if you want to do but of course that's beyond the scope of this tutorial i'm simply showing you how to find information that's very useful if you want to display your current ip address we type in ipaddr and we hit enter and this gives you your two interfaces so we have local this is a loop back so this is you know for your local host uh and you then have your ethernet in my case my ethernet adapter which has the interface name enp2so you can see that it has an ip of 192.168.1.1 and you have the uh the entire uh the entire network range there um you also have your your ipv6 ip address here that is required and of course you have your mac address so very similar to ifconfig um so if we if we take a look at ifconfig which is a perfectly great uh tool that you can use and so you know you can use it if i type in i have config we can take a look at the man pages here just so i can show you the flexibility so again uh you can play around with all the options that are available but pretty much the simple way of going about it would be to simply display your current um so if i say ifconfig and i'm only looking for my i can say inets if i'm only looking for my ipv4 address or my inet addresses you can see that i can easily just print them out and i also have my net mask so a very organized way of taking a look at your your interfaces and your ip addresses as well right now i'm still to make a video on on managing services and processes with linux but uh essentially working with your network manager we can also take a look at dhcp because that would be quite important so if you are running this on wi-fi or you are using a wireless adapter or even an ethernet where you don't have static ip distribution or resolution what we can do is if we say what is dhclient um and we can just hit enter you can see that uh if we type in dh client and we hit enter you can see that it doesn't give us any any options here so if we take a look at the options that we available to use we can pretty much um let's take a look at the man pages because this is a bit better way of actually utilizing it so again we can use the dhcp v4 protocol to obtain a new ipv4 address but in my case i i have my ip statically uh assigned here so that would not be a wise thing to do but if i wanted to restart my network manager uh again i'll be making a an individual video on this so you don't have to worry so you can use sudo service network network manager um restart and i can hit enter or i can use system d so i can say sudo system control uh we can say restart we say network let me just see network we're looking for the network manager here so if i let me just tab and see what we have we're looking for the network manager.service which is right over here so i can execute this and that will essentially restart it now again as i said if you're not familiar with processes don't worry we'll be covering it in the next set of videos as we wind up this series but that's pretty much how to restart your network adapter if you're having any issues and you can sort of work with that now let's talk about netstat because again that's quite an important tool and i haven't i have a an independent video on how to use netstat if you are interested in it so again we can say netstat and we hit enter say print network connections routing tables uh et cetera et cetera so i'll just go i'll just go over the most common options you can use and this essentially allows you to understand what uh what services ports uh you have running listening and are you are connected to so for example if i wanted to display the route i would say net stat and i would say r and that gives me my routing table so we have the destination uh the gateway the gen mask flags and the interface here so in all cases we're working with my uh with my ethernet interface here so you can see that for the default gateway uh we have it right over here the destination and of course the gen mask so again you can get very good information from this now if we wanted to take a look at all the tcp connections that we have we can say net stat and we use t and that gives us all the tcp connections on uh that we are currently connected to or listening for on our system so you can see that uh we have the protocol which is very important this is this is uh uniquely going to be tcp uh the local address the foreign address the port it gives you and the state which i'll get to in a second um so you can pretty you can also grab information from this so again you can say grip and if i had the ssh uh port open uh i would hit i'll say grep 22 for example and uh you pretty much gives you results based on the actual string of characters in this case it's not giving us anything new but if all to say um let's say sudo sudo service ssh start now hit enter and if we try and grip this now uh we don't get anything so let's uh let's take a look at how to find a listening ports so or listening socket so we can say netstat l and we hit enter and you can see there's quite a bit of listening uh of stock of sockets that are currently listening for uh for actual connection so in our case you can see we have the ssh port here and we can pretty much grip with these particular services um and you can sort of work with that if you want to uh talking about udp only we can again that's very simple so that's that if i wanted listening tcp connections i would say um for example lt and hit enter and that will only display the listening tcp connections if i wanted listening udp connections i would type in lu and again that gives us all the listening udp connections um if we want to display the the actual processor processes and the process ids we can say netstat p and we hit enter and what we can do is we can say ltp so ltp and we're looking for grip ssh and we hit enter it again tells you uh that we have ssh running in or you can go through this all over again so let me just clear this out so if we display the results here um you can see that it gives you all the information that you're looking for uh so if we get rid of this and we also have p it gives you the various process ids uh so if we let's just take a look at the table right at the top here that pretty much prints it all uh you can see we have the pid right over here and we can sort of grip through that if we wanted to so that's uh using um netdiscover netstat uh we're not talking about net discover yet but again you can check out our independent video on that and allows you to check various connections that you have open and you know running either established or listening on your system they could be for both a tcp and udp now let's talk about net discover now net discover does not come pre-installed with any linux distribution as far as i'm concerned apart from the pen testing uh or offensive distribution so again we can simply just say what is netstat and you can pretty much um well no not nets that net discover um i believe this is uh its cover like so and we hit enter and it's an active passive uh erp reconnaissance tool and so what this means is it allows you to essentially scan your network for uh for other devices or hosts that are currently connected to your network whether they be uh wi-fi enabled devices or connected to your uh to your network via ethernet or to your switch um so again to install it you can use any of the package managers you're comfortable with and we simply type in net discover and we hit enter so do have to get installed sorry and we hit enter and you can see already have it installed so using it requires root privileges so we say sudo net discover and then we specify the interface that we want to use so we can see enp2s0 and hit enter and as you can see it will start scanning and it's doing this through arp or the address resolution protocol so arp request and response packets so again it's sending various arp requests to you know all ips on the network and then the responses give us the results that uh that actually prove that whether we have a device or not so you can see i currently have the my router which is running uh this is the default gateway and then i also have another device running here let's see if we have any other devices and we'll just wait for it to continue scanning so i'll just wait for this to continue scanning i think i have multiple other devices this is pretty much going to be my windows device if i bring up a mobile device here let's see if that actually comes up and i'll try and load up a website here i actually don't have my phone on me but in any case this essentially gives you all it essentially gives you all devices on your network and that's a great way of monitoring your network and viewing what devices you have so again it gives you the ip their mac address and their mac vendor so again it gives you an information about what device you're dealing with so in this case tp-link and then hot high precision which is pretty much a network adapter and once you're done you just hit ctrl c and that will terminate the process right over there all right now to end up at or to end this video let's talk about a dns which a lot of people actually ask me about so your dns information or your name servers rather are going to be stored in your resolve.com file so again sudo uh sudo and we'll use vim etsy and we're looking for the resolve uh resolve dot com file and we hit enter you can see that this uh this file is managed uh by the system they resolved uh and we can i'll actually show you how to use that utility shortly um so this is a dynamic result or configuration file for connecting local clients to the internal dns stub resolver of systemd so again it tells you that this is going through systemd and this is more of a dynamic uh of a dynamic file that is generated dynamically and again it is just for connecting local clients to the internal dns dns resolver with systemd resolved um and i'll be talking about services as i said later on but many people edit this which will work temporarily uh however if you do want to take a look at systemd resolve that's extremely simple so what you could do if you want to use this manually is uh we would actually just add another one here so i can say name server and then i'll say for example go the google name server eight eight eight eight and uh i can use that if i want to but in our case we're not gonna we're not gonna have any changes here so we'll just exit so you can actually check the status of system d resolve so we can say uh system b uh resolve sorry resolve and we say status and we hit enter and again that gives you uh the various dns information that you're looking for so we can print out so you can see the dns servers that we currently have set are going to be the google dns server and this is going through your uh your actual your router or your main gateway so it would be advisable to switch uh you know to any dns server that you want to do or that you want to use on your main router so you can see that it uses the default one that is your default gateway ip here and the google the google dns server that i have set here and that was simply for the demonstration purposes in this video so that's how to system they resolve um now when talking about your hosts file this essentially allows you to manage your various hosts and you can use this uh you know for ad blocking uh or yeah you can use it for ad blocking if you want to so for example uh we can say sudo vim and we say etsy and we say host and we hit enter and you can see uh for example where we have uh defined uh the local host or the loopback uh you know 127.0.0.1 is our localhost and then the current host here which is alexis workstation is 127.0.1.1 so i could also change that to any other ipa i want so if you're going to block an ad what you typically do is you put an invalid ip address here so i could say zero zero zero zero uh and i could sort of block a website here like for example i could say google.com which is not a smart thing to do but in any case uh we can write those changes and exit and then if i say sudo system control we say restart network manager i believe network manager dot service um so we will just let me just try and complete this for some reason it isn't displaying this system system control network manager.service and we want to use this so we want to restart the network manager and i'll actually show you this to you right now um so if we try and open up a firefox instance here and we say google.com and we hit enter you can see uh it pretty much redirects us to the local host and that's essentially how to use the hosts file now i can change the ip to something i do something else completely but again many of you have been asking me how to use the hosts file so that's pretty much how to use it and we can get rid of that right now because i don't want that to be the case and we can just restart the network manager one more time and there we are so we should be good there all right so that's pretty much all i wanted to cover in regards to networking and all that is important as i said we'll be taking a look at services i will also be taking a look at ssh and if you are interested in in exploring tools like netstat and net discover you can check my independent videos in this video we're going to be talking about how to use store and proxy gains in conjunction to anonymize your traffic uh you know through the use of any tool that you want so both of these tools don't come pre-installed on you know standard distributions but you can pretty much find them on pen testing and offensive distributions so again what we need to do is install the tor service first not the tor browser but the actual tor service and then secondly we need to install the proxy chains tool so again to install the tour service all we need to do is say sudo sudo apt you can use whatever package manager using sudo apt-get install and it's pretty much going to be just store that will be the name of the service and i already have it installed so again if you just want to check what it is so you can say what is store and this is referring to the actual um due to the actual service so you can see that what is a second generation onion router so if we say man tor and we hit enter you can see that door uh is a connection oriented anonymizing communication service users i choose a source routed path through a set of nodes uh and negotiate a virtual circuit through the to the network i think i've pretty much explained this before in previous video as to how the tor how tor works um so we'll be using tor now uh to start the tour service we can use systemd or you can also use a service um so we can say sudo system control and we say uh we can say start and then we are looking for tor uh i think where it is the tor service here uh i'm not too sure what it is what it's called so if we say tor let's check the status here status store and you can see that we currently have it loaded and active so again the tor service is an anonymizing overlay network for tcp so if we use netstat here so we can say netstat and we can look for listening tcp connections and we grip for the port that the door service connects through which is 1950 and we hit enter you can see we now have uh you know we are listening on port 9050 and this is localhost so that's perfect we can use this with proxychains all right so now let's talk about proxychain so again uh installing proxychains is very simple so you do upgrade install proxychains uh sorry um proxy chains and we enter and i already have it installed uh before we actually use it we now need to uh we need to play around with the configuration file so that we can tweak the the configuration to what we want it to be and how we want it to work so we can say sudo vim hc proxychains.conf and we hit enter so again pretty much i'll go through the settings that i use so again we can use http x4 sox5 uh and again we this allows you to tunnel um or proxy you can you can essentially tunnel your connections through a series of proxies and in our case the proxies are going to be is going to be tor so with dns that's the great thing so uh the options below identify how the proxy list is treated only one option should be common uncommented at a time so dynamic chains where each connection will be done via chained proxies all proxy chained in order as they appear in the list at least one proxy must be online to play in the chain i i pretty much like using the random chain so you can see that each connection will be done via random proxy or proxy chain from the list this option is good to test your intrusion detection system because it's constantly changing uh you know through random proxies but if again if you want a dynamic chain that's perfect uh you can also use the strict chain this will ensure that uh all connection are going to be done through a chain proxy or all proxies will be chained in the order as they appear in the list so i like using a random chain so you want to uncomment this or it will be commented here so if i just hit insert here and it'll pretty much be commented like so and you want to uncomment this we then want to take a look at the proxy dns request so again this will prevent no leak for dns data this is very important you want to make sure that's uncommented and then we want to take a look at the proxy list format so this gives you an idea of how to use your proxy list if you are interested in using other proxies apart from tor you can see that we have socks 5 http sox4 you know in our case the defaults will be set to door and we want to add socks 5 as well here so we say socks 5 and we can we remember it's running on our local host uh sorry 127.0.0.1 uh 1950 and that's of course going to be um that's going to be socks 5 all right so we can add any of the other proxies we want here so again if you're not keen on using tor you can change this and we'll write changes and quit from here so now when using proxy chains you want to ensure that you have the toss service started and it's currently running and then i use the syntax is very simple so we say proxy chains and then we specify the tool that we want to use um so for example i can say proxy chains are firefox uh or i can use another tool like ssh or telnet or i could use a tool uh maybe let's try firefox because it's the easiest way to test this so i say firefox and then i open this website dns leaktest.com and we hit enter and that's going to start proxy chains for us now given that it's using door the connection is going to be much slower than you know a standard proxy uh of course depending on what proxy you end up using so we'll just wait for this to load up and the dns lictest.com will tell us what our ip is and secondly it will tell us what our dns is so you can see it gives us information regarding our ip um for some reason isn't telling us what country it is so again we can just hit a standard test this will test our dns to see if we are leaking any dns information and of course dns information is very important as it can leak your geographical information so again you can just go through the test and this will display whether or not what dns servers you're currently been using so let's wait for this and see what results we get there's a progress bar right over here so you can see that all are going through um dns servers in germany and of course you have their host names and their various ips so again that's a great because it was a we were we didn't leak any of our personal dns information that or the dns servers we went through but of course that is also dependent on on you know dns security something that's out of the scope of this video in this video we're going to be talking about uh process and service management uh so we're going to be talking about lots of tools that you can use to uh to manage processes and also manage services right so these this is a very important video pretty much i think one of the most important videos in this series because of of the power that that comes with it so uh first of all let's let's take a look at some of the utilities that you can use uh to to manage system resources and to view the current processes and you know just view resource consumption in regards to the processes that are consuming the most and consuming the least now by default all linux systems come with a utility called top right and you can pretty much get some information about it by using uh the what is command so again it tells us that top displays linux processes so you can hit top and again as you can see this gives you information regarding uh your your system resources the consumption and the various processes that are running the the owner of the processes in terms of the user so you have your process id very important there that can be used to manage the process either to kill it uh or to stop it you then have the user here that it belongs to you then have the cpu and memory consumption uh the time and the command itself so again you can essentially use this to manage all your processes however the a better utility custom utility that you can install by with with whatever the package manager using and that is the h-top utility so again we can install it we can install it here i already have it installed so again we can clear this and say what is h-top you can see that this is an interactive process viewer so if we open up htop uh you can see that first of all it gives you your processor usage in regards to how many cores you have so i have six scores here and it gives you the utilization in terms of percentage you then have your memory usage so it gives you a total usage i have about 16 gigs here and i'm currently using six gig uh it also tells you your swap usage uh so i have a swap uh set to about two gigs uh don't get angry at me and a lot of people are against swap nowadays it gives you the amount of tasks the amount running the load average and the uptime of your system so very useful information it also sorts it out it sorts the information out uh you know similar to what we add so we have the process id and you can sort that out uh chronologically so you can say you can just click on it and it loads it up from the first process with the process id of one you then have the user so you can again switch from all the user uh the user accounts that uh that these processes are running under you then have your cpu usage so if i click on cpu that displays uh the the process that is currently using the most uh cpu usage uh again i can click on memory and it tells us that google chrome is using the most memory that's that's not a surprise and of course we can just go back to cpu usage and you can see that obs is currently running right now which makes sense as that is using the most cpu right so uh this is a utility that you can use to pretty much manage your processes now before we take a look at how to use it because this simplifies the process let's take a look at uh you know how you would actually view these uh the resource consumption like ram usage for example to v ram ram usage we would simply type in free and that again tells you uh if we that you know we just use the man pages here you can see that free uh displays the amount of free and used memory in the system so again you can display this uh in regards to uh to to to the output you want so if we say three h that prints it out in human uh readable format so you can see we have total used free shared the cash and available and of course also for your swap so that's uh one of the quick ways you can view how much ram you're using now let's talk about processes right so processes uh need to be understood as you need to separate them between you need to separate processes and services right so processes uh are viewed with the ps tool so again uh ps uh gives you a report uh it gives you a report of this uh or it essentially gives you a snapshot of your current processes that you have running all right so if i just say ps this is weird because many users actually i've pointed this out so why does it only give you two processes well you haven't specified any arguments in regards to what processes you want to see so what it's going to give you is it's simply going to display processes that are in your current shell and you can see that the tool that it has is the bash and the the actual command that you run so that makes sense now if we want to display all processes we would simply say psa ux and you can view all of this syntax from the man page which is actually recommended here i'm using the psd style or the bsd syntax so again to see every process on the system using standard syntax you can use that i'm using as you can see right over here bst syntax so i'll continue with that so i can say ps aux and i can hit enter alright so this is a lot of information here this is essentially giving you a snapshot of all the processes that you have running on your system so we can scroll all the way to the top and again the it's sorted out into a table with various columns so again you have the user the process id and it starts chronologically but the great thing about tools like h-stop is it gives you a dynamic view of of the processors how much they're consuming on a second by second basis uh cpu usage memory etc but this is a snapshot remember so again this can give you an idea of all the processes that are currently active however if you want a dynamic idea of the current system resource consumption use a utility like top or h-top this just gives you a snapshot all right the key thing we're looking for here is the pid because we won't talk about managing processes right so let's say um i want to start a service here so i say sudo system control system control i'm going to say start and i'll say tor i want to start the tor service here and then i say ps aux i can also grab the output here and i can say i'm looking for tor uh so give me all processes with door right now of course it's going to give us you know various other false positives with the the string of characters t o r and you can see the inclusion of that within storage but if we just go to the bottom here uh you can see we have um we have the user bin tour uh binary being used here so that looks interesting and yeah so if we take a look at the process id we can see it has a process id of 7604 so if we say uh sudo system control we say status status store and we enter um sorry about this guy system control and we hit we take a look at the status of the of the service you can see that it's active it's loaded and active so if we want to kill this process all we need to do is get the process id in this case it's going to be 7604 and all we need to do is say we just say kill and you may want to prepend this with root privileges or the pseudo command so we say sudo kill uh seven six zero four seven six zero four and we enter and now if we take a look at the the the tour service you can see it's still running now the reason i did this is because you need to differentiate between a service and a process because the service will re reinitiate or re-initialize itself right so let's take a look at the let's take a look at all the processes here and we can take a look at more realistic options available to us right so i'll give you an example here um so let's grip for ssh and we'll say grep ssh let's see we have the ssh daemon here [Music] which is running as a process id of 5687 right and we also have the uh yeah that's pretty much the one we're looking for we also have the ssh agent here so what we can do is we can say um pseudo here one nine six nine and we can also say pseudo kill 56 87 right so we can say 56 87 you kill that and then we say system system control and say status ssh and we hit enter you can see that ssh is currently loaded but inactive dead right so that's just a simple way of managing processes now we can do the same thing uh with h-stop and i'll show you how to do this many people actually skip this but each stop is has a much easier way of doing this so when you launch h-stop uh you can pretty much filter through the results but a great way of searching for services by their name instead of using grep is by using the f3 key after which it will bring up this little search bar and i can search for things like door uh and if i use a space it pretty much should give me all the results so let me just do that one more time so i say tor and we can see that the process was closed but the the service is still running so let's try another another process here let's see if we have um let's see let's actually work with h-stop i just want to show you this so if we click on h-stop and it's highlighted yellow we can actually kill it by using f9 so if we hit f9 we can send various signals to this process so we can say signal quit signal kill so if we say signal kill that's option nine and we hit enter you can see that that will pretty much kill the process and you can see that it actually points that up right over here and you can see that the output is messed up and i shouldn't have probably done that but i wanted to demonstrate the power of h stop here so if i go into h stop one more time and now again it's giving us our dynamic results so we can pretty much use that same syntax to manage our services really easy and many people go over this it's not just a system resource uh usage utility to actually display how much uh you know resources you're consuming it can actually allow you to interact with your services or your processors quite well so again i can search for any process right over here with name or i can again i can work with the the resource consumption so again i can highlight resource consumption here uh memory consumption et cetera et cetera right now let's talk about service management with system d right because i also want to cover uh system v as well system v service management but now the norm is increasingly becoming system d so it's great to to actually know how to use this so if we say man system control this is the utility that allows us to control um so you can see control the systemd system and service manager so i'll show you how to use it so if we want to list all the active services which are going to be a lot we can say system uh control and we hit enter and you can see that we can you know we can move down with the uh your your directional keys and this gives you an idea of all the services that you have running and once you have once you're done we have about uh 230 lines here and they keep on going as as the more you you actually go down so uh 269 loaded units um it gives you all information regards to all the services you have running so if we quit we can also prep so if we grep here we say grab ssh and we hit enter so we have no ssh service running so if we if we want to start a service like the ssh service what i can do is i can say system control system control i say start and then i i can you know then play around with with what i want to do so i can say um i can say start and then the name of the service so i can say ssh and then i can use the tab auto completion here so again you can see that we have the ssh socket and the ssh service so if i wanted to start the ssh service uh just give it a few seconds it does take a while to load this if i use tab auto completion too much so if i say system control uh start ssh service and i hit enter it's gonna ask me for my uh for my password and it's gonna this because it requires root privileges so uh that has started the ssh service now we can again uh confirm this uh with you know we can say uh lt here and uh you can see we have ssh running right over here so again we can check the status of the pros of this actual service by running uh sudo system control and we can say status ssh dot service here and we enter and there we are so you can see it tells us that the ssh service this is using open ssh so it tells us it's loaded and active which means it you can actually use it and it gives you information about it so the log of events so again started uh ssh listening on port 22 listening on localhost port 22 starting the openssh openbsd secure shell server and it gives you the various timestamps right so that's how to pretty much interact uh to how to start and monitor the status of a service if you're having issues with it right now if i wanted to disable it or to stop it i could say um i could just i can say stop uh and i can say ssh dot service and i hit enter and that will stop the sorry let me just enter my password here that will stop the service if i check the status you can see that it's loaded but inactive and dead now a lot of people ask me how do i run particular services on system startup and you can easily do that with systemd so i can say sudo system let's say i wanted to enable the ssh service every time i boot up which is useful so i can say system control [Music] and then i would say enable but first i need to check if it's already enabled so i can say is enabled and then say ssh dot service and that will tell me if uh it is currently enabled to do to be run on system startup you can see tells us that it's currently disabled which is great uh if i check the synergy service i just want to give you an example a robust example or hit enter you can see that on startup yes this service is enabled that's because i use the synergy service to you know for my mouse sharing my mouse and keyboard sharing system so again that tells me that okay that's enabled so if we want to enable ssh what we would say is a pseudosystem control and we would say enable and say ssh.service all right and i hit enter and you can see it's created the sim link for us uh in the system d uh directory here so uh if you're using um if you're using system v then you nee you need to play around with the initial uh the init scripts uh and you then need to create a sim link but this does it automatically for you so now if we check the uh is enabled if we check if it's enabled you can see that now it's enabled if i want to disable it from running on startup i would simply say disable because i don't want ssh running this is not a server so i can check it now and we can see it's disabled all right so that's pretty much how to manage uh you know services with system d so that's how to start stop uh if i want to restart a service again i can simply say restart so let me do that right now so if i say sudo system control i say tor sorry start tor i can hit enter that will start the tour services i want to reload it i can say reload all right now i can also um i can also reload will reload the uh the configuration if i say restart that will simply restart the service with the current configuration so that's a quick tidbit for you if you you can use reload here then that will essentially restart it with the newer configuration so in case you're wondering so i'll just stop this service and i'll just hit enter and there we are all right so that is how to manage services now if you want to uh if we want to reload the entire the system d daemon what we can say is sudo system control uh we're looking for the daemon and we can say reload and we just hit enter and that will reload the daemon completely that's if you're having any issues and you wanted to reconfigure particular services all right now let's talk about system v service management which many of you are familiar with a system v is essentially where you say service the name of the service which could be door and then we say start we can say stop and we can say restart right very very simple and we can also check the status so again say service store start that will ask you know ask me for my administrator privileges i can say service store status hit enter you can see it tells us active loaded um and then we can say system a service store we can say stop and we can hit enter and that will stop these the door service and we can also say restart and again that will simply restart the tour service there and we can then stop it one more time so that's how to use system v very very simple but in my opinion system d uh is is the much better alternative to learn now and it's extremely robust and very very powerful tool to actually learn how to use or do low utility in this video we're going to be talking about ssh uh how to configure it securely uh and then of course we'll talk about you know how to uh how to securely transfer files with ssh so let's get started um first of all with establishing what ssh client and server we're going to be using so in our case we want to be uh we want to be using openssh which is pretty much the go to uh the the go to ssh client in server solution it's completely open source and it's uh it's one of these uh you know great services so again that was uh developed by the bsd team so um again uh we must first of all understand the uh the connection type or the connection model uh with ssh so ssh is primarily a client server connection model so that means you need the client software to connect to the to the server software in our case we need to install the openssh client service or the client package on our client and of course the openssh server package on r7 i'll show you that right now so i'm currently on my client here which is going to be ubuntu our remote server is going to be one of my ubuntu servers uh running on my virtualization server so what i'll do is i'll say sudo apt get install and we say open ssh and we we're looking for the openssh if we double tap we can see we're looking for the openssh client right so i'm gonna hit enter and uh i already have this installed right now the openssh client configuration file is found so if i say cat hc ssh sorry ssh and this is found under it is the ssh config the sshd config file is for the open ssh server so you can see i also have my uh my my public and private keys here as well but i'll get into that in a second they we don't need to complicate this right now so if i take a look at me at my config file here this is the client config you can see that um the options are quite uh straightforward in regards to what you can enable and disable so you can specify the port uh the protocol um and uh various other bits of you know configurations here but that's not the the in within the scope of the video but i just wanted to get to that so uh my remote server is running on um it's currently running on an ip of 192.168.1.113 so we already have an admin user on that system so we'll just say admin and we'll say 192.168.1.113 all right and i will just enter the password here for the admin user and there we are so you can see i'm currently logged in as the admin user so the first thing we want to do is we need to install uh the openssh server so you say oh apt-get install open ssh server and the reason i'm doing this even though i have it installed already just to show you how one would go about doing it right um so hit install already installed there excellent all right all right all right now that we have this uh both the pieces of software installed on the client and the server we can talk about uh configuring uh you know ssh right so pretty much when dealing with the remote server and remote authentication the first thing you need to do is you need to disable root logins uh because the root the root user account is extremely powerful because it really has no restrictions in regards to what it can do so that's our first order of business here and this can be done by modifying this can be done by modifying the openssh the openssh configuration file the opensh server configuration file so if i say sudo vim hc ssh and we're looking for sshd uh sshd and we say sshdconfig and we hit enter so you can see this is the openbsd openssh sshdconfig file and it does you it tells you here this is a sshd server systemwide configuration file so the first thing we want to do is we let's take a look at some of the various uh configurations you can set here so you can change the default port this is great for those of you who are who want to set up a honeypot on that exact port like por 22 and then have ssh run on another port like 2 2 2 0 you can do that as well you can also change the listen address if you want to uh the host key names uh let's talk about uh let's just go down into logging you can play around with logging here uh and i'll talk about logs probably in another video and here we are we have uh we have authentication all right so within authentication you can see we have an option called permit root login right and we want to change this to no right so from yes to no uh and we we can also play around with the grace the login grace time so we can increase this or decrease it based on the on the time you want to provide uh we can keep strict modes to yes uh in regards to the max authentication tries we can change this to four although i'll be making a separate video where i'll be showing you how to set up ssh brute force protection the max sessions i want are going to be three public key authentication uh yes uh let's go all the way down now um and we are primarily looking for password authentication so we'll talk about this when we're going to be setting up ssh keys so for now we've we've essentially disabled uh where we've disabled the root logins so if i just save the the files here now when whenever you've made changes to the uh to the open sh server configuration file we need to restart uh the open ssh server so to do this again we'll use systemd so say system and we say restart sshd sshd service remember this is the sshd daemon or the openssh server and we hit enter all right so now pretty much if we just open up a new tab on my client and i try and log into the root user account i would say ssh root and i would say 192 168.1.113 and hit enter right and i enter the password for the root user and you'll see pretty much that we will not be able to do it so uh that is pretty much uh going to block any logins to this uh to this particular account now the other thing we we want to do is we want to disable or we want to lock the password for the we want to lock the password for the root account this will ensure that even though a person or an attacker may have the password the legitimate password they can get through it through another user account because remember remember if if a user gets access to the admin account via ssh they can easily switch to the root user account so we also have to disable you know the password login here and this will pretty much lock the account unless we have the privileges to actually change the password manually and to unlock it but it's a great way of of you know protecting yourself from script kiddies so what we can do is we can say um we can use the password command and say password uh l and we specify the account we or the the account whose password we want to lock and we hit enter uh we need uh pseudo privileges here so you say sudo hit enter and the password expiry information has changed so you can say sudo password and then status i believe it's status what options can we specify here root uh wait enter no we do not want to enter a new password so we can just do this one more time here so you can see that i can actually change the password but let me lock it um root where is the status how do we check the status oh yeah there is a capital s so if we hit enter you can see that the password is now going to be locked now uh the second step would be to disable password authentication and to use ssh keys which is exactly what i'm going to show you right now so that will pretty much ensure that you're protected from brute force attacks because you're pretty much ensuring that you cannot log into this ssh server without an ssh key right so uh what we'll do is we will create a new ssh key here and this is very this is very easy to do so uh first of all uh we need to uh we need to establish uh what user account we're going to be you know pretty much be using we've already locked out the root account and once we set up the ssh keys we'll be pretty much logging into the admin user account and the asset the ssh keys or the ssh key based authentication will only allow us to to access the admin account after which we will we will modify the uh the openssh server configuration file to disable uh password authentication so what we'll do is we'll say um ssh keygen um there we are t rsa and we hit enter and it's going to ask us for uh it's going to say generating public private rsa key pair enter the file in which to save the key so we'll say home oil just leave it in this directory hit enter we can enter a passphrase that's always recommended i'll enter password is here that will also add an additional level of security to your ssh key because remember the ssh private key has to be kept secret so we can see that the keys have been copied into a home alexis and ssh directory here so pretty much what we can do now is uh if we change our directory into the ssh directory here you can see that we have the public and private keys right over here so what we need to do now is we need to copy the uh the public key onto the server so let me just explain how ssh works really quickly how the authentication works so you store your public key on your on the server and you have your private key uh with you and the private key is the most important as it's the it's pretty much the key that will allow you to authenticate successfully with the server so you need to keep it secure and backed up in the event you lose it you lose access to the server that's very important right so essentially what what's going to happen here is your private key is used for encryption right so your server the ssh server will use your it will send a random string of data to you the ssh client uh after which the ssh client will encrypt that a random string of data with the private key and send the encrypted data uh to the server the server will then use your public key to decrypt it and if it then matches and you know so on and so forth i'll explain that in a second so what we can do now is we need to copy this uh so we say ssh copy id and we specify uh the the server so we say 192.168.1.113 and we hit enter it's going to ask you you can see it's asking for the user alexis but we don't want to do this remember because we want to use the uh the user admin so we're going to say admin and we're gonna hit enter it's gonna ask for admins password like so and uh you can see after we've entered the password it's gonna ask us for the it's gonna tell us the number of keys added is one and we can now try try login to the machine with ssh admin and we will essentially not have uh we will not need to use passwords but before we do that we need to disable password authentication with ssh so to do this again we say sudo vim and i'm back on the server now ssh and we say sshd config and we hit enter and we'll go all the way to the bottom here uh am i in the right configuration file i believe so yes we are i believe uh your possible authentication right over here and we will change this to no so this will essentially disable the ability for you to log in to this or to this remote server via ssh with passwords so the only way you can login is going to be through ssh keys so now i can write changes and exits here and we'll restart the ssh server service or the sshd service we enter and that's going to restart it for us orange so now if we exit we can essentially say ssh admin at 182 168.1.113.8 enter and it's going to ask me for the passphrase for the for the private key and we're going to unlock and there we are we now have access right now some of you might be saying well uh you have the private key what if the location is different so let me just show you this right now so i'll go into my ssh directory here and uh just list all the files and i'll say i'll move the um this is sorry sorry about that let me just go to my local directory here or i can actually just log out so cd ssh and what i'll do is i'll move the private key so i'll say move id rsa to uh sorry to my desktop and i'll hit enter and now if i try and log in so i say ssh uh admin sorry uh states enter you can see it logs in just fine however if if i didn't know the location what i would say is for example let me just exit i would say for example if i was logged in on another computer i would then say uh so again let me just go on to my desktop here if i wanted to specify a private key for logging in i would say ssh i and then i would say id rsa and then i say admin at 192.168.1.1138 enter and typically what you want to do is you want to ensure that your private key has permissions you want to ensure that it can only be read by the current user and not by the group or all other users on the system so a great precaution or a great way of doing this is saying chmod 400 id rsa and that will essentially protect your private key right so that is essentially how to you know set up ssh uh and how to copy your how to set up key based authentication how to copy your ssh keys onto the server and we cannot talk about you know copying remote files or copying you know files remotely with ssh so again to do this is very simple what i'll do is i'll just create a file let's say touch test dot ext and i'll cat fc uh password into the test.txt file here and what let's say i wanted to copy this test.txt file into the ssh server uh what i would do is i would use the scp utility so the scp is again secure copy so i would say scp and then i would specify the file so i'll say touch uh sorry test test.txt and then i would spare out specify the credentials so it say admin 192.168.1.11 and then i'll specify the location i want to save it in so i say home admin uh this is on the remote server by the way so home uh i can't seem to write admin today for some reason and i'll essentially hit enter and you can see that it actually copied quite quickly so now if we try and log in so we say ssh one one three uh three and eight enter and we list the files within the home directory for admin you can see that we have the test.txt file and if i catch the content here it's the it's the password information for the uh for my client uh right over here which is running ubuntu and you can see my user accounts there so that is pretty much how to use ssh how to set it up how to set up authentication how to protect uh your root user account how to copy files securely how to set up key based authentication so i hope that was comprehensive enough so this video is going to be focused on essentially getting you to fully learn and of course utilize curl to its maximum potential and i'm going to be covering as many commands as i possibly can now that being said curl has a lot of functionality that you need to explore on your own as well but i'll be covering some of the most important bits of functionality that it does offer to a normal user or a power user as well so uh without any further ado let's get started so for those of you who have never heard of curl curl is essentially a utility that allows you to transfer data to or from a network server using one of the supported protocols now the protocols that it does support are http https ftp ftps you also have your sftp you have tftp telnet et cetera et cetera now there are various other protocols that it does support in addition to the ones i've just mentioned uh but i will get into that later now the great thing about curl is that it is a multi-platform tool which means uh it works on linux uh mac os and windows now i'm gonna be covering how to use it on linux but of course the commands are pretty much the same now in regards to installing uh installing curl it as far as i know it comes pre-installed with most akia linux distributions uh but if you want to install it whether or not using the aptitude package manager you can use the sudo apt-get install curl command and if you are if you're using an archbase distribution you can use the pacman s command to install it and the the name of the package is curl all right if you are using a mac os installation or mac os as your operating system you can use the brew install command so that is brew install and curl all right and that's pretty much uh simple right over there with windows you need to download an executable or a bin file if i'm not wrong and you need to save it in your windows directory and of course from that you can directly launch it from your command prompt that being said let's get started now curl as i mentioned comes pre-installed with most linux distributions so let me just clear the terminal here and i'll maximize it so we can see what's going on all right so the basic syntax is as follows but before we do that let's open up the help menu you can explore the help menu if you are if you're really looking for a bit more functionality or you're looking for specific functions as you can see it's a very comprehensive tool and i'm primarily going to be covering uh the basic commands that you that allow you to utilize it quite well uh that being said many people ask me how i personally learn about a command that or a tool that i'm not familiar with i personally use the man or the manual for each of these tools so the manual contains a very very good description of of all the bits of functionality in regards to a tool uh and all linux tools pretty much uh come with a manual and the manual is extremely useful so if you you want to check them out go ahead and do it i really really recommend it when learning how to uh how to use a tool all right so let's talk about the basic queries you can perform with curl all right so when i talk about interacting with the various protocols this particular video is going to be focused on http and https i know there is ftp functionality but i'm not going to be getting into that because that's more that's where things sort of get a bit different but for now let's focus on those two protocols all right so when performing a basic query of a url uh you essentially type in curl and then the url so for example if i type in hsploit.com here and hit enter what will happen is this will essentially fetch the content of the specified url so for example i've hit curl https hsplugged.com and it will essentially return to me the content of the entire web page now you might be wondering well how can we verify this and that's where we get into essentially saving your output into a file or downloading files so i can say for example curl and if i want to output the uh the output of this command or the contents of this query i can say i can use the lowercase o and i can then say i specify the directory i want to save it in so home alexis desktop and i'll just uh sorry that is desk that is desktop and i'll just call it uh hsploit dot html and after that i'll type in hsflight.com right over here that is the url now it's very important to specify uh the protocol that you're using so for example if a website is http you won't need to specify to get it if it is using the https protocol it is very important but i'll get into redirection in a second so https.com and we hit enter and it's going to give you this little status right over here essentially giving you an update as to what is the current status of the entire process here now for some reason it's taking quite a while now but we'll wait for it to complete and there we are so let me explain a bit of the uh the the structure of this little status menu or table here so for example you have the total amount to be downloaded uh the amount received the average download speed the upload speed the the total time are the time spent and the time left and uh right now if we cat uh the the hs flight dot um well actually if we need to go into our desktop here uh so if we capped hsploit.html here you can see the entire contents now if we open that up here if i open that up with uh with chrome for example let me just open this up where is google chrome um where is google chrome here there we are google chrome if i just open that up here in a web page you can see that pretty much it has all the content of my website so each exploit.com and it's pretty cool that it does save the entire contents of the html file here now of course this is going to um this is going to leave out extra bits of files in regards to the the web page but this is a great way of saving the contents of a query now that could be for any other protocol it not it does not necessarily need to be for the http or the https protocols all right now when we talk about downloading files that is pretty much how it goes for a web page or for a query so let me just remove the hsp.html mind you i could have saved it as a txt file i simply i'm saving it so that i can use it at a later time now you can also use curl to download files from the web which is really really awesome and that's primarily why i have the ubuntu page open here because i want an example to use so for example if i wanted to download the ubuntu iso i go to the download page and i select the air version 18.4 18.04 lts and it's going to start the download so if i just going to show all downloads here and let me just copy the link here the download link so i can go into curl and i can say for example i can give the file name a new name or i can just download it directly so let me explain the two ways of doing it so for example i can say curl i can output the uh i cannot i can say download this file as ubuntu iso dot iso sorry iso and then i i paste in the the download link and what that is going to do is that it's going to download the file and save it as ubuntu iso dot iso now the extension is very important because if you get that wrong it's going to save it as a different file type all right so if i enter you can see it's going to start the download and there we are we can see that the total amount to be downloaded is one uh 194 megabytes which is about 1.9 gigabytes and you have the received the download speed the average download speed and the current download speed right over here the time left etc etc now you can see that my internet speed is pretty bad right now but that's primarily because i am updating one of my systems so i do apologize for that so if we check the desktop you can see we have the ubuntu iso over here which does prove that it does work all right now the other way of doing it let me just remove the ubuntu iso.iso file there the other way of doing it is by downloading it with its original file name which is specified on the on the web server so to do that i simply type in curl and i use the capital o and i paste in the download link and hit enter and that is going to download the file with its original download name so you can see ubuntu 18.04.2 uh desktop amd 64-bit dot iso or md64 dot iso all right so that is pretty much how to download files and now that i've explained that we cannot talk about redirects because redirects are extremely important so if i just get rid of ubuntu here so if a website is redirecting to another url it's very important that you know how to specify this to curl and why is that important so in many cases redirects may be set up and of course that is specified by the http 300 request or the it could be any 300 requests mostly theo one or three or three and it's very important that you know how to specify this with call now the hd the http protocol syntax is very important in curl and you can do this by using the l command or the capital l command sorry so for example if my website was uh if the urlhsflight.com was uh so if i say hsplug.com was redirecting to another url to another url and i wanted to specify this to curl i would use the l command now i know that my website is not and a great way of demonstrating this is by using uh the so for example if i say curl http hslight.com right over here and hit enter and we'll give that a few seconds here and i'll explain what's happening in a second so that you can see the importance of specifying uh the l parameter if there is a redirect so you can see i got no result and that's because curl is going to http and that's the importance of protocols with curl you need to specify the correct protocol irregardless of whether or not you're using ftp http https so my website is https now my website by default will redirect however you need to specify that with curl i do apologize for that and let me just clear the notifications here so again i i as i mentioned you need to specify this with girls so i can say curl and i use the l command over here and then i specify http uh and then i say hsplight.com here right over here and hit enter and that will essentially redirect me to the appropriate webpage and as you can see right over here we get the entire contents of the hsp.com website or html file rather so that is how to do essentially how to work around um how to work around redirects all right now another bit of important another important command sorry is the querying response headers so you can also view and analyze the response headers being sent by a particular web server and this can help in web assessment so for example if i wanted to query the response uh the response headers i'm being sent back by the web server i can say curl capital i and i can say https hs plate.com and i can just hit enter and what's going to happen here is it will give it a few seconds this is going to depend on uh varyingly depending on your on your particular web server so you can see it gives us the protocol we have cookies here uh we have the php version so we're getting important information now uh looks like we have some wordpress json files here if i delivered by the cdn or the content delivery network uh let's look at some important cookies here that might give us a bit of information in regards to the website so an important bit of information here and of course i'm using this as an example is the dwqa and this is my question and answer plugin that i use and you can see that it has an anonymous cookie that's being set here and that can give you information as to a bit more of how the web application is working so that is how to query the response that is being sent by the server and of course you can see right over here this is a cloudflare server and we have the cfra which is the cloudflare array that essentially uh uh is telling cloudflare uh what uh it's giving information to cloudflare about the particular client that is accessing the web server all right now that is very interesting however it really gets interesting because girl can also do a really cool thing it can also allow you to view the request headers and the connection details so you can view the tls handshake et cetera et cetera so if i say curl v and i say curl v https and they say exploit.com here and hit enter you can see that we can view the entire tls and shake which is really really unique and awesome so let me just see if i can figure uh which is wait which is right over here so there we are we can see the the initial connection here uh we i'm particularly looking for the tls uncheck and right over here we can see the tls handshake taking place so you can see that it is successful and this is a great way of identifying um problems with the tls uncheck if the certificate has an issue so for example we have the client hello the server hello we then have the encrypted extensions being exchanged the certificate is being exchanged and then verified and then finally the tls uncheck is completed you can see that we have the version tls version 1.3 and the ciphers that are being used or the encryption being used all right so you also have information about these certificates uh expiry date uh when it was actually registered uh the issuer all that good stuff so if you do want to view uh if you do want to view the connection details and a bit of an advanced information or additional information in regards to the connection you can go ahead and use the uh the v command now the last thing that i want to cover in regards to the http and http hts protocols is the fact that you can cross post requests and many people have seen me using this in ctfs particularly when i'm essentially brute forcing um login pages so uh i can give you an example so if i wanted to essentially test credentials on a website and this can really be in any uh i can be using any parameters i could be spoofing various cookies all that good stuff so for example i can say if i wanted to log in to wordpress site and i wanted to essentially test various credentials i can say for example curl data and that is the sorry the data that we're specifying and then in here i would specify log and this is the particular syntax for wordpress and the password would be equal to i can say password here and then i close the uh the uh the quotation marks and then i specify uh the wordpress page here so i can say https and you can say wordpress.com and i can say wordpress login dot php and that is the login page right over here and if i hit enter and i know this you can see that admin is not a valid username or wordpress.com etc you get the response so this is a great way of testing various pieces of data so you can also play around with cookies all that good stuff and in this case we're simply playing around with the login and the password parameters here and we specified our own values now if you do need to to encode the particular parameters you can also use burp suite for that so for example um let's see if i wanted to go um let me just uh turn intercept on here if i just went into hsploy.com here so i just say it it's exploit.com and it's a wordpress login.php sorry.php here and i just hit enter and uh for some reason we're getting stack uh stack we're just getting a stack protect here in any case uh the what i was getting to if you do want to encrypt your url or any other parameters you can use the control plus u key in this video we're going to be looking at how to use the uncomplicated firewall or as it is commonly known as ufw on linux alright so you might be asking what exactly is ufw or what is the uncomplicated firewall if it isn't already self-explanatory well ufw or the uncomplicated firewall acts as an interface to ip tables and is designed to simplify the process of configuring a firewall now you also might be asking well what exactly is iptables well iptables is an extremely flexible firewall utility that was built for linux operating systems now you also might be asking well why aren't we using ip tables why are we using ufw as opposed to ip tables well iptables is a great tool that offers great functionality when it comes down to configuring firewalls however it can be difficult for beginners to learn how to use it properly when configuring a firewall as a result ufw is well suited for beginners and as a result they can use they can learn how to use a firewall or to configure a firewall really really easily and they can learn about rules etc they get the the general idea behind a firewall all right so ufw is a is a great firewall that is designed to be run on hosts or servers uh but it's only doubtful in the extent is in the extent uh it offers in in terms or in regards to functionality what i mean by this it it only goes so far as uh as allowing you to block or allow connections to and from uh to and from the server so incoming and outgoing and you can also block ip addresses ports etc and entire an entire subnet which i'll get into in a second all right so the purpose of this video the purpose of this video is to teach you how to use ufw and all the comments that you need to know to get started and to fully utilize it to its uh due to your advantage really so this will include commands such as allowing and blocking various services by port uh and their source ip addresses and this video should be used as a reference so if this is your first time with ufw you can definitely find something that you haven't you that you didn't know in this video if this is your if you're already an experienced use of ufw hopefully you can find something in this video that you didn't know already alright so without any further ado let's get started so uh installing ufw is very very simple now if you are using an ubuntu server or you're running ubuntu ufw should be pre-installed on it if it isn't getting installed on any other distribution is very very simple use your aptitude package manager so sudo apt-get install ufw i already have mine installed so it'll check for an update if there isn't an update it's not going to update it and it's going to give me the results here all right so once it is installed we are ready to begin now the important bits of using ufw are always knowing its state or its status all right so currently i have ufw disabled it is not running and if i wanted to know that i would simply type in sudo ufw status now it is very important to precede the ufw command with sudo if you're not using a root user in my case i'm using the root user so i don't need to use the sudo command but in any case i will use it so that it becomes a good practice with you and i don't recommend running efw from the root user but this is a simple video for demonstration all right so i'm going to hit enter it's going to tell you the status of the ufw or the uncomplicated firewall is inactive which is great all right now i can also check an additional i can get more information from the status command by typing in verbose which will give me more information in regards to the rules that are currently active now as you guessed it will not display anything because we haven't set any particular rules and the if the firewall is currently not active so nothing really special there and the last status command that is very very popular is to is to show the status the numbered status so that you have an idea of what uh what rules are currently running and their number so that you can terminate or delete them all right so that's what what it's there for now of course these don't make any sense right now because the the current status of the firewall is inactive once we activate it or once it is active we will be able to get a whole lot more information from them all right so i'm going to enter again you'll see it's going to tell you that it is inactive and that is fine all right so let's talk about enabling disabling and resetting ufw so enabling ufw is very simple sudo ufw and enable and that will enable the firewall and it'll give you the little status over here the firewall is active and is enabled on system startup which is excellent so that it is always active and if you are running a server that is huge for you all right so disabling it is very very simple we simply type in disable and we hit enter all right and that will tell you that the firewall is stopped and disabled on on system startup now when i talk about resetting the the ufw or the uncomplicated firewall this is in regards to the rules that you might have set now please do use caution with the reset command the reset command is there to to help you out if you have made a mistake in configuring your firewall now if you already have a working firewall and you only want to delete a particular rule do not use the reset command because that will reset your firewall to the default uh to the default configuration that it came with pre-installed or installed or the the configuration it came with installed all right so if i type in sudo ufw uh ufw reset that will reset it and it'll tell you that which is very good resetting all the rules to the installed defaults proceed with operation y or n for yes or no hit yes to reset it and there you are so there is a small fyi if in case you wanted to know that and you've messed up in this video and you want to reset it there you are all right so what we're going to do is we're going to start off we understanding the default policies uh for the ufw or the uncomplicated firewall all right so uh the default policies uh for ufw are as follows uh now before we do that let me explain something so ufw uh by default will it will deny all incoming connections but will allow all outgoing connections so what is happening here is sudo ufw and you can you can always use this to to restore it to its default policies so sudo ufw default deny incoming all right so that is the default uh that is the default connection for incoming or the default connection status for all incoming connections so by default ufw will deny all incoming connections and it will it will allow all outgoing connections so it will allow all default outgoing connections and of course you can change this to whatever you want if you want incoming connections to be allowed while the firewall is active then you can also do that as well so i can say default allow incoming all right which is not the smartest thing to do if you're running this on a server you want to manage what connections are incoming in case your your server is being attacked but that is a very very different story and hopefully i'll make a video on that later on in configuring a server for security in this case we'll just leave them to its defaults all right which are are going to be set by default you don't need to set them i'm simply explaining to you how to do it and how to change them if you want to change them all right so this gate is great for normal systems uh but when it comes down to servers it becomes a little bit different and you want to be able to manage the incoming connections in regards to services and ports and the ip addresses that are going to be allowed to connect to your computer or your server all right so what i want to do is the first thing i want to do is i'm going to talk to talk about services and ips all right so if i want to allow an incoming ssh connection uh how do i do that well it's very simple so sudo ufw allow ssh all right and this is going to allow all ssh connections it's going to allow in incoming ssh connections all right which is okay if as long as you have a private key and you've properly secured the ssh connection and and the authentication all right so i'm going to hit enter it's going to tell me rule is updated fantastic you can also do this by typing in the port so i can say sudo ufw allow 22 and it's going to update uh the rules accordingly now if i want to if i want to disable you ssh incoming ssh i can say sudo ufw deny ssh all right and i'm going to hit enter it's going to tell me the rule is updated which is which is also very very good and of course you can do that with the port as well but with services these are the particular services the services by the name in which they are sorted so ssh is going to be known as ssh and it knows that ssh uses port 22. all right let's talk about uh working with port 80 or http connections so that is what uh unencrypted web servers use and the connections can be allowed with the following command so you can type in sudo ufw uh allow allow http and we hit enter it's going to update the rules and you can also do it with using uh you can also do it using the port which is port 80 hit enter and there you are in my case i'm going to deny this so i'm going to say deny http hit enter and we're good again all right so what i'm going to do is before we actually continue i'm going to leave some services running so that when i enable the firewall you'll be able to see them when i when i essentially check the status all right so i'm going to say ufw enable or sorry allow allow ssh because i want to allow ssh connections sorry about that my typing is pretty bad right now allow ssh there we are fantastic and we can move on to the next protocols and services now talking about https or port 443 that is again uh what encrypted web servers use and can be allowed with the following command so you can type in sudo allow https and hit enter and that's going to allow https connections again that can be replicated or duplicated with the port 443 in this case i'm just going to deny the connection so i'm just going to https and there we are so the rules are going to be updated successfully for ipv4 and ipv6 as well that is why you have rules updated for both the protocols over here all right now if you want to allow both uh http and https you can do that in you can do it in one command and that is done by typing sudo ufw allow and you can also deny it as well so proto the protocol is going to be tcp proto is tcp you can also change that depending on what protocol you're using so from any from any target or you can also use the ip so from this particular target but i'll get to that in a second so we're going to say from any any computer we are simply going to allow the connection from any to any port uh to any port and we specify the port support 80 and 443 hit enter the rules updated so we can also deny it as well which is what i'm gonna do because i don't want that running so deny and voila all right so that is how to run it in one command and the the key words here are going to be the allow and deny that is the most important bit here all right if you're talking about ftp that is again uftp uh sorry um uh ufw nor am i talking ufw uh ufw allow ftp or port 21 and that can also be denoted by port 21 tcp hit enter and it's going to uh because it already exists we can then say deny and you need to specify with ftp that we're using it in tcp so deny rules updated successfully and that is how to configure or enable and disable ftp connections all right now let's move on to ip addresses now before we actually move on to ip addresses four services this is all done through the port and also through the name so if you're running pop3 a pop3 mail server you can also do it as well if you're running mysql i can say ufw allow 3306 that is a mysql a database and i'm just going to deny it or i'll leave that running so that we can also check the status i don't have a mysql server running on this computer but that's how you one would do it so uh in most cases you want to deny connections to your ad to your to your mysql database so in this case i'm going to say 3306 deny any connections to that particular port and of course i can specify the eyepiece with my previous command that i showed you right over here so i can say ufw deny protocol tcp from any to uh from any to any port and then specify 3306 here hit enter the rules are going to be updated so we can deny all connections to our sql database which is hugely important that's why you have open databases running and available to be accessed publicly on show then they can simply be exposed so this is one of the things you must do on your firewall all right so getting back to ip addresses again it's very very simple so if i want to allow incoming connections from a particular ip address i can simply type in ufw allow and i type in uh the ips so allow from 192.168.1.1 which is my gateway or access point iep address which is important because if i don't allow incoming connections from it i essentially won't be able to to get any internet access so i'm going to hit allow which is important and and that's very very important as i mentioned when your firewall is active because if you want to allow incoming connections you need to specify what ip or what ip subnet they may belonging to so uh what an example i can give you here is if you want to specify a particular port uh for a particular ip address for example i i only want the ip address 192.168.1.103 to access ssh i can type in the following so i say sudo ufw allow from 192.168.1.103 to any port to any port 22. so this will only allow uh this particular ip address to access the as this the ssh service i'm going to enter it's going to say rules are updated now if you're wondering what uh the ip address 192.168.1.103 is my windows operating system and i usually connect to my cali operating system to it remotely via uh via putty all right so that is a good rule to have uh when talking about subnets it's very very simple again so sudo ufw uh allow from and we specify the subnet range here 182.968.1.1 uh and 24 but i don't want to do that because i only want particular ip addresses uh to essentially uh to be allowed in regards to incoming connections so i'm gonna i'm not gonna hit enter but that is how to specify a particular subnet you can also disable or deny a particular connections all right so we have already talked about denying uh access and again it is all in regards to what you want to do in regards to the ip so what i can say for example if i wanted to allow a particular subnet to access the mysql database i can say for example sudo ufw allow from 192.68.1.1.1 and 24 and to any any port i can say any port 3306 of course that is a very stupid thing to do so i'll just keep it to port 22 with this which is ssh so all of my computers in my subnet should be able to access this computer via the ssh port only i'm going to hit enter and it's going to tell me rule change after normalization because we already had it active so it is changed and updated the rule all right so let's talk about deleting rules because that is essentially as far as it will go in regards to allowing in denying rules to uh incoming and outgoing connections to and from your firewall so we've looked at allowing and denying ports services and ip addresses let's talk about deleting particular rules so now that we've set our rules we can essentially enable the firewall now so i'm going to say sudo sorry about that sudo sudo enable and we type in uh sudo ufw enable sorry about that ufw enable i was getting a bit confused there with ip tables you have w enable and that's going to enable the firewall excellent so now we can check the status all right so the status as i mentioned is very very simple to check uh which by the way is going to include the number status so the default status is sudo ufw status gonna hit enter and it's gonna give you the current status of the firewall all right so tcp is going to be allowed which is port 22 which is as it is going to be allowed which is incoming it's going to allow tcp our weight we have port 80 deny allow for for it again so incoming outgoing uh the same goes for what we had set for um the rule set for both uh http and https we had set our ftp rule set here we'd set our mysql database rule set here to deny again we had set it via tcp remember it's very important to specify the protocol uh we then have again we set the rules to now a particular iep address remember from here they were all from anywhere or any particular source so allow all connections coming from my access point uh allow all ssh connections in coming from this particular ip allow any incoming ssh connections from any particular ip in this subnet which i set incorrectly it should have been one not zero that's my primary uh access point that is sitting outside of my office and then we have all the all these settings for uh for the ipv ipv6 protocol so that is how to check the status now you want to display a bit more information we use the verbose command verbose over here and i'll give you a bit more information and this is primarily what i like using so this is the status that i like using the verbose status because it tells you the status is active logging is on on low the default policies are to deny incoming and allow outgoing as i mentioned and now we have for for port 22 under the protocol tcp we want to allow incoming connections we want to allow incoming connections there which we is not clever but anyway we had set it to any computer on this subnet so that makes sense we want to deny incoming http connections we want to allow then incoming http connection and that's because i was actually showing you that we can actually disable it so i can say ufw we can say d9 for 80 and it's going to update it and we hit enter and there we are so now it's it's where we're simply denying the rules here which is great all right so deny deny for both port 80 which is http uh for https we are also denying and that's simply giving you the the action so we're denying or allowing in connections and the only ones being allowed inside are going to be for the ssh port right over here and right over here which are going to simply be allowing particular ip addresses and the entire subnet and all ip addresses from the connection now you might want to change this if you want to only specify a particular subnet but that's simply how to check the verbose status now if you want to look at the numbered status which is important because you might want to delete a particular rule you do that by typing sudo ufw status numbered [Applause] status numbered like so and we hit enter and that is going to number all of the rules that you had set which is very important if you want to delete a particular rule all right so let's take a look at how to delete a particular rule so if i wanted to delete um i want to delete rule 1 and 2 i can do that so i can type in sudo ufw delete and i simply type in one for example and that is going to ask me do i want to delete this particular rule i'm going to hit yes and then i'm going to i want to delete rule 2 as well and yes and if we check the these these status the verbose status here we can see yes now we are talking now we have uh we we have correctly set up our our firewall here so it's going to allow uh allow in connections we can also get rid of that one as well so we're going to simply display the status here the number status so let's get rid of 1 as well 1 here yes we want to get rid of that and we showed the status once more we can see that yes we are denying all connections all http connections all https connections and we also set this rule which is a duplicate rule of both these two so i'm showing you how to do it really shortly uh we are denying ftp we are denying uh mysql access via tcp and also the the port whether it be on tcp or udp irregardless the only ones we're allowing inside are going to be connections coming from this particular ip which is the access point and this particular ip which is my windows operating system and that is going to be going to be allowed on port 22 uh and the entire subnet is going to be allowed on port 22 which is really redundant because i should have just gotten rid of this one right over here but regardless that is how to delete uh the particular rules and if you want to reset it again resetting it is very very simple to take it back to the defaults that if is if you have messed up your rule set and you want to just start over fresh so sudo ufw reset and we hit enter it's going to ask you yes and remember the firewall is still active so if i just check the status it's going to tell us that it is inactive that's because we reset it so uh if we we uh we enable it so ufw enable and uh we'll then check the status right now we have or we don't have any rule set so that is how to use ufw or the uncomplicated firewall to allow incoming and outgoing connections to ports from ip addresses particular ip addresses their services how to delete particular rules and how to monitor the current rules that you have set up so that is pretty much all you need to know in regards to getting started and and fully utilizing ufw you know in in regards to configuring a particular operating system or a server if that's what you're working with so in this video i'll be showing you how to clear your tracks on linux operating systems with a variety of tools all right so why is this important now if you're a penetration tester you probably already know why this is important well covering tracks or clearing your tracks is the final stage of penetration of the penetration testing process so just before you start report writing and that video is on its way by the way so do stay tuned for that so clearing your tracks essentially involves clearing or wiping all the activity of an attacker or you being the attacker that is so as to avoid any detection by incident response teams or forensic teams all right so it is vitally important in the penetration testing life cycle and of course if you look at it from a defensive point of view it can really test incident handlers and the blue team in their ability to discover an attacker in in the system whether they do have an intrusion detection detection system or not and of course from the perspective of the forensics teams it can also test them in uh sort of analyzing their skill and finding what the attack the attacker may have left behind in regards to logs uh files or backdoors that they may have left running any user accounts that they were using etc so this is usually or commonly the biggest mistake vector that an attacker makes all right or that is associated with with attackers and it's something that has been ignored over the years which is really really weird because if you read or pick up any penetration testing book when they essentially explain the penetration testing cycle or the stages of penetration testing uh clearing your tracks is one of them just before you actually write up your report and of course if you're an attacker this is the final stage of uh of your attack and of course leaving some persistence behind but that's another video for another time so it's it's very very sad to see that this is not taken into consideration i'm not talking about this from an attacker's perspective but also from a blue team perspective where uh this is something that is very easy for them because attackers are very very sloppy they they haven't taken it into consideration so it's really good to essentially understand how this is done and how it can be and how it can be analyzed from both perspectives from a red team and a blue team perspective so uh this is usually as i've said the biggest mistake of an attacker and this is where the professional attackers are sorted out from the amateurs so if you take a look at most of the biggest hacks in the world over the last two years most of the the detection has been made really really easily from the malware that they have left behind which they didn't clear they should have cleared but of course they were setting it up for persistence as i said that's a video for another time but again also masking malware or backdoors is also a vital or an important piece of uh of the forensic or well not the forensic the post exploitation all right now when we talk about uh the attacker's perspective uh he or she usually needs to evade detection if there is an intrusion detection system therefore preventing any incident response and then he or she needs to clear the logs or back doors that can be discovered by the forensics team all right so what an attacker is looking to do and should do is first of all clear logs modify registries or clear any of the registries that they did create and lastly remove any files or user accounts that they might have been using all right now as i've said for this particular video we'll be focusing on linux i also want to make an independent video for windows because it is vitally important to understand how to do so on both these operating systems and also probably take a look at mac os as that is also getting quite uh quite popular especially for penetration testers so i'm going to be covering the fundamentals and you can do a lot of your own research i'll be covering the tools that i've personally used before and really uh the last piece that i want to actually tell you is clearing your tracks will also depend on the privileges that you have on the system and whether or not you're remotely attacking the system but for linux it is quite universal all right now i also have a little or a quick tool that i'll be sharing with you at the end of the video that is an a forensics tool or an anti-forensics tool for windows so you can definitely check that out i'll probably make another video of it but for now let's focus on linux all right so let's talk about the linux log files which are the most important aspects uh of uh of persistence or activity that is being logged on the linux operating system or the linux kernel all right so your the log files on any linux system can be found on in the var well actually let me just change directory into that so cd var and it is stored in the log directory right over here so now that i'm in the directory i can list all the files in here and these are all the log files that currently exist and of course if you just read their name they're pretty self-explanatory they have all they they have they're all they all have their various use cases and what data they are essentially logging all right so for example when talking about uh the auth.log file this stores authentication logs uh let's see if let's see if we can find the kernel if we can find yet there we are the kernel.log file which essentially stores all the kernel logs you then have the mail server logs which is of course uh i don't think we have a mail server here but if we did you'd have the mail server logs as well you then have the system bootlog which is your boot your boot log which again we don't have here for some reason we then have um you have your http the httpd log which essentially has logs for your web server if you do have a web server or a web server that being the apache web server so again there are a lot of log files here we're going to be focusing on the auth log right of you which essentially contains the authentication logs and then we'll take a look at the bash history file which is very important as well we'll also take a look at the shred file as well so let's talk about the shred file and the the the auth dot log file all right so if i'm just to open up the auth.log file here this essentially stores all the uh the authentication logs which are very very important for to a forensics team uh to essentially analyze what was happening to the system what activities were carried out etc etc all right so you can go ahead and analyze all all of the files right over here and get an idea of of essentially uh what was going on and of course that is uh that deserves its own video in its own right because that is more of a forensics type of video but for now we're looking to get rid of this because remember if you're an attacker you want to get rid of all of these files so that uh they really cannot build an idea of what was going on on the system all right so let me just exit out of this and as i said the tool that is most recommended for any of this getting erasing files erasing hard drives is shred now if you haven't heard of shred shred is essentially a tool that allows you to delete uh or erase a file permanently so it allows you to delete files data permanently now many of you might be confused with saying wow why can't you just delete it well if you delete a file it can be recovered and i'll explain this in a second so shred allows you to delete files and data permanently and prevents the recovery of that data it does this because it over it overwrites the file multiple times with ones and zeros now when you traditionally delete a file with your graphical user interface or you simply hit the delete a key on your keyboard what's happening here is your file isn't being deleted it is simply marked as a space in which data can be written to or data can be written on top of therefore replacing the previous data and of course this is going to be dependent on how you use the computer and that's why when you you see these real amateurs are doing questionable things on their computer you know doing illegal stuff on the computer just delete the file without even realizing that you aren't deleting it is deleted for you the user but uh in the back end the file still exists it's simply marked that the sector is simply marked as a as a space that should be written onto us and when it's written onto then the files are lost but you can still perform a lot of data recovery that's why you have an industry dedicated to data recovery because of how operating systems are and how they uh they essentially mark spaces or data that you won't delete it there's spaces that can be overwritten all right so that is the difference between keeping files and maintaining uh the fact that they cannot be written to or overwritten that is by other files and and when you actually hit delete so when we talk about a tool like shred shred is a tool that i've used a lot of times before for wiping or erasing hard drives when i'm when i'm done with them when i'm disposing them or when i'm selling drives which is very very rare never sell your drives all right so shred comes pre-installed in kali linux and i'm guessing in pretty much all the other distributions so i'm just going to clear this out and what we're going to do is we're just going to open up shred here with the help command and the shred tool is quite comprehensive and i'll try and explain all the commands all right so the shred command essentially when you when you're writing to a file or a particular drive it uh it essentially overwrites the specified files repeatedly and therefore making it difficult or impossible for uh you know hardware software or software recovery to to get the data back all right so the options or the parameters that you can specify with the shred tool are as follows you have the f the f command which essentially allows you to change permissions to allow writing if needed you have the n command which is the iterations or essentially this allows you to overwrite the amount of times you want which is which is good the default amount of times is three which is okay but if you're really paranoid about you know about your files and you really want to get rid of them you can increase the amount of times all the iterations then have the size uh the size of the number of bytes to shred you then have the u command which is essentially allows you to uh to truncate uh it essentially truncates and remove the files after overwriting you then have the v command over here which shows your progress over both uh shows verbose information about the progress you then have the x command right over here which essentially uh this what this does is again is it's self-explanatory but this does not round the files up to the next full block uh we then have the z command which adds the final overwrite with zeros to hide shredding so it uh usually with uh with software recovery tools they can actually detect if there was shredding done and this prevents that and you have u the u command which essentially removes the file after threading which is what we're going to be taking a look at as well all right so let's take a look at the command that we'll be using and i'll explain what's going on all right so we'll be using the vfzu command which if we just look at the arguments here we are going to be using the v so verbose v f z u so f we're going to force to change the permissions if they exist so if you don't have read and write permissions is going to force it uh so uh there we are so z uh we're going to use the v f z u so then z is going to be essentially add a final override with zeros to hide the shredding process which is good and we are going to remove the file uh after or after the overwriting process all right so that is what is going on here so to do that we simply type in shred and after shred we type in our commands or the combination of commands so vfzu and the file which is auth.log and i'm going to hit enter and there we are all right so shred it's going to start the shredding process right over here and you can see shred uh authored logo was renamed to zero zero zero et cetera renamed renamed renamed all the way to uh to the fact that the file was removed or destroyed all right so that gets rid of the auth.log file which essentially gets rid of the authentication logs very very simple you can take a look at all the other logs and of course you might want to get rid of all the other logs that that might have existed before or in the fact in in regards to the services that you might have used so for example if you used mac changer which is quite rare you might want to get rid of that log file the kernel log file which is right over here so if we open it up kernel.log and there we are these are all the log files in regards to the to the kernel so again this is a file that you might want to get rid of or you can simply edit what you don't want in any of these log files so as to to to sort of throw off the forensic themes or off of your back to essentially make it look really really traditional all right so that is how to clear your log files of course you can use shred for deleting any other file this is a video not it's not designed to be uh to be about shred but there you go you can use shred to erase files uh permanently all right so do be careful with it as well now let's talk about bash history which is a video that most of you guys requested me to to talk about now bash history essentially keeps a record of all the commands that were executed by a user on the linux command line now this is very very important because the uh the bash history is a is a file that is kept uh usually separated for each individual user on the linux system so if you are the root user you have your own bash history file if there was a user called alexis he will also have his own bash history file you get the idea so the directory in which it is stored in is in the home user the user that being the user that you are using and the file is the dot bash history file all right so i'll get to that in a second so if there was a user let me just go back into the root directory and this is where it is stored so if you do have a user it is stored in the home and the username so this is where you put in the username and it is stored under the bash history file right over here all right so that is if you are using a particular use on the system which is quite obvious but if you do have root privileges then it's also important but you essentially want to get rid of all the bash history because this will essentially give forensics teams a list of all of what you did on that system all right so let me actually show you how this can be analyzed so i'm just going to open up nano here and since i'm in the root directory i think i should have the there we are the bash history file uh now i personally have a lot of important information in there so i'm going to simply show you how to get to wipe it all right now wiping it you can also use shred if you want to but i don't recommend doing that because again you're really starting to you're helping the forensic team build uh an idea of what type of attacker they're dealing with so i would recommend keeping things as normal as possible all right so if you you can also use the null redirect to clear the file which is what i'm going to do so you can essentially use the null redirect as follows so bash history and uh as on once i hit enter it will essentially clear the file because i'm using null redirect so it's essentially clearing the entire file so bash history let me open up the file sorry nano uh and um bash history as follows and there we are so it's empty now you might be wondering well it is empty but did it contain anything well if we start using the terminal here which uh am i currently using this so i'm using terminator uh yeah there we are so i was using a material session i was just working on a few hack the box videos which will also be coming out so don't worry about that so if i was to do your sudo apt get update there is a command that i did run and we try and open up the bash history file right over here and we'll let we let that running and that is in my uh terminator session all right so let's open it up one more time and uh for some reason it isn't showing up well we have to wait for the command to execute so uh let me just wait for that to execute so i'll get back to you when this is done alrighty i'm back i've essentially just ran a few commands i was just doing a bit of metasploit work i was using messer venom all that good stuff because i really wanted to show you how much information the bash history file can uh can actually reveal so let me just open it up one more time here and my terminal always lags out when i resume a video which is really weird something to do with my processor let me know if you guys know what's going on here alright so bash bash history like so when we hit enter and there you are so you can see that i was doing uh some very interesting things here so i went to my desktop i created a payload the message venom i copied the uh the payload to my apache directory i restarted apache uh looks like i removed a motility installation i also removed an index.html file uh well i cleared the terminal i'm actually missed i misspelled so yeah this reveals a lot of information about what the attacker was doing or what a particular user was doing on the system so so there you go and it'll also tell you that your attacker has really bad typing skills and really makes a lot of spelling mistakes so yeah you can pretty much get an idea of what exactly is going on here all right so that's pretty much going to be it for this video guys thank you so much for watching if you have any questions or suggestions let me know in the comment section on my social networks on my website and i'll be seeing you in the next video peace guys [Music] hey guys in this video we're going to be taking a look at ssh brute force protection with fail to ban now before we actually get started with setting it up let's get a bit of an understanding as to what this tool is and how we can use it for ssh brute force protection all right so what is fail to ban filter ban is an intrusion prevention framework that's written in python and that protects linux systems and servers from brute force attacks now these are not limited to ssh but the scope of this video is going to be based around ssh as the primary service that is going to be protected uh you know from brute force attacks all right so it allows you to monitor the strength and the frequency of attacks and then from that you can sort of create various jails that you can use and you can sort of customize your the strength of the defense you want to set up based on the attacks you're getting and of course fail to ban can be set up to block ip addresses automatically based on specific parameters more of which i'll explain as we move along all right so the great thing about fail the ban is that it automates the process of protecting your server or your ssh from brute force attacks alright so let's get started all right now that we have an understanding of what fail to ban is and how we can use it to protect our servers you know from brute force attacks on ssh let's take a look at the infrastructure we'll be using in this video so for the purpose of this video i've just set up a quick a quick server here with linux and i'll just copy the ip address it's just a simple ubuntu server and they'll demonstrate how powerful filthban actually is so i'll just open up a terminal here and we can try and log into this server right now i haven't set any any other user account so we'll be logging as the root user and let me just enter the password here and that should log us in immediately so the first thing i want to do is i want to update the packages because we do need to install fail to ban all right so i'm just going to say upgrade update here and we do need to run sudo there because we're already using the root user but in any case let's just update the packages here or the repositories sorry not our packages now filter ban is completely free to use and you know you can install it through most of your popular package managers in our case we're just going to use the aptitude package manager so as a apt-get install and we're going to say fail to pan and we hit enter and that is going to prompt us to download about 18.7 megabytes and we're just gonna let that install uh this shouldn't take uh too much time and we can see we do have a sim link created here that's very important for the filter band service so one of the first things we need to do is we need to ensure that we have enabled fail to ban to run on on system startup so in the event you do reboot your server uh you need to make sure that filter ban you know runs directly on the startup or during the startup so to do this we'll use a systemd so system control and we'll say um enable uh of course we're gonna say fill to ban and the service is actually called fail to ban dot service so we're gonna hit enter and as you can see it's gonna say synchronizing the state of the filterband service with the csv service script uh so irregardless of whether we used systemd so what we can do now is we can start taking a look at the configuration files right now the configuration files for failed ban are going to be found in the etsy uh they're in the etsy directory so we can say um let's just list all the files etsy fail to ban and we hit enter and let's take a look at these configuration files so the most important one that you want you want to be familiar with is are going to be the jail dot conf file and the filterband.com file or the filterband.com file is a file we'll not be taking a look at uh in this video but we're taking a look at the actual jail.configuration file now uh uh if a fairly frequent or common term that you'll be hearing uh you know that will hear being mentioned when talking about fail the ban is the use of jails all right so what is a jail in filter ban well a jail is essentially a configuration file that you know contains filters or arguments that protect your system or a particular service now by default all your jails for particular services are going to be in the jail.conf file alright so if i just get the contents or let's actually view the entire file we can say um let me move into the directory so it's much easier for us to work there so we can say less and we say jail jl.conf and we hit enter uh you can pretty much see that first of all it tells you that uh this is not the uh the appropriate way of actually creating or modifying the already preset jails the reason being is this we should actually create another jail.configuration file uh with the local extension so you can see in most of the cases you should not modify this file but provide customizations in the jail.loc of the gel.local file or you can create separate.con files under the jl.d directory something we're not going to be doing because the gel.local file is pretty much the best way of going about it so what you can do is you can copy this file and you know you can make a copy of it however the second copy is going to be called jail.local in within this uh it has various jails that protect various services now the first one you can see is uh going to be the sshd or the openssh server service and it's going to be enabled so a jail has already become uh has already been configured for this but you can see that there aren't any protection uh configuration options that have been set here so for example the band time the default band time for all jails on all services irregardless of whether it's ssh or ftp has been set to one hour now we can pretty much customize this for uh particular services which is what we want to do so you can use this uh this same configuration file uh and you can copy it you know and use the local extension and this will essentially set up protection for all of those services however in our case i want to i want to actually create a new jail.local file and the only service that i'm going to be protecting or we're going to be configuring is the the the openssh server this sshd service so again all we'll do is we will say um we'll use them here and we'll say jl.local and we're going to hit enter now as you already saw within the gel.configuration file we can essentially we we can start working with these services that we want to protect so again we do this by specifying their name so in our case the openssh server is defined by the ssh daemon here so we're going to say ssh daemon and then after this we're going to start providing the syntax now the first important bit of syntax here is going to be the enabled configuration or the enabled option this essentially you know means whether this essentially controls whether the jail is enabled uh or disabled and the option here we can specify is either true or false right and of course that is self-explanatory enabled means that the uh the jail or the protection will be enabled or this these particular configurations will be enabled so for now let's just keep it at false because i want to show you uh you know a test brute force attack on the server uh before and after so what we'll do is we'll just say false and uh after this we can then get started with our configurations now let me just talk about the various configurations that exist here uh so we pretty much need to specify the service the port and the filter and the log file that we'll be using now let me explain that sounds like a mouthful but it's really very simple to understand all right so the first thing i want to do is i want to say what's the pot the port is going to be the ssh port right so the ssh port here and after this we specify the filter that we're looking for now the filter is something very important right so let me just open up a uh i'll open up a new tab here and we can try and authenticate to this server one more time so i'll just say ssh root and we'll just authenticate to this server and the reason being is i want to show you the log the log file that we're talking about this is the auth.log file now the auth.log file uh pretty much stores all the authentication attempts made to the server whether they they were successful or whether they failed and pretty much you can find this within the let's just get the contents of the file so you can find this within the log directory under etsy and it's called the author log file now when i talk about a filter again a filter is very simple to understand uh we'll just hit enter for some reason we don't have this file we're looking sorry this is in the var directory my apologies i'm just getting confused with the etsy directory there so you can see that this gives you um it gives you a log here of all the authentication attempts and when i was talking about the actual filter so if i say filter this will essentially mean this is essentially where you say fail to ban i want you to look for this particular filter in our case we're looking for the ssh daemon or the sshd service here so you can see that for example if we take a look at the first ssh demon log here we can see that this is the the ssh server listening on port 22 and then if we take a look at some authentication attempts you can see we have an authentication attempt here that tells us accepted password for the root user and the particular ip address here and this was made through ssh not a tty session so if it can also tell you whether the authentication is done locally or remotely so that is the filter we're looking for so we only want to filter for ssh daemon or sshd logs there so we then need to specify the the location of the log file that we're going to be using so say log path is going to be equal to and we specify the relative directory here so we're going to say var log and auth.log here and after this we can just hit enter and we can now talk about the security options right so the security options are very simple the first or the first of with of which is the most important this is the max retry option and this is where you specify the number of attempts to be made before an ip address or a user is banned all right so to do this we say max retry max retry and that's going to be equal to in our case we'll just say three so the number of uh so we say the number of attempts to be made before a band is going to be equal to three so if you enter you know an incorrect password three times that's that you're going to be banned right now we then have the band time right so the band time is again self explanatory this is the number of seconds an ip address will be banned for now typically you can set it to an hour which is uh is primarily going to be uh you know 3600 seconds or you can uh you can specify a day which is a very good option that many system administrators set so again we can just calculate this so 60 times 60 um that pretty much gives us what we're looking for that's 3600 multiplied by 24 hours that's going to be 86 400 so we can say 86 400 and that's typically going to block uh any ip addresses that have incorrect authentications more than three or uh three incorrect authentications for entire day right so what we can do is we'll just set it to 3600 or we can set it to 60 seconds whatever you feel is appropriate for your server based on the attacks you've been getting or you can set a generic one if you're monitoring your server and seeing how many attacks you're typically getting which i'll show you how to monitor you can then ignore ip addresses so you can whitelist ip addresses so again that's done by specifying ignore ip and then within this you can then specify any ip addresses that you may want to white if you're a system administrator it may be wise to enter your ip address here um so you can do that and i think we can also specify uh i've specified band time what about find time so the amount of time between failed uh login attempts we can you can just say find time or we can actually leave that out because we really don't need that uh these are these options are pretty pretty good um so we can save this file and we we ensured that this jail was disabled and the reason being is i want to show you what you know typical field authentication looks like so what i'll do is um let me just exit from here and i'll just ssh into this and i'll enter incorrect passwords now typically the the the max amount of times you're allowed to authenticate incorrectly is three times that's the default one but i'll explain something interesting here so for example uh actually before i do this because i do want to block my ip address because it is going to connect to it remotely let's see if we can actually use proxy chains here so let me just open up this in part os and i'll expand this uh or we can actually use anon surf so let me just use anon surf instead of using proxy chain so we'll just start this yes go ahead and the reason being is i don't want to actually expose my real ip address here because when i'll be showing you the ip addresses that were blocked uh this will come into play so what i'll do is i'll just wait for announcers and on surf to start before we authenticate to the server and i'll show you what happens here so remember the jail has is currently disabled and ssh protection is is currently not active with fail to ban all right so we are currently uh anonymized here so what we'll do is we'll say ssh root at and we'll hit enter and we'll say yes we want to accept the fingerprint and we'll enter incorrect password so i can just say password and again that will be incorrect permission denied password will hit enter another incorrect password attempt for authentication attempt hit enter one more time and there we are you can see so it gives you three attempts by default and then after which you're told permission denied let's try this one more time so we're we're sort of exceeding the amount of attempts but remember we haven't enabled the fail to ban jail so we can still try authenticating incorrectly say password and password let's try it a few more times and there we are we can still see that after three unsuccessful attempts uh it uh it it essentially disconnects the the connection what i'll do is we'll just wait for we'll just close this and uh let's restart the service before we actually get started so again uh before after writing any changes to your uh to your jail configuration file uh you essentially need to restart the the filterband service so we say system control sorry system system control and we say restart uh we'll say fill a two band service and we hit enter and that's going to restart it so now that we've tested that this uh that we you know we currently do not have any brute force protection here uh what we can do is we can modify this file and we can say uh set this to true so now we're going to activate the protection so we're gonna say true and we're going to write changes and exit and we'll restart the filter band service and let me just check the status here [Music] sorry that is incorrect we'll just change this to status and we can see it's active and running this is very important because if you do want to actually check if you're having any issues with your syntax or any of the filters you've set up for your particular jail in the jail configuration file this is where you can actually check if there are any issues and you also have the log here so you can see stopped start started and we're ready again so we can now get started and we can test it one more time so what i'll do is i'll use the same ip address here and what we'll do is we'll just say ssh root act and for some reason we're being told the connection was closed by remote host so let's try a different ip here so uh let's see if we can let's check the um the status of of the tor service and we remember we need uh do we have tor running we currently have door running i believe but i think we still need to disable the anon surf here we can just stop it uh so we'll say stop and we'll wait for this to stop and i think we can just use proxy chains now that would be much better uh instead of using anon surf although i should have done that before but i just wanted to explain a point here so all anonymous mode has been stopped and we'll just start store uh actually yeah we can we can do we'll start it and uh now let's use proxy chains i'll say proxy chains ssh um i'll say root at and we'll paste the ip in here all right so it'll ask us for the password and i'll just enter an incorrect password late enter and uh lend an incorrect password again remember we have said we have set the options in the gel configuration file to three so again it will just uh it will block the user for the first three attempts obviously uh we aren't getting a response we can also try brute forcing with hydra which is also another option so let's try this out so we'll say hydra uh l uh we'll say root and the password list is gonna be user uh share and we're gonna say word lists and we'll use some of the meta split word lists here uh let's see which ones we have do we have any ssh ones nothing much we can use the common roots let's try that we can just use any the the bottom line is i just want to show you what this would look like so we're looking for ssh and we specify the ip address here let's get rid of any other sessions that i had and let's have some verbose output and let enter and you can see it tells us that could not connect to to this particular ip connection refused what i'll do is uh we can you can see that after the third failed attempt we can see that we get no response and that actually proves that it's working however i'll i'll actually show you how you can check this so if we just terminate this and we go back in on to our server we can view the logs and the failed authentication attempts and the blocked ips uh by taking a look at the filter ban client here so i can hit enter and then after this we want to display the status right so if i hit status and we hit enter this will give you the number of jails that you have and as you can see we have only one gel and that is the ssh daemon so we want to check the status of the ssh daemon or this is ssh server as the openssh server uh jail and we hit enter all right and you can see that the status for the jail is as follows so the filter is the currently failed is zero the total amount of failed authentication attempts is six uh you then have the file list which is uh the authentication log that is going through uh it's banned three ip addresses so the total amount of band ips is three you have the band ips that i think we used with unknown surf and also with store and my ip address here which for some reason it blocked i think that's because i disabled um i think i disabled announcers and pareto's using my ip in any case so what we can do now is we can go back into parrot and um if we take a look at hydra we can see that we have a few issues here so let's test this one more time by running anal surf again and then we'll try and run hydra with that so that we have a new ip we can work with because it looked through the filter bank line that it did work um so and when i'd run i'd run proxy chains with hydra here uh because actually didn't run proxy chains directly so if i try and do that right now we can actually do it here so we can save proxy chains um we'll wait for this to connect first so we're currently on the announcer tunnel so we can just run it through this so we hit enter there's going to test if possible authentication is supported and you can see it is working and immediately we're getting a few connection errors so it's going to try connecting again but what we can do is um [Music] we can say sudo we'll say proxy chains and we'll run this with hydra right and i'll enter my password here so we can see that it's currently supported and immediately we get uh authentication errors to the server so that's working fine let's take a look at the filter bank client one more time so again i'll just clear that out and we can run the fill to burn client and check the number of failed authentication attempts again and now you can see that again the amount of failed authentication attempts has moved up to 38 and the currently the the total amount of band ip addresses are as follows so we have various ones that we had uh that we have uh that we got with anon surf and proxy chains to uh to a certain extent so uh that's pretty much how to view um this is pretty much how to view all the failed authentication attempts and the blocked ips which you can then use to build a geographical model of where most of the attacks are coming from even though they may be coming from a botnet uh so again that's how to use feldeban uh so again if you want to disable a particular jail uh we can just check this out here uh fill the ban and you can then modify the local configuration file so we can use fim and we say jail dot local and we enter so if i'm working with the ssh daemon i can just disable this to false here and that will disable the protection and if i just run and exit and we can try and restart this service so i can say system control we can say restart oops sorry restart let me just reduce the font size here and we'll say fill to ban service and we'll hit enter and there we are all right uh let's take a look at whether we can actually log in now so i'll say exit and this is through my local ip i'm not going to use proxy chains um so i'll say ssh will actually just ssh without proxy change ssh root at this particular ip and you can see it now works perfectly fine so if i hit another uh you know some other incorrect passwords we are now able to at least get authentication attempts across the line uh but yeah that's pretty much all that i wanted to show you guys how to do um you know with failed by how to use fill the band you know to protect to protect your server from uh ssh brute forces uh let me know if you have any questions or suggestions and i'll be seeing you in the next video

Info

Channel: freeCodeCamp.org

Views: 153,030

Rating: 4.9711328 out of 5

Keywords:

Id: 1hvVcEhcbLM

Channel Id: undefined

Length: 281min 23sec (16883 seconds)

Published: Tue Sep 14 2021