Linux for Ethical Hackers (2022 - Full Kali Linux Course)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hello everyone and welcome to this course on linux for ethical hackers my name is heath adams and i'm going to be your instructor for this course a little bit about me i am an ethical hacker by trade i am the business owner and ceo at tcm security we are a dual headed organization part of what we do is penetration testing and ethical hacking so clients pay us to break into their networks to their web applications and sometimes even their buildings and we do that to find vulnerabilities before the bad people do the other side of our organization is that we are a training organization we have an academy called tcm security academy and we teach people how to become ethical hackers at this point on the youtube channel we have well over 300 000 subscribers we've taught well over a million people through our academy and other platforms and i just love to teach so here's a little bit about me if you're interested in finding me on social media or any of our websites you can and here's a little bit of the certifications that i have that are hacking related and in this course we're going to be covering everything that we need to know to understand linux as an ethical hacker so if you've never used linux before and you're looking into the field of ethical hacking then this is going to be the course for you we're going to be covering how to install and run a version of linux called kali linux we're going to cover what kali linux is and then we're going to talk through how to navigate the file system how to use common network commands how to create files and view files and edit files and how to stop services start services how to install tools and how to write a script with bash scripting all this is very important because as an ethical hacker you are going to be using linux on a daily basis so it's important to know how to use linux and if you've never done it before again this is the course for you now quickly switching over to youtube i have taught this course before now i taught this course two years ago and i provided that course for free to free code camp i also actually taught a ethical hacking course for them a couple years ago and provided that to their youtube channel since then we have launched our academy our youtube channel has blown up and we are self-sufficient on our own channel to the point now we're putting up updated materials such as this ethical hacking course and this opsint or open source intelligence course and now this linux course for 2022 so if you're asking what the big differentiator is between the old courses and the new ones is that these are incredibly up-to-date in this course we're going to be using ali 2022.2 which is the very latest edition of kali linux last thing to mention before we jump into the course is that this course does belong as part of a larger course at our tcm security academy if you scroll down we do have courses on all kinds of things we've got courses on linux if you are interested in a full-on linux course we've got courses on python as well the linux for ethical hackers actually is part of the practical ethical hacking course which is a 25-hour long course on ethical hacking so if you find that you really enjoyed this course and you want to learn more about ethical hacking please do consider coming and checking out our practical ethical hacking course on the academy and any of our great other courses that we have here and please do consider subscribing to the channel subscriptions go a long way for us they help with providing the free content and getting awareness out there for the ethical hacking field and helping get people into the career of cyber security if you're watching one of our videos all you have to do is come here and hit subscribe and then you will get notified anytime we release new content such as awesome courses like this one so without further ado let's go ahead and jump right into the all right so in order to be successful in this course we are going to be utilizing what is called a virtual machine now virtual machines are known as vms for short and a vm is just a machine on top of a machine and to give you an example i'm actually running this windows 10 instance that you see here on top of my windows 10 instance so here you can see if i scroll up that i have a windows 10 machine i also have a linux machine sitting here if i were to de-maximize this you can see that i'm actually running here a windows machine in the back this is my wife and i and you come through here we just blow it back up and we're back inside of our machine so a virtual machine is just a machine inside of a machine so what we're going to be doing is we're going to be utilizing this to build out labs that way we don't have to actually have a bunch of hardware we can just use this for our our course and run what we need to on top of our own machine already now this can get resource intensive so if you are only utilizing something like eight gigabytes of ram then you might have some issues with this but you can still follow along when we get into the active directory portion you might run into issues if you do not have at least 16 gigabytes of ram to utilize but we'll worry about that when we get there there are still plenty of ways to follow along throughout this whole course so another thing to note is that i use vm's every single day this machine that you see here is actually my day-to-day pen testing machine so i run a kali linux instance on top of my windows machine and utilize that to do penetration testing so i'm going to demonstrate that to you and how we're going to build out our labs with that and a lot of us in the industry run through vms as opposed to running it directly on metal or on a machine so in order to utilize virtual machines we first need some sort of virtual machine software to play these so there are two different ways that we can do this if you are on a windows machine or a linux machine you can utilize vmware workstation player now if you type in vmware workstation player in google the first one here that says download vmware workstation player you just click on that and if you are in a mac environment you're going to be utilizing oracle virtualbox so if you type in oracle virtualbox you come here and you go to downloads you have your option there as well so in this course i will be using vmware workstation player i'm going to be running it on top of windows if you are using mac that is absolutely fine you're going to be following along just the same all you need to be able to do is follow the same instructions that i give you and you will be a-okay so if you scroll down here you can see try workstation player for windows or try a workstation player for linux go ahead and just select download now that should bring up a download and go ahead and save it if you're doing virtualbox go ahead and download uh for os x i will download the windows version just so that we can uh we can see what that looks like as well so i'll save both of these so let's view our downloads and we've got vmware workstation player here i'm going to go ahead and open this one and we're going to install this and this will be very point and click so next accept the agreement possibly give away our first child uh yeah we should go ahead and install the enhanced keyboard driver while we have this and then we don't need to enjoy join any improvement programs or check for product update that's okay we will install desktop start menu you check check your preferences as you like it i'm just going to install this and this should just finish here in just a second okay then you'll be brought to the screen once everything's done it should take about a minute or two and we're going to go ahead and hit finish and it's going to want a restart to take effect you can go ahead and restart your system i'm going to say no right now let's go ahead and install virtualbox if you are a mac user we'll hit next next here next and yes and install accept and again vary point and click with the installation select install and any options that do pop up and then we can start oracle vm if we want let's go ahead and just start that this is what oracle vm looks like and let's see if we can start the vmware player here even though we need to restart and this is what vmware workstation player looks like so here you could see that we have virtual machines we can create new virtual machines open ones etc we'll get into that in the next video so again if you are using windows or linux this is probably what your view is going to look like for the rest of the time if you are using oracle on a mac this is what your view is going to look like another site pro tip here is that i am using workstation pro and i might utilize this in some instances throughout the course other instances i'll be utilizing the workstation player they are not much of a difference especially in the beginning when we get into the active directory portion it might actually be worth it for you all to download the vmware pro trial because the trial's 30 days and you can utilize that to get through some sections and actually have nice little windows here uh to to be clean and just have a pro edition i you can do everything that i'm going to show you in the course on the player it just is that you have to open if you want to run more than one machine you'll just have to reopen the vmware workstation player uh several times to run multiple machines but that's okay it just won't look like this nice clean layout where you can transfer between machines like i can do just here so with that being said let's go ahead and move on to the next video we're going to be installing kali linux onto our vmware workstation player now that we've installed vmware or virtualbox we need to install linux we're going to be using a version of linux called kali linux throughout this course this version of linux is a debian based distribution which is geared towards ethical hacking and penetration testing so it's a special version of linux that allows us to have all the tools in one place that will allow us to hack without having to download these tools and install them on our own custom linux distribution so it's all kind of nicely built into one package so if you go out to google and you type in kali linux download you should see this link i'll put the link in the description below as well but you should just be able to go to get cali right here and you're going to be presented with a couple of options here we're going to be using a virtual machine in this course so we're just going to go ahead and click on this virtual machine option and that's going to take us down just a little bit here what you're going to do is you're going to download the respective version that you need so if you need vmware you download vmware if you're using virtualbox go ahead and download the virtualbox one now they have a direct download which is a 7-zip and they also have a torrent if you know how to torrent what you're going to do is go ahead and download the file that you need and while you're doing that if you do choose to download directly you're also going to need a tool called 7-zip or a way to unzip this file so go ahead and start your download while it's downloading let's also go ahead and navigate to 7-zip so if you go to google and you look at 7-zip you'll see this page here comes up you just go to download in here you're going to download the file that is for your respective system so here i'm using windows on 64-bit i would download this executable right here now if you're running on linux here's where you download linux if you're running on mac os here's where you download for mac os very straightforward i've already got this installed but what you need to do is just download this and literally click next through it make sure you get it installed go ahead and pause the video once that is installed 7-zip that is and once you have the actual cali image downloaded go ahead and unpause the video i'll be here waiting for you okay so your next step should look something like this you have your 7-zip file open you should see a folder located in there and the easiest thing is to just drag and drop this you can also right-click and extract if you know where you want to extract it i created a folder called cali i'm just going to grab this and i'm going to drag it over and it's going to take a minute here just a few seconds honestly to unzip the file size of this one at least for the vmware version is around 11 gigabytes or 11 gigabytes exactly unzipped so make sure you have the space on your hard drive in order to do this now once you have it unzipped you can go ahead and just double click in here you'll see a bunch of files if you have vmware installed you can actually just double click on this vmx file and that should open things up for you i'm just going to show you the other way around doing this as well so with vmware workstation player open what you're going to want to do is go to open a virtual machine and in the folder that you have you should see this vmx file as well again you could double click it or you could just open it through this what's going to happen is it's going to open that file here and you're going to want to edit this virtual machine settings once you have it loaded click on edit virtual machine settings and in here we're going to want to first change the amount of ram that we have now this is dependent on your system if you have like eight gigs of ram or maybe even 16 gigs of ram you might want to try leaving it at two at first i'm gonna bump mine up to four gigs which is 4096 and i have 128 gigs of ram so i have more than enough space to allocate for this but if you again if you're on like eight gigs of ram probably not the best idea to jack this up beyond two honestly i would try it at one maybe two see how it works the other thing you're going to make sure of is that you're running on nat network so if you click on network adapter make sure that it says nat and that's selected once that's selected go ahead and hit ok and then you're just going to hit play virtual machine when it asks you what to do just say i copied it now from here it's going to take a minute for this to load you can just let this run through it'll boot on its own once you are presented with the login screen go ahead and unpause the video but until then pause and i'll meet you back when you're at the login screen okay i'm at the login screen i'm going to make this a little bit bigger just so we can see and from here what i'm going to do is i'm just going to type in the username of cali aali and the password of cali aali hit enter and if you see this screen congratulations you have successfully installed kali linux and you now have it up and running in later videos we're going to cover what we're going to be doing and how to use this and how to use linux and all this but for now pat yourself on the back you've got linux installed and we're going to pause here and move on to the next video okay so this video pertains to some updates we need to make to virtualbox for quality of life so if you're not using virtualbox you can go ahead and skip this video if you are buckle in we just need to do a couple of quick updates and then we should be good for the rest of the course so go ahead and go out to google and google virtualbox extension pack what it's going to bring up is just the downloads page of virtualbox so we're going to want to go here and on this page if you look kind of towards the middle you'll see that there is a virtual box extension pack here we're going to just click all supported platforms and that will automatically download the file that we need so once that is downloaded and pause if you need to go ahead and open virtualbox and you can come in here and up at the top we're going to go ahead and click on preferences and from here we are interested in extensions see extensions right here go ahead and click on that there's a little plus sign we're going to go ahead and click on that and then you should have your downloads right here so we're going to take the downloads and just go ahead and install that hit install read this give away your firstborn accept all the terms and you should be good very quick install okay the second thing we need to do is we need to come to the one tab appear above which is network we're going to go ahead and hit the network button or this add button we're going to add what is called a nat network okay and we're going to come in here and we're going to double click and you can go ahead and keep these defaults i'm going to actually change them to 192.168.57.0 because that's what's going to be used through the rest of the course and that is what the cider notation of my cali machine and my key optrix which you'll see later etc all fell into this 57.0 so we're going to go ahead and keep it on this network make sure you support dhcp go ahead and just hit ok hit ok and then for a machine and make sure any machine that you use again any machine that you use in this course make sure you set it to nat network if you're using virtualbox so you can come in here click on a machine like this mail machine i have here you can just click on that settings go to network and then you can go ahead and just go to nat network all right and that name right here you see name net network that's all we're going to use that'll automatically set it up so when you have a cali machine running later and you have keoptrex or another box running or even when we build out an active directory lab you need to make sure that you're running that net network so that all the machines are on the same subnet if you don't you might run into a situation where uh the same ip comes up for the same machine and then they're uh conflicting with each other or you get on different networks and some weird stuff happens so make sure again that it's imperative that you're setting that net network for every single machine that you're setting up so with that said we're going to go ahead and move on to the next video in this section the first thing i'd like to do before we get started with any commands or anything like that is just take a look around kali linux and kind of demonstrate why a pen tester or ethical hacker might use this distribution of linux now throughout the course as stated in the last video you might see a different version of this pop up as i recorded videos on some of the older versions everything should still work just as is you just might see a different look and feel to some of the cali interface but all the commands i'm going to show you everything that we do is going to be the same so let's take a look and just explore kali linux just for a bit so if we come up here into the corner and we just click on the little cali logo you can see that we have nice things broken out for us so we've got these favorites up here which we have our terminal which we're going to be living in essentially we've got a text editor we've got a web browser which is basically firefox we've got some other tools down here docs etc the other thing that we can come scroll through is we can see that we have different applications in here if we look at the different sections these kind of go in order which we haven't covered quite yet but in the order of how a hack might go down so information gathering is usually the first step you can come in here look through this and here's a bunch of tools related to information gathering you can even click into these and go deeper if you wanted to related to specific things so dns or smb or open source intelligence all of this that's in here this is just built in tools so let's say we're coming in here we want to do a wireless attack well we go to wireless stacks got a bunch of tools already built in so kali linux is just essentially a ethical hacking distribution of linux and it's built on debian so if you've ever used something like ubuntu or anything along those lines of a debian distribution this is all going to feel really familiar to you with just a bunch of tools built in on top of it so fairly straightforward they do have some nice tools in here you can come through and utilize these a lot of this is already built in and we're going to take a look at that as we go okay so the next thing that we're going to do is and throughout the rest of this course is start looking at the terminal so if you come up here you'll see that we have a terminal now mostly everything that we do is going to be done in this terminal here now this is almost like accessing the command line so if you're using a command line like in windows for example if you've ever used command line if not that's okay but we do a lot of this from this interface as opposed to maybe utilizing a gui base interface where if we clicked a folder this might look more familiar to you if you're a windows or mac user you come in here you have this kind of area yeah yeah we can do that and sometimes we'll utilize this but a lot of times we're going to be living right here okay so as we move forward we're going to start talking about this command line how we can utilize it and use it to our advantage and then we'll do some tips and tricks and hopefully learn some pretty neat stuff as we go so in the next video i'm going to cover the pseudo feature which i think is important it's something that was brought in now originally we had something called a root permission and we'll talk about that that has changed since 2020.1 moving forward so we're introducing that into this course and we'll talk options that you have so let's go ahead and move to the next video where we talk about the pseudo feature all right so before we look at any commands or learn any command line we have to talk about sudo sudo is very important and what had happened previously was that in the earlier versions of kali linux we ran as a user called root root is the ultimate user you could think of it as the administrator of the machine now we're running as a user called cali so we don't have root privileges directly this is as an improved security feature because we should be running only certain commands when we need to as the root user so we're going to see is we're going to see how we can run commands as an elevated privilege and we're going to do that with sudo which stands for super user do they just kind of shortened it so we just have pseudo now okay now with sudo what we're doing is we're saying hey i want to run a command elevated i want to run this as a higher user in this instance we can say i want to run the command as root why is that important well let's take a look at an example let's say that i wanted to look at a very sensitive file now one sensitive file in our system is the etsy shadow file you can see cat etsy like this etsy shadow and you don't have to follow along right now you don't have to really understand what's going on if you've never seen linux all i'm doing is saying hey i want to print out this file i want to look at it okay and for here i can't see it it says permission denied you don't have the access to see this file that's a good thing but if i was the root user or somebody that had elevated privileges i could see it so i could say sudo cat etsy shadow like this okay and it's going to say what is your password for cali i'm going to go ahead and say cali k-a-l-i hit enter and now i can see that i have access to this file and this file is very sensitive we'll talk about this later on in the course but sends it a file okay so when we're looking at it i ran that command specifically as the root user as the root user i'm able to see okay this file now why or what's going on here well we're running that specific command right and we're still staying as cali we're doing this in a kind of one-off scenario so there will be times where something that you run in this course might require pseudo or you can run the command without sudo but you notice something doesn't work so best practice for this is saying hey let's go ahead and just run mostly everything that i'm showing you command-wise in this course that's not best practice overall usually you should run things just as a regular user if you get permissions blocked then run it as sudo as necessary now the other thing to point out and we'll talk about this again in later on in the course but why can we do this is because this user is part of what's called a sudoers file meaning we can have this permission not any user can come in here say we made a new user and we just called the user john we can't just take john and just go ahead and just run these commands as root no john has to have the permission to do this so you can think of cali as being an administrator but only when we utilize that access or that privilege okay the other thing i want to show you though is that we can switch over to root if we want to we can come in here and we can say sudo switch user dash just like that and then i'll put us into room now you can see okay we're running root at cali and that's only for this instance you can if you want i'm not going to demonstrate how to do this but you can if you want change the root password log out and log back in as root and run through this course as root again that's not best security practice but that feature is available to you if you are a linux user that is comfortable with linux comfortable with running as root and you want the easy path otherwise i highly recommend just staying as cali running as pseudo privileges as you need it and then moving forward but this is a quick way to switch into root if you need to sometimes even running pseudo causes some issues so switching to root to run a command is okay what we can do here too is the demonstration is we can go file new tab and look at a new instance and you'll see that this instance of root is only good for this tab here once we start a new tab we're going to be brought back right back to cali cali you can see that from the top line in the tab as well so just keep note of this when you're running commands in this course if you see something again try running it with sudo if it's not working or if it says access denied then you know hey i need to run sudo very very very important okay i'm trying to drive that in into your brains right now so from here we're going to move on we're going to start looking at how to navigate around the file system taking a look at everything from a bigger picture and diving into terminal so i will see you over in the next video now we're going to take a look at the linux terminal and if you're a user of a regular computer like windows or even mac os you are probably used to using what is called a gui or a graphical user interface and we can do this with our version of linux we can come in here and if we want to like go to folders we can absolutely open this and go to folders we've got the ability to go to firefox we've got all of our tools in here that we want to use or look at and we have a graphical user interface however a lot of our time is going to be spent on the command line and using a terminal so it's very important that we learn how to use a terminal in linux so looking at our terminal here we can see a few things before we even get started the first thing is that we have a cali at cali what does that mean well the first instance here is cali that is your user so remember when we first logged in we logged in as cali and that is our user so if we ever switch over to root we'll see root here the second part of this is our host name so our computer name happens to also be cali if you change your host name you could say whatever you wanted to say here the last little part of this is this atilda this is actually the directory that you are currently in so this is a quick way to say what user am i what workstation am i on and what directory am i in now we can take a look at what directory we are in with the pwd command and that stands for print working directory and in this instance you can see we are in the home forward slash cali folder and that is the equivalent of being in the atilda so if you see the atilda that just means you are in your users home folder so if we were a root user we would actually be in the forward slash root folder as opposed to the home cali folder so the atilda means something different for every user that you're on the next thing we're going to look at is the change directory feature so imagine that we are in our folder here so if we go to like i don't know our desktop and we're sitting in our cali folder this is really what we're looking at so we're looking at cali right here and we want to get out of this cali folder and change into another folder say like i don't know downloads for example if we go into downloads it's very easy to click into but how do we navigate around on the terminal i'm going to show you how to do that so the first thing we're going to do is use the cd command that stands for change directory now if we do change directory dot dot that says i want to go backwards so if i do that now you can see that we are in the forward slash home folder but we can also do a pwd print the working directory and you can see that we are in the home folder now can we go any further back well let's try cd dot dot again and now you can see we add a forward slash if we do a pwd we are at a forward slash and one more time i'm going to cd dot dot and see if anything happens nothing happens here we cannot change any further we are in what is called our base directory so if you see a forward slash think of that as the base folder you cannot go any further back from that now i'm going to clear my screen if you want to clear your screen you just hit control l like that and that'll clear the screen and from here we're going to look at what is in our base folder and to do that we can use a tool called list which is ls so from here we can see different colors and different things and we can tell based on the colors though these color schemes are not the greatest in the newest kali linux we can still see like hey this darker version of blue is actually a folder where some of these other things are actually files we don't have to worry too much about that right now but we just came out of the home folder so we can see here that we have a bunch of files and folders and let's say we want to go back to the home folder well we can cd home and i'm going to start typing h and i'm just going to hit tab and because there's nothing else in here with an h we don't have to worry too much it will just auto-complete to the home folder now for example if there's a bunch of l's i'm going to back up really quick before i hit enter if i wanted to try something that has multiple items in here if i try the l and i hit tab you're going to see that there's going to be a lot of options for me to go through and depending on what you have is when you can auto complete so if i start typing lo it should know that there's only one lo and i can tab and auto complete the rest so you just have to be able to get to a point where you can tab out or if you know the first letter of the file that you're looking for you can hit tab on that and you can see okay here's where i need to be or here's what i can look at with everything that starts with that letter i'm going to delete this and we're going to cd back into home we're going to ls to list the contents of home which is just our cali folder so i'm going to cd into cali and if i ls from here you can see that i have our desktop documents downloads similar to what we saw in the graphical user interface when we were in the folder now we can see it from our terminal now before we go diving deeper into these folders something that i want to look at is what if i wanted to get to this etsy folder over here so there's this etsy folder that was in our base now if i try to cd into etsy from here nothing's going to work i'm tabbing nothing works if i try cd etsy it's going to say i can't find it so what does that mean well when we change directories we can only change directories from the folders that we have available to us so i can only change directories into these folders by using that sort of nomenclature however if i can provide a full directory or a full path then i can cd from any folder that i'm in so if i go cd forward slash because remember we have the base here well then i can say forward slash et start typing that out and guess what i get etsy here and if i wanted to dive deeper into what folders are in there i could hit tab and i could see all the folders that are available in the etsy folder to complete my task now if i hit enter i will be brought into the etsy folder and similarly i can hit ls and see all the files and folders that are in here now let's just cd here and i'm going to use the atilda and that's going to get us back to our home folder i'm going to ctrl l to clear screen and then i'm going to ls again you're going to see we're back where we just were now in this case what if i wanted to list the files of the etsy folder well it's the same thing i could do ls forward slash etsy and that will list all the files as if i were sitting in that folder so just know that you can list folders and files you can change directories from being it within another directory it doesn't have to be in that same up and down tree that i was showing you there's a lot more robustness to these commands same thing if we ls in here we could take a look at the folders and we don't have to change the directory to see what's in these folders we can just ls desktop for example and start auto tab completing there's nothing in there i do have something in the downloads folder just because i changed my picture i put our tcm security logo in there so i have that in the downloads folder but it's completely normal not to have anything in your desktop or downloads when you first install cali and again we can achieve the same thing by cd into downloads and then hitting ls you have the same object here as you saw before except we're just now in that folder so you have to declare the folder or be within the folder to see the contents okay now let's go ahead and cd back to the base folder you could cd dot dot or just use the atilda i'm going to clear my screen and from here we want to talk about making a directory so let's make a directory i'm going to make a directory called heath you can just use your first name if you want and then when you ls in here you can see now that the heath directory is here and i could see the end of that heat directory i can ls in that directory and there's not going to be anything in there so i'm going to go ahead and back up one and now i'm going to show you how to remove a directory or remove a folder so you say rmdir and you're going to go ahead and just say heath and that will remove that these commands work exactly the same as everything else if i wanted to make a directory in the base folder i could totally make dur forward slash heath if i wanted to and i could also remove that from here so again it doesn't matter exactly where you're at as long as you're using full file paths okay so i've cleared my screen and now i want to run ls and you see in ls that we just have a bunch of folders but that's not entirely true what we're going to do is we're going to do an ls dash la and i like to think of this as list all but really it stands for long all and if we hit enter you can see that there's a bunch of new files in here and folders actually so from this we can see that we have a like a bash history we've got a dot java folder anything with a dot is considered a hidden file we won't see that when we're using the ls command we actually have to do a dash la command and this is a great time to actually take a look at what these sub commands are and how are some ways that we can identify what these things mean so i'm going to show you a website first and i think this website is awesome we can go to something like explainshell.com so it is explain shell you can see it auto completing up there but explain shell.com and if you came in here and you wanted to take a look let me make this a little bit bigger if you wanted to take a look at like ls-la you could say okay explain this to me and it'll tell you okay the first part is ls that means list directory contents remember i called it the list command that's what it is now what does that la do well the l you hover over it says use long listing format and the a says use all okay so do not ignore entries starting with a dot which is what we're looking for and the long listing just gives us more detail gives us these file permissions which we'll get into a little bit later and who owns it and what the file size is the directory etc etc we'll get down into that in just a few videos we can also use what are called man pages i'm going to control l again if we do man ls man stands for manual so man ls we could see in here that ls means list directory contents great dash a stands for all do not ignore entry starting with the period same thing as we saw before we could scroll down look for the l portion of this and we'll see that we have use a long listing format you can hit q to quit this so if you don't have internet access for example you can use man pages i like using explainshell.com i think it's pretty awesome but man works very quick and from the terminal you don't have to leave or do anything another thing that you can do is ls dash dash help and that will give you similar to the man pages though not as full detail i guess is the best way to say it and you come in here and you can see the same kind of switches and commands that were in here so dash help works for a lot of commands it's one of those that you should know and you should try if you have any questions about what you're trying to do it's a great resource so if we ls dash la we can cd into one of these hidden folders like we could cd into dot cache for example and we just ls that you can see that there's actually stuff in the cache in here so we're not going to get into this i just want to show you that hidden files and folders do exist so if you're looking for something especially pen test related something might be hidden if you're on a linux machine you might need to do ls-la to see a hidden file and they're incredibly easy to see as you can see for yourself let's go ahead and cd back to our home folder and from here i'm going to show you a couple of things that we're going to explain later on but i just kind of want to get you familiar with it so the first thing i want to show you is the echo command if we go echo and we use a single apostrophe and we say hi like this that's just going to echo out to the screen we'll get into the echo command a little bit later on in the course what we're doing here is we're going to echo this into a file so i'm going to say hi and then i'm going to put that file i'm going to use this greater than symbol and that's going to be a redirection operator and i'm going to say hey just go ahead and make a file called test.text and while you don't need to know this yet if i ran cat on this on test.txt you'll see that it prints back out hi okay so i just want to have this file here that we created and what we're going to do is we're going to just quickly ls we're going to see that it's there you can see that there are color differences for files and folders again and the reason we're making this in this video is i want to show you the copy command so if we run copy on this we could say copy test dot text what i want to do is i want to copy this into the downloads folder so i can just say copy test.text into downloads if we ls we'll see that test.text is here we're making a copy if we ls downloads we can see that test.txt is actually in there as well so similar with the remove directory we can use the rm command and what we're going to do is remove that file and again we don't have to be in the directory to remove it we can call the directory path and then test.txt if we hit ls on downloads again we can just go ahead and hit enter and you're going to see that there is no test.text in there anymore but if we ls here you'll see that test.text does exist so i'm going to go ahead and control l the opposite of this is the move command now if i move test.txt and i put that into downloads if i ls now you're gonna see that there is no test.text in here why is that well if we ls downloads you're gonna see that we moved it so remember copy leaves an original version wherever you copied from move completely moves it so the cp and the mv commands are what you need to know there now while we're on this what we're going to do is we're going to look at a command called locate the locate's pretty awesome if you did locate and say i wanted to find out where that test.txt file is i could do locatetest.txt and we're probably not going to get anything back quite yet now if we're looking through this none of these files are where we're at so there are some tests.txt files on this machine but we're not seeing the one that we created so say that we created a file we can't remember where we put it and we just want to go search for it and find it what we can do is we can say update db and you're going to see that we actually get a denied why are we getting permission denied well this comes back to sudo so let's go ahead and sudo update db you're going to enter in your sudo password it's going to update the database and now if we do locate test.txt and you can just when you see a screen like this by the way where it's kind of semi-gray if you just hit the right arrow that will go ahead and auto-complete because it remembers your last command you can hit that and you can now see that the first entry in here is home cali downloads test.txt so now the database is updated and it finds it one other thing to mention i just talked about autocompleting with the right arrow if you hit the up arrow you can go through your previous commands you can see all the commands that i've been running through so we can also use the down arrow to scroll back down through those commands so say i wanted to run that locate test.txt command again instead of typing it out i just hit the up arrow and then i hit enter easy breezy okay so we're gonna go ahead and remove downloads test.txt and now that file should be gone we can ls one more time into downloads just to make sure and you can see that ecm security finals the only thing that's in there one other thing to point out that i just noticed actually is these files are case sensitive and the folders are case sensitive so if i try to cd into downloads it's not going to work because downloads doesn't exist so if i cdn2 downloads i could spell then you can see that i actually get into the downloads folder so note that it's case sensitive auto complete i go back we'll do a pretty decent job at trying on newer versions of cali that is if i hit do for example and then i tab it'll realize that i'm trying to get to downloads the last thing i'm going to show you is the password command that is p-a-s-s-w-d we are going to be good security engineers and change our password we're going to make it a strong password because we're good security engineers i am going to be the bad security engineer and make my password password and i'm doing that because later on the course will talk about cracking linux passwords and we're going to use my bad password as an example so here we're going to type our current password cali is a terrible password by the way and we're going to go ahead and type in our new password you can make your password whatever you want i'm making mine password and now we have updated successfully and we have finished all the commands that we need to know for this video i'll go ahead and see you in the next lesson now we're going to talk about users and privileges so in the last video we learned about ls-la so i am in my home folder which is the atilda here and all i'm gonna do is just say ls-la i'm gonna hit enter and we're going to see a bunch of stuff over here on the left hand side we've got this we've got the details kind of of ownership we've got some file size in here and we'll talk about all of this but we do ls-la we're getting so much more information than whether or not a file is hidden which is kind of the purpose we looked at it for last time but now we can take it and look at it from a different scope or a lens we can see that we have this column here the first column now the first column tells us something interesting it first tells us whether or not we are looking at a file or a directory so if we see a d here we are seeing that this is a directory note that these are also color coded right so we have blue for directories it looks like and then white here or files and then we also have links which we're not going to get into much right now but a link looks like it's a lighter blue so we have the indicator here first it says okay it's either a d or maybe a dash or an l there are other settings that could be here but for now this is all we need to worry about the next set of things that we're going to look at are these rwx's or our blank x what does that all mean well rwx means read write execute when we're missing one of those like a dash here that just means we have a read and execute and there are actually three groups that we're looking at here so we have the first group which is the owner of our file so this first group says read write execute for the owner of this file and if we look at the owner of the file we can actually see that the owner is going to be cali well in this instance it's the directory but here we're looking at cali you can see that one of these has root listed but in this instance since we're using the cali user and we're in our home folder we're looking at mostly cali being the file owner for this the next one we're going to look at is we're going to say okay group membership so anybody that is a part of this group what do they get ownership to or what do they get to do with this directory or this file well anybody in this group can read or execute but they cannot write to this directory or file and lastly we have the third setting which is all other users what can all other users do all the users can read and execute but they cannot write here and we don't have anything in here besides this link that is read write execute we don't have a world read write execute in this folder and that's okay this does come into play when we're doing penetration testing however when we want to find some sort of file that has read write access or read write execute access if we have full access that is ideal especially if there are some sensitive files that we're not supposed to see or maybe were misconfigured or if we need somewhere to write to on the disk for example if i clear the screen here and we do an ls-la of the temp folder we can see that temp actually has read write execute privileges throughout this is a great place when we're doing pen testing and we're working on a linux machine that if we need to come drop a file we know that this temp folder can be written to we can write whatever file we want and execute these files from here without having to worry about too many permissions so if we're attacking machines later on especially as we get on into the practical ethical hacking course you may see me go and use the temp folder to upload malware or write a malicious file or something that i can do from a folder that is read write executable so let's clear the screen again now another reason and importance for the read write execute is that if we write a script we won't be able to execute that script until we have full access to do so that's going to become more important as we download files and try to run them against machines but even in this little section when we're looking at the bash scripting we're going to need to be able to execute our script and we're going to need to be able to change the permissions on that let's go ahead and do that here we're going to create a little text file and just look at the permissions and how things change so similar to the last video we're going to do an echo and we're just going to say hello and in this we are going to use our directional operator and we are going to just put this in a hello.txt file if we ls-la we could see that hello.txt is in here but look at the permissions that are set we have read write permissions we don't have any execute permissions if this was a script or anything that we're trying to run the machine will not let us run it because we do not have the execute permissions same thing here everybody else can only read this file they cannot write or execute this file so we can change the permissions on this and we can do that with the ch mod which stands for change mode so i'm going to go ahead and clear screen again and we can do a ch mod and there's two different ways to do this the first way is to do something like a plus sign and then give the permissions that you want set for that file so we could do something like rwx that is read write execute if you wanted just read access or read write access or just write access you would put the appropriate lettering there and let's go ahead and just give this a read write execute and i'm going to say hello.txt and hit enter and we're going to go ahead in ls-la again and now you can see that the color of this has changed why it is fully read write executable for us as the user okay as the owner i should say so that's one way of doing it however there is another way of doing this as well we can say chmod 777 hello that txt hit enter do an ls-la and you'll see now that everything has read write execute here well what changed what is this 777 and why is it so important okay for that we're going to jump over to powerpoint for just a second okay so we have different numbers that we can set for the ch mod and remember we did 777 because we gave a seven to each group we had the first second and third groups remember that well what does seven mean well seven means read write execute so for a read permission we get four points or a right we get two and for execute we get one so as you can see down here we have four plus two plus one that equals seven well if we had no permissions that would be zero so we could do something like a seven zero zero you might see something like read only and then you would just give it four four four across the board for example or i've seen something like an ssh pem file and those files require specific permissions typically it is six four four so that would say that the owner has read write but no execute and then the rest of everybody else has just read access to that file so that would be a 644 permission so if you ever wonder what the permissions mean you can always refer back to a chart like this or quickly google what do the ch mod numbers mean just know if you want to give something full permissions you are going to set 777 across the board and if we're doing hacking or doing penetration testing that's often what we're going to use with the exception of pem files where they have to have more restricted permissions sometimes six four four sometimes actually four zero zero is what i've seen as well from here let's go back to our cali machine and i'm going to go ahead and control l to clear the screen here we want to take a look at adding a user so we're going to do a sudo add user and you can give whatever username you want i'm going to just call this user john it's going to ask for our pseudo password remember we changed our password so make sure you put in the right password and now it's going to say okay what password do you want to use for john i'm going to go ahead and enter that and i'm going to enter it again and then you could just hit enter through all of this and get back to this screen where it says cali app cali from here we're going to go ahead and switch user and go into john so just do su john i'm going to ask for john's password go ahead and give that password and now you can see that we are john at cali so what is special about john well we've made a new user and john has some permissions now if we wanted to cut out like the etsy password file we can and this is a very common file that you're going to look at as a pen tester if you come in here the etsy password file is important this is something that we can see a lot of information about this machine now the etsy password file is called the password file not because it has our password in it but because it used to store our password in it a very very long time ago now what is being done is they put an x here for a placeholder and that placeholder is then filled in with the shadow file we'll take a look at that here in a second so we are using the cat command and you've seen me use this several times throughout the course we are using that to basically print out a file so when we print out the file we can read the file so from here we're reading the file we're saying okay i see root root is the zero user id and that is important that's telling us they are the ultimate user on the machine they are user zero if we scroll way down to the bottom we should see some users that were created here for example we see cali cali's user 1000 pretty common we can also see that john is in use here and john is user 1001 we can see what type of shell type they're using and what their home folder is as well you can see the zsh shell type compared to john's bin bash so they are different shell types and we'll get into those a little later on but from here we can also see roots here we can see the root shell type and we can also see what kind of services are running on this machine so if you want to find the users i typically look at root and then i look and scroll all the way to the bottom to see what's been installed besides what's on this machine so in here we can see some things like ssh which is important we know okay this has the capability of running ssh maybe has an ssh service maybe it has a sql service here with the mysql openvpn so it's a little bit of information gathering if we were to land on a machine for example and we're a low-level user with no privileges we could start to look at who are the other users on the computer why are they important how can we get a hold of them where are their files located what kind of services are running on this machine this is all part of the information gathering stage of ethical hacking and this file leads to a lot of clues for us now clearing the screen let's say i want to view the shadow file the shadow file is the file that contains the password hashes for this machine i'm going to go ahead and try to type in cat etsy shadow permission denied okay maybe i need to use sudo let's try it here enter our password oh john is not in the sudoers file this is also called the su-doers file and you can also call sudo sudo depends on your nomenclature and how you pronounce it i'm a pseudo person so from here i'm going to go ahead and control l we're going to switch user back into cali and we're gonna take a look at some stuff so if i go switch user kali it's gonna ask me for the password and enter our password in and first thing i want to show you the shadow file before we move on to the sudoers file so if we go sudo cat etsy shadow i think this is important to see you can come in here and remember how i said with a hash that this is set here so our root password has not been set there's no hash in here and this is security best practice we don't really want to have a root password unless we absolutely need to in this instance we might just want to have certain users that can elevate into root and then if logging is enabled we can then see from our logs who accessed that root account at what time you really don't want to have a root password where anybody can just log in with a known password because then that eliminates some accountability so best practice would say hey if we have a linux machine you get all regular user accounts and then if you want to run something as an elevated privilege you're going to do that with your account and then use sudo for that but looking down here we can see the hashes for this computer okay and what's interesting actually is kali and john have the same password but they have different hashes and that is sort of unique if you saw this in a windows machine if the password was the same on the local machine you would see the exact same hash and that is a clear indicator that password reuse is in play but here it's not so the hashing algorithm that's being used is a little bit different and it's generating different hashes even though the password is the same regardless the password for both of these accounts is password and that's very weak and can easily be cracked as we'll find out later on okay now on to the sudoers file what we're going to do is we're going to do a pseudo cat and we're going to look at etsy sudoers just like that and i might have typed that a little fast so i'm going to go ahead and scroll back up for a second pseudo cat etsy sue doers okay just like that it should auto tab complete and from there we're going to come in here and we're going to look at who has what privileges well if you see allow members of a group sudo to execute any command and you see percent sudo so it's calling sudo from somewhere else sometimes we can just include users in here we could say hey the user cali i want to do these things instead this is saying hey anybody a part of this group i want to be able to do whatever they want they can execute any commands like they were the root user essentially so with that what we're going to do is we're going to take a look at who is in that percent pseudo group and we can do that by using the grep command so we can say grep and we're going to get really familiar with grep in the bash scripting video but basically think of grep as pulling out a specific string or element out of a file or some contents that you want to see it's a great way to narrow down specifics and pull down only the information that you want and we're going to get really familiar with it here in a couple of videos we're going to say grep and then we're going to say sudo just like this and we're going to do that from etsy group okay and it says who has a pseudo privilege here all we see is kali so our user has pseudo privilege if we wanted to give privileges to john we'd have to add john to the sudo group in the etsy group or we could add john specifically to the sudoers file and give him specific permissions as well and as we move on in the course and we get into privilege escalation and if you ever go into more of the privilege escalation courses that we have you'll see that we look at pseudo privileges immediately when we get onto a machine by doing something like sudo-l and we'll take a look at those and say okay what commands can i run and in this instance we could see okay all commands can be run here but sometimes that's not the case sometimes we can only run one specific command or maybe john for example we want john to be able to run python because john's a developer so john can run python with pseudo privileges but cannot run anything else so something to think about depending on the individual and who we want to give permissions to on that machine they might not have privileges to access everything as sudo they can actually be limited in what they can run as well so that is it for this video i'm going to go ahead and catch you in the next one now we're going to touch on networking commands that are relevant to penetration testing and relevant to this course so the first thing that we're going to do is we're going to use the ip command and that is ipa ipa lists all is the way i like to think about it and you can see here that we have a loopback address and we have our eth0 this is our ethernet address and you can see that we have an ip address here ipv4 of 192 168 138 140. we are on a slash 24 subnet and here is our broadcast address here we can also see our ipv6 here which is nice and we can see our mac address here so we can also look at this through the i f config command and that will show us the same things here's ethernet zero here is the loopback all the same information here ifconfig is the old-school way of doing it ipa is the newer way of doing it ipa is nice and colorful if i'm being honest i still use ifconfig because i like the old school way of doing things but ipa is the new way of doing things and in some instances ifconfig requires pseudo to even run or may no longer be on a machine but in some instances ip is not a machine depending on what type of machine you're on and what you access you may need either one of these so it's great to show you both now while the ipa does all if only shows the ethernet connection so the hardwired connections if we want to see wireless connections we need to do iw config and in this instance you're going to see down here that we have no wireless connections right now when we get into wireless hacking we'll see that we have connections established and we'll use the iwconfig command but just know for now that it's for wireless and if you ever need to use it that's what it's for let's clear our screen and the next thing i want to cover is the ipn and n stands for neighbor the alternative to this is the arp dash a okay what is arp if you do not know what arp is that is the address resolution protocol this comes from your networking if you are not familiar with networking then you may need to go study up on a little bit of this now arp says what ip address is associated with what mac address and what happens is a broadcast message goes out when we are trying to identify an ip address and a mac address so broadcast goes out and it says who has this ip address and whoever has the ip address will come back and it'll say hey that's me i have that ip address and here is my mac address so now you can associate my mac address with this ip address and it is a way to identify these two items together and link them up so again in this instance we can use the iep command or the old arp command now the ip command is a little bit prettier and a little bit more colorful i think easier to read in my opinion but either will work in this situation another iep command that we're going to want to run and know is the ipr command now r stands for route you could also type in route and you'll get similar feedback here so what we're looking at is what is called a routing table we want to know where our traffic is routing and here you can see on either one of these that we're routing through 192.168.138.0 we have an open gateway we can see the gateway here is 138.2 we can see our mask here and we can find all that information out up here as well so it's important to know the routing and what's going on especially if you are in a network for example where you might have multiple routes say if we come in and we say oh ipa okay we're on the 192 168 138 network but we just try to connect to only the machines on this network we see a slash 24 we think okay well i know a slash 24 has 255 potential iep addresses and i'm going to go ahead and just stick to scanning that subnet and looking for those ips on that subnet well if you looked at the routing table you might actually see that there's a 137 in here or 136 or maybe a 10 dot ip address or something different than what you have here maybe you have the ability to talk to other networks even though you're on this one slash 24 network very important to look at the routing table it's also important because in real life pen tests we have been on a quote unquote segmented network and in reality it really wasn't a segmented network there just wasn't a route to that network so they said that we were isolated and we couldn't access anything and all we had to do was say okay we're gonna go add that network to our routing table and what do you know we were able to scan and connect to the network so being able to know your routing table being able to understand what a route is and how to add routes how to remove routes can become important as well these are things that you should already know from general networking i'm showing you the commands here for basic routing and how to display the routing tables if you need further information on routing tables you should go look that up and research that before continuing on with the ethical hacking course okay last command i want to get through that is the ping command so i'm going to do an ifconfig again and in this instance i'm just going to ping 192. and i believe earlier i saw a dot 2 was my gateway so i'm going to go ahead and just hit enter that should talk back to me and it does now if you are a windows user and you've ever used ping before it will only send four packets out so it'll check four times as you can see here we are getting more than four packets sent we are sending indefinitely and i'm gonna go ahead and just hit control c and stop that we are definitely seeing that we're getting responses back now there is a way to limit the amount that we send and the amount of traffic that we're sending but basically what we're doing with the ping command is we're saying hey are you there are you alive can you respond to me and let me know you're there so i asked the machine at this ip address to respond and tell me yes i am here now this is called icmp traffic not all machines permit icmp traffic just because we ping a machine and it does not respond does not mean that it's not online okay there are machines that have icmp disabled and will not respond to ping requests but ping is a quick way to see if a machine is online and typically by default ping or icmp is enabled on most machines just as a further example we can ping a machine that we do not believe to be alive so i'm gonna change this to a three i don't think there's a three on my network and you're gonna see it's gonna try to send data and it's just gonna get stuck here and say host unreachable now again that could potentially mean that that host is not there or it could potentially mean that the host has icmp disabled but we're going to be using ping sweeping to identify a host in our network and we'll do that here in just a couple of videos but i wanted you to get familiar with the ping command if you weren't familiar already now there are some commands in this video that we did not talk about for example the netstat command now the netstat command is used to identify what open ports and services are there we'll take a look at that more later on but just know that that command exists and that we're going to do due diligence on a command later so any of you that are watching that have networking background or like hey you didn't show netstat that's so important you're correct it's coming later on in the course so that's it for this video we're going to go ahead and move on to the next one let's now talk about viewing creating and editing files and we've done a little bit of this in the course already you've seen me do something like echo hello and remember that prints out to the screen and we could just echo that again like a hello and put that into a file and you've seen me do that we'll just call this one hey.txt and if we ls we should see hey.txt right here if we do a cat a dot txt we should print out to the screen hello all these should be pretty familiar to you so let's build upon this let's talk about how we can append to this and overwrite these files in different ways that we can actually create and edit files i'm going to clear the screen here now what if i wanted to add to this file and i'm just tabbing up by the way what if i want to say hello again so i want to say echo hello again into this hey.txt file that already exists what do we think is going to happen here so i'm going to go ahead and hit enter and then i'm going to cat out the hey.txt well now it says hello again it used to say hello well that is because when we use one greater than symbol like this what's going to happen is that overwrites the file so if we tab up and if we go over and we just write a again again just for fun and let's add a second one of these so now there should be two of these greater than symbols we hit enter we cat out a dot txt and now you can see it says hello again and hello again again why do we care why are we doing this well when we are using scripting for example and we want to loop through a bunch of information and we want to add that information to a file we might use something like this where if we're gathering say ip addresses this is foreshadowing by the way say we're gathering ip addresses and we are wanting to put them all in a file we're going to need to use something like a double greater than in order to not overwrite the file with one ip address we want to list all the ip addresses in the file so you're going to see that when we get into the bash scripting of this section let's clear our screen another way that we can make a new file is just to say touch new file.txt and if we ls you can see that new file.txt is here we can cat out new file.txt [Music] and nothing is going to be in there because we didn't tell it to do anything we just said touch which creates a file so we can use a different type of editor to try and edit this and save the file now there are a few editors that we can use within our terminal so we can use something called nano which is my personal favorite you may hear other people talk about vi and vim you may hear lots of jokes about quitting them and how it's impossible to quit them and for that reason honestly because of the complications and because i like simplicity i just use nano so we can nano new file and in here you can type whatever you want i'm going to literally say i can type whatever i want in here and now i'm going to hit ctrl x and throughout this course you're going to actually see me use nano quite a bit and we're going to use it for updating files and shell code and it's beneficial if we log into a machine remotely for example and we won't have the ability to have a graphical user interface type notepad which i'm going to show you here in a second we might not have the luxury of having something like that we might have to use nano or vim or an in terminal text editor so we're going to go ahead and hit ctrl x here i'm going to hit y which is going to say yes i want to save this file and then i'm going to hit enter and now if i cut out new file.txt you can see it says i can type whatever i want in here lastly we're going to look at a graphical notepad so we're going to use mousepad we can type in mousepad and we can just say new file.txt just like we created and hidden here you can see that it says i can type whatever i want in here and that's true i can also modify it's just like a notepad if you had on windows machine or if you've used leaf pad or any sort of notepad type material this one's just called mousepad so we can control s and save and then just exit out if we cat out our new file again you can see i can also modify now throughout this course you might see me use a tool called g edit it is not installed on this machine yet though we are making updates to the course we will be using g edit anytime you see me use g edit feel free to use mousepad instead of g edit it's become deprecated offensive security got rid of it in kali linux and now if you go hit g edit it'll say it's not found but you can install it we're not going to do that right now but when we install tools in a upcoming video you will be able to install that with one of the tools that we're running so anyway just note that we're gonna be using mousepad instead of g edit because it's the new and latest and greatest one last thing with nano or any of these tools you can make a brand new file so you can say like brand new file.txt and then you can type whatever in here and control x hit y hit enter and then you can cat out brand new file and guess what it's there so the file doesn't have to be existing to use nano or existing to use mousepad you can create new files with these commands as well so that is it for this video i'm going to go ahead and catch you in the next one another topic we need to talk about is starting and stopping services we may have a service like a web server or ssh or maybe sql or some sort of database that we need to start while we're already running cali or we might want to start a service on boot every single time that our computer loads if you've ever used windows this is similar to installing a program and then having that boot up on launch it's kind of the same thing here if we're installing something we want that service to start on launch we have to tell our machine to do that so we're going to look at how to start a service and how to have a service start on launch so the first service that we're going to look at is the apache service and this is what i used to use when i first started out as an ethical hacker and the reason is is that we can spin up our own web server fairly easily and host malicious data or files or things that we might want to access or might want somebody else to access so before we run that command i do want to do a proof of concept so let's do an ifconfig and we're going to grab our ip address here i'm going to copy this and then i want to open up firefox from within firefox i'm going to go ahead and try to navigate to that ip address and you're going to see that it says it's unable to connect this is exactly what we expected so now what we're going to do is we're going to come in here and we're going to say sudo service apache to start we hit enter it's going to ask for our sudo password then we have no confirmation of anything so let's go ahead and come in back into the browser and we're going to refresh and take away the https and now you can see that this is here on port 80. so we are actually on http not https and we have an apache server running now now let's say we wanted to stop this service we could we can go in here and say sudo service apache to stop and before we do that i want to show you something so if we come back into the apache 2 i'm going to make this a little bit bigger you can see that our files are located in the var www.html folder and what that is if we come to our home folder here and we just go to file system we scroll down and go to var and then we go to www html all i'm doing is going to the same location here why i'm doing this is this is where if i wanted to host like a picture or a file or malware i could put that in here this index.html is the same index page that's loaded here like if i open that that's literally the same page that's being hosted you're seeing it here from a file format but now if i go back you can see i'm hosting it at this ip address so if i wanted to host something malicious i could do that now in order to stop the service all we have to do is say stop hit enter then we come back and we refresh this page you can see that we're now again unable to connect now i did mention the beginning of this video that this was my favorite way to host malicious stuff or just host files for whatever purpose now that has changed i now use python to do this so we can create a file let's go ahead and just say echo hello and we're going to do [Music] hello.txt so if we ls we can see that we've got a bunch of stuff in here hello.txt being one of them so what i'm going to do is i'm going to spin up a web server on the fly with python so i'm going to say python 3 dash m http.server and then i'm going to give it port 80. now what we're saying is we want to run the module http server and we're going to run port 80 here you can put whatever port you want and you can see now it says hey it's hosting up http on port 80 and what's going to happen is any file within the directory that i'm in is going to now be hosted so you can see that i'm hosting all this stuff here pretty awesome it's a quick way to host up a web server without having to start and stop services and you can on the fly from within a folder just start a web server so i think this is the cooler and better way to do it so i wanted to show you how to start a service but also that python has some robust capabilities as well if you follow into the python section we'll cover how to run an ftp server as well which is also fun stuff so i'm going to hit control c which is going to again shut down the server if i come here refresh you'll see that it's now shut down and we can go ahead and talk about one more thing before we go so let's say that we wanted a service to start when we started our machine well for that we're going to use the system ctl command system ctl and we can say enable if we wanted to for example enable ssh we can come in here and just enable ssh and we just hit enter on this and now you can see that it's enabled so when we restart the computer ssh will always be enabled for us now i'm going to disable that this isn't like security best practice and now you can see that we have disabled it and we're good to go so if you ever have a service that you want to run you just need to figure out the name of the service and enable that and there may be times that you want things to run like historically i have ran ssh with it enabled or i used to run the apache 2 server so i didn't have to spin it up every time i just had a place to go immediately host that but your mileage may vary depending on what it is you want to run but knowing these commands is important in case you need to start or stop a service maybe restart a service same thing with enabling a service at boot up or disabling a service at boot up so that's it for this video i'll go ahead and see you over in the next one now let's talk about installing and updating tools so the first thing that we're going to do from our command line is we're going to look at how we would update our current machine so just like other operating systems linux machines require updates as well and patching can be best practice so in order to update and upgrade our machine we're going to use the sudo command and we're going to say apt apt and then we're going to say update and upgrade just like that so make sure you use two ampersand symbols here we're going to do two commands we're going to say first i want you to update second i want you to upgrade well why are we doing this why are we running two commands in the first place well what we do when we actually install items on our cali machine we are going out to what are called repositories and we're looking through packages and the update command is going out to the known repositories and it is updating those repositories and then it's going to look at those repositories and say okay what needs upgraded here so what tools have upgrades or updates available for them that we need so if we run this command you're going to see that it's going to go through these repositories you can see it going through these cali rolling and release amd 64 packages and contents etc etc it'll take some time as it goes through and it updates these repositories it's going to find what programs we need and it'll provide it in a list now what you can see is it's asking us are you rude so this is a lesson here sometimes we have to be the root user we can't be just a pseudo user to run commands so what we're going to do in this instance is we're going to sudo switch user into root now we're root and we're going to run that command again we're going to say app update and apt upgrade okay and it's going to run through this and then it should provide us with a list of what we're going to install which if we scroll back up to the top you can see that it says hey these packages were automatically installed and no longer required and it says we can use the app auto remove command to do that it's saying here are the brand new packages that need to be installed and then here are the packages that are going to be upgraded so these are already installed such as like apache 2 has some updates that are required and it's going to go through and install all these now when you scroll down to the bottom it's going to say you need 801 megabytes and yours might be different depending on when you watch this video it's going to say do you want to continue this operation in this instance i'm going to say no and the reason that i'm going to say no is because updating on kali linux can break things you should always have almost two copies of your linux right you should take a backup copy before you ever make an update and there are some limitations on being able to make backups depending on if you're using vmware virtualbox and we're not going to get into that right now we just know that tools can easily get broken by pushing updates and we'll talk about a tool that you can use that is up to date and kind of makes your cali the latest and greatest without breaking anything even the current version of cali right now 2022.2 not all the tools work out of the box as the way that they should we'll talk about that in just a little bit so let's say that you wanted to install a tool and we're just gonna go grab one as an example so let's say that there was a tool you wanted to install like this kron daemon common i'm just going to copy that you could come in here and you could say apt install ron damon common like this hit enter and it's going to say oh you want to install this just hit yes and it will install and it will also upgrade this cron package here i'm not going to do that but just know that you can also install applications as a one-time thing if they're a part of the repository that you have we're not going to get into updating repositories and adding manual repositories we don't need to know that at this point in our linux careers we just need to understand that we're going out to repository and we can download those items or packages based on what is in the repository so updating the repository is always good and then we check for upgrades available to our packages in this instance we're not going to do any updating or upgrading but there may be a time where we need to install a specific tool or we go out to the web and we have to grab a tool and it says hey run this app install command this is what it's going to be doing this is how we would install something if we need to now the next thing that we're going to look at is we're going to look at the get command and git is a tool that runs with github i'm going to open up a new firefox and i'm going to make this a little bit bigger we're going to go to github actually let's just go to google we're going to go to google and a lot of times in our ethical hacking careers we're going to be searching for tools we're going to come out here and we're going to say oh i really want to find a tool maybe that does brute force office 365 and then i might say something like github and you can see it's already starting to fill out and we might go find something like okay there's this daft hack tool we might click on that and we come in here and it might tell you how to install this well this is powershell so that's not a great example we might come into here and we might say okay here's one how to install so you go through and it'll say here's the usage on how to use this and sometimes we'll give you installation instructions but a lot of times all you will need to do is you'll need to come in here and just download the code to install the file so i'm going to show you a tool that we're going to install and run we go to google and we search for pimp my cali just like that you're going to see that we can click in here and this tool is available to us to download now one way to look at a tool and see if it has any relevancy on github is to look up at the number of stars that it has and the forks that it has anything with like 700 stars like this is pretty reputable and you also should look at when it was last updated you could see that this was last updated last month now full disclosure dewalt actually works for tcm security and is a fantastic person if you never got to interact with dewalt he is somebody that is awesome and a great resource he built this out because there were so many issues with kali linux and the tools that were coming freshly installed like in 2022.2 don't always work in the way that we intend them to work so a lot of tools are broken some things need downgraded and there's a lot of options in here that can tell you hey here's what we can fix like we can fix different missing issues that are going on or we can fix go laying or fix impact it and you don't have to worry about what any of that means right now until we get into pen testing but this is something that we actually do install and run when we build out our lab machines or we build out our machines for even hacking on clients this is such a well-done tool and he tells you in here how to install it he says hey get clone right here off of this address we can also come up here we can go to the code and we can just copy we say copy pimp my cali right here and then we'll come in and we can just say get clone actually let's switch user i'm sorry let's sudo or let's switch user back to ali and we'll enter here and then what i like to do when i install tools is i like to install them into the op folder the opt folder so from here we're going to run git clone paste that actually we're going to run sudo get clone i apologize and then enter your password and now if we look in here we should have pimp my cali which we do so if we cd2 pimp my cali and now we ls we can see that we have the pimpmycali.sh script if you come back into the website it will tell you how to run and operate this any decent github will say hey here's how you run this script so it says hey you just run sudo at mykali this is for a new cali vm you just need to run menu option and we're going to copy this and paste it and then we're gonna run it so now this tells you what do you want to do well here's all the different options n is a new vm setup run this option as your first time running pimp my cali okay so that's going to fix all the things for you i'm going to go ahead and hit n and let this run it's going to go out and fetch some stuff from repositories and it's running apt update and now it's going to install certain tools and packages and uninstall certain tools and packages and uninstall certain tools and packages as you can see it's rolling through here so go ahead and let this run i'm going to pause the video here for a second and then meet me back when you're at the next screen where you can actually enter in any sort of command okay so it's been about five minutes and we get to this page here and you can see that it's asking us if we want to run root login installation it explains that in cali 2019 point x the default user used to be root which we talked about early on in this course and now that they've switched it to cali which is what we've been using now do we want to re-enable the ability to log in as root in cali in this instance i'm going to choose yes however you need to make sure that you are comfortable and capable of running as root in linux if you do not feel comfortable stick with running as cali you're going to see me throughout the course as we get into the ethical hacking section running as root just know that there may be times where you might need to use sudo or you may need to switch user into root as you saw me do with upgrading packages just a few minutes ago that may be required so if you're understanding of that you can hit no on this screen and that's perfectly okay security best practice suggest to hit no i'm going to hit yes because i feel comfortable running as root i'm the only user on this machine and i don't have any accountability or repudiation to worry about i'm going to give a new password for this and i'm going to enter it again and now it's going to ask if we want to copy everything over from our cali folder into our root folder i'm going to say no and now it's going to continue on installing so we're going to let this run again go ahead and pause the video if you need to and then we'll meet you back when this is all said and done okay and when everything is said and done which it took about 10 minutes to get through all that you should get to this all done happy hacking screen right here and everything should be installed for you if you chose to go the root route that's a weird thing to say if you chose to go the root route you can log out and log back in as root and begin using linux as root otherwise you can continue on with this lesson using cali as your main user we're gonna go ahead and move on to the next video last video in the section and this is going to be one of my favorites so what we're going to be talking about is scripting with bash i'm going to show you some cool tricks that we can do to kind of narrow down some of the results that we get and then i'm going to show you how you can automate some of that process and we'll take that and even write out some for loops and one line loops which this might not make any sense right now and that's absolutely okay but by the time the video is done hopefully it does so the first thing i want to show you is i want to show you how we're going to write a ping sweep so we're going to write a ping sleeper basically we're going to go out and say i want to ping a device if that device is alive go ahead and show me that result and we're going to sweep an entire network so what we're going to do first is we're going to identify a device that's alive so we can test this out and then build upon that so you can go ahead and type in ifconfig and then just hit enter now my ethernet here is on a natted network so i'm running through a different uh ip address subnet here so this one is 192 168 57 150. my actual ip address is on a dot 4 dot x here so i'm going to for this example i'm going to be pinging 192.168.4.29 however and you can see here's the ping that we're getting back however if you are unsure of a ip address in your house that is active or your subnet in your house that's okay you can just run 57.1 for this example you might not get a lot of return results however you might only get one or two when we do this sweep so i advise you to figure out what your ip address is that's a good challenge anyway and if you are familiar with networking which you should be at this point then you should be able to determine the ip address of your home network but if you do not do that then you can use 57.1 or whatever your ip address is here on this third octet so that will also work if you see that all right so i'm going to clear this now what are we noticing when we're pinging we're pinging this address and we're getting some data back now if we ping an active address you can see that we get okay 64 bytes from 192.1684.29 it's saying it's active we're getting details back if we were to ping something let me do like 41 where we just don't get any data back okay and let's try this one more time let's try this a different way let's do like a count of one dash c of one will do a count of one it's going to try to send one packet over and see if it works nothing's happening right it's trying to transmit that packet you could see that it's getting zero received here where here is getting four received no data is coming back it's just not doing anything for us so the thing that we can identify here is what's the big difference if we look at line one and two versus line one and two what are we seeing when we get data back well the big difference here is we're well two of them i guess we see that we get this response right that's big difference and then down here it'll say hey we receive some packets if it's not zero now the easy way to do this is to look at a line that says hey we received data which is this line here okay now what i want to do is i want to narrow this down just a little bit what we're going to say is we're just going to do a ping of one time so i'm going to clear this i'm going to bring it back to this like this i'm going to do a count of 1 and that should just ping once and that's perfect we don't need to ping endlessly we just want to make sure we can ping once and then we're done okay and then from here i'm going to put this into a text file i'm just going to call this ip.txt just like that so when i cut out ip.txt now you can see that i have this file it's stored i don't have to run the command again we're good to go so what we're going to do now is we can take this and then we can start gathering data based off of what we see here so what i want to do is i want to just extract this one line here the 64 bytes from 192 168 4.29 and the best way to do that is with a command called grep so grep is going to look for a specific term or phrase and we can do that and it's going to pull down any line that has that term or phrase so if i say grep here and then i just put in quotation 64 bytes like this now when i cut out this all i'm pulling down is this line and it's even highlighting it for us it's saying here's the line that we see 64 bytes from 192.168. okay so we've extracted just the one line and why am i extracting this line well if we're building out a ping sweeper what i want to do is i want to sweep every single ip within a specific subnet so say this dot 4 right i want to ping 4.1.2.3 all the way through 254 255. i want to see if i can get through all the ip addresses in a subnet so what we're going to do is we're going to ping every single one of them and say hey are you up are you there and we're gonna do it with the count of one and we're gonna say are you there okay and if they're there they're gonna say yeah i'm here 64 bytes here's my response and it's going to say 64 bytes from this ip address so we want to extract the ip addresses to say yeah we're alive that's basically our goal here so when we run this on a bigger scale which is what we're going to do we're going to need to grep out this information and extract this information to where we only just get the ip address back okay so what we're going to do now is we're going to start narrowing down and grabbing this ip address and then i'm going to show you how we're going to take this all in one instance and run it and then extract ip addresses so from here what i want to do is i want to do another command so every time we pipe we're saying hey run this command then with that command run this command then also run this command too so we're going to keep running this command on top of this to narrow things down so here's what we're doing here we're going to run a command called cut and with cut we're going to say i want to cut something out of this we need to provide it what is called a delimiter so we do a dash d like this and the delimiter i'm going to use is a space and then i'm going to say dash f for field and then i'm going to say 4 okay what is this doing well it's saying hey i want to cut this line that you're getting back on a space so the delimiter's a space so here's a space here's a space here's a space and it says i want to count up to four to grab that data so one two three four right here so if we say 4 here like this we hit enter we're grabbing that specific ip address because we're doing it by spaces if we did it on 3 what do you think we're going to grab we're going to grab the word from so you can see here it's from so what i want to do is grab the ip so we're going to use this cut just like this use our delimiter and then get to the correct field position that we want to grab the ip address all right so we've got the ip address now there's only one thing wrong here with this ip address is that there is a little colon on the end of it we just want this without a colon at all we want it just like this now there's a couple ways we can do this we could use something called said says a little bit complicated and a little bit advanced i would say for where we're at right now so i'd rather teach you an easier way to do this and that is called translate so with translate all we're going to do is we're going to do one more pipe like this and we're just going to say tr for translate a dash d for a delimiter again and then we're going to say we want to get rid of this and that's it we're just getting rid of this okay so if we run this one more time now you can see that we've successfully extracted this ip address out that's our goal that's all we wanted to do now how can we apply this to something bigger how can we make this part of a bigger script that is the question and we're going to do that so what i want you to do is i just want you to copy this okay copy this entire line and we're going to go into a mouse pad so let's copy this selection and i'm going to clear my screen i'm just going to say mousepad and we're going to call this ipsweep.sh okay so this is going to be a bash script and i'm going to make this bigger and the first thing we're going to do with our bash script is we have to declare that it's a bash script we're going to say bang right here or shebang is what we'd call this forward slash bin forward slash bash this allows the machine to know when we run this this allows bash to know hey we're calling this here's the location of bash this is what we're running with the script you're also going to see this when we we use python as well you'll see the the declaration here at the top or when we're calling this out so i'm going to go ahead and ctrl s and save this that'll add some nice color to this so when we're coding this out we get to see in color i like that a lot i'm going to actually make this a little bit smaller and then make this like this here so we can get the whole picture okay so what i want to do is i want to paste in what we just wrote so i'm just going to control v here and paste that in so we don't need to do a cat of an ip address here in this instance instead we're going to change this back we're going to paint remember we want to ping every device in the network so we want to ping say if we're pinging 192 168 4 dot x okay we want to ping that and we can leave this like this for now don't worry about changing anything here this is just going to be a placeholder we're going to do a little bit of extra syntax here to make this work so we're going to write what is called a for loop so we're going to say 4 and i'll explain what this does here in a second you're also going to see this again when we get into python and coding and so you'll be able to understand more and more about loops and what for loops are while loops et cetera they're very very useful and very common in coding and scripting so i'm going to say 4 ip in and then i'm going to say sequence 1 through 254 now very important this character here is not an apostrophe okay this is not an apostrophe this is the little line i don't know what it's called it's above the atilda next to your escape button on your keyboard so it's this right here okay it's like a backwards apostrophe almost i'm sure there's a term for it i just don't know it so you come in here and you say okay four ip address in sequence one through two fifty four and i'm gonna explain what all this does in a second i want you just to type this out for now i want you to say do all right and then i want you to come down here and we're going to say ampersand on this line and we're going to say done i'm going to explain what all this means okay so this is a loop that we've just created what we're saying is for the ip address and we're just declaring this this could be bob if you wanted to we just i'm just making it a name or a term that's easy for us to remember so we're going to say for ip but if you want to call this bob call bob for ip in sequence 1 through 254 so what sequence is doing is it's saying hey i want to count everything from 1 to 254 so 1 2 3 4 5 6 7 8 all the way to 254. this for loop means i'm going to do this every single time so for ip in one for ipn2 for ipn3 we're going to run this command until we're done so until this sequence has run 255 times it's done okay and now we're going to say i want to do a count of dollar sign ip so what we're saying here is for ip in sequence one through 254 go ahead and do a ping dash c for a count of one one nine 1 192.1684 254. and here we're going to say 1.2.3 every time this loops over and over and over it's going to be incrementing that number through this sequence that's all we're doing this is a basic loop okay so we're going to keep going through and through and through now this will work if you plugged in your hard-coded ip address here this will absolutely work now we can improve this just a little bit if we want to so what's going on here is what we're going to say is if we wanted to run this we would just do dot forward slash and then ipsweep okay and this would work that's fine but we can make this a little bit better from a coding perspective we can come in here and we can give this a dollar sign one and that means argument one so what we're saying here is i want to give an argument instead so if you want to be technical this first dot forward slash ipsweep.sh that is argument zero so you can consider this dollar sign zero argument one would be what you type after that so this would be argument one argument two etc so in this case what we could do is we could say i want to run 192.168.4 like this and this will run the dot 1.2.3 after it so you provide the argument it places that here in argument 1 and then it does the rest for you so this way you can specify your network and if you wanted to ping multiple networks you don't have to come back in here and keep changing this it just works so super easy this is a great little script for a slash 24 type subnet okay okay so let's go ahead and try running this really quick i'm going to just control s save this i'm going to close it we're going to do a chmod plus x on ipsweep if it'll allow us to we might have to do a okay let's do ls la real quick make sure it worked it sure did okay so here's what we're going to do we're going to run the ipsweep and we're going to say 192 168 you just put in your ip here i'm going to run that all right and you can see all the devices that are coming back within my network here i'm going to go ahead and hit control c cancel this out and so this is grabbing all the different devices in my network now that's great that works out really well but what we can do is improve this what if i typed in a what if i didn't type anything at all what if i just hit enter here now i'm just getting all kinds of pings unknown and it's going off of some of the stuff i was doing before but it just causes all kinds of issues and errors right so you can see i'm trying to hit control c it's it's taking its time to break um here we get issues because we're not we're just allowing any sort of argument here what we need to do is we need to fix this up just a little bit so what we can say is we can come back in here and just go mousepad um ipsweep.sh and come in here and let's add a little bit extra oh and i also left this in here don't leave this in here that's why that was running twice okay so what we're doing here is we need to add in a statement what we're going to do is we're going to add in a if statement if statements are conditions we're saying hey if this condition is met do something for us if it's not met then go ahead and do something else all right so we're going to say if and we're going to just put in here dollar sign 1 is equal to nothing then we're going to go ahead and just say then echo you forgot an ip address echo syntax something like this we'll just say i p suite and we'll go 192.168.4 like that okay and then if we did do this correctly if we do have an argument inside of argument one then we're gonna say else do all this here and be done and then we're gonna end our if statement with fi now this script or this resemblance of this script is not one of my own by the way this is goes credit to something i've modified over time but the original credit definitely goes to georgia weidman i remember seeing this in her course a long long time ago when i was first getting started and she did a great job of teaching this this is just a modification of this script so i just want to make sure that all credit goes to her but looking at this let's break this down really quick before we run this again we've got an if statement we said if argument 1 doesn't equal anything then you're going to echo back out and say hey you forgot an ip address here's the syntax if it does include something then we're going to go ahead and come in here and say let's run our for statement or for loop and run through it and then we're going to end our if here the only thing that i'm doing uniquely here is i'm including this ampersand which is going to run this command multiple times at once this is a good way to explain it basically we have a couple ways of doing this we could say like this we can put a command here and this will run one at a time it'll say okay four one four two four three this allows multiple instances of this loop to run at once and just speeds things up i can show you the difference between that so i'm going to go ahead and just control s save this i'm going to go ahead and just run this script real quick now let's try running it with without anything here okay now look it says you forgot an ip address so look we did that correctly now let's go ahead and add the 192.168.4 run it and you can see okay it's sweeping but it's taking its sweet time especially for the ip addresses that are going to hang like um like if i don't have a dot 2 or dot 3 it's going to take a while so i'm going to control c and get out of this if it'll let me and it looks like it's actually going to hang so what we can do is we can come back in i'm going to open a new tab real quick just while that's waiting and i'm just going to say mousepad and we're just going to go back into ipsweep.sh it's in this folder there we go okay so from here i'm going to change this back to the ampersand and i'm going to save it i just want you to see the difference really quick and why i run it like this so ip sweep the sh192168.4 you can see it's picking everything up really fast all right what i can do now is i can run this and then store this into like ips.txt something like that just like found ip addresses okay so now if i cat ips dot txt i have all the ip addresses i just found and i found them that fast versus this which may still be going and it is and i can't even kill i'm just going to close this out okay so this is the big difference there with that ampersand and the speed of what it is capable of doing so with all that being said we could take this and do one more thing so i want to show you how we can utilize a one-liner these are called one line statements in um in bash and we can do similar to what we just did and accomplish that in this command line so now we have an ip address we have a list of ip addresses let's say that we want to run nmap now we haven't gotten to map yet you don't need to really know about it just know that it is a tool that allows us to go out and do port scanning okay so typically we would just say something like nmap and we might do something like dash t4 dash a dash p dash like this this is just saying i want to run map scan i want to look at everything and i want to scan all ports this is just an example you can just run map ip address like this and that would be fine too like we could just go 192 168 192.168.4.29 and we'll do a quick map scan okay but what we can't do here is we can't just say hey i want to run well we could we could say i want to run nmap for everything in dot zero slash 24. the issue is it's going to take time looking and finding what i p addresses are valid here if we have a list we can automate this process quite a bit we can just come in here and we can say something a little bit different we can say hey for ip we're using the same kind of syntax in dollar sign and we're going to put parentheses here we're going to say cat and then we're going to say ips.txt and then we're just going to do this we're going to say do nmap dollar sign ip and then again we have the option of doing done or we can do ampersand done just like this okay i'm just going to do done here as an example and just show you so this is really easy we're saying hey for every ip address in this list and all we're doing is we're cutting out this ip list that we just had so it's going to take the first ip then run the maps again and it's going to come back and run the next one so until this list is completely done it's going to keep going through this loop that's all it is a simple loop then we're going to say done it's going to take that ip address it's going to start scanning it it's going to go through and hopefully find information and go in a loop so this is a quick way to automate some of this process i actually do this with a lot of my scripts where i will do some probing see if anything is out there that's alive put it into an ip file and you're going to see this later in the course and then end map scan that so think about this hopefully this gets your wheels spinning on what you can do to really start scripting some of this stuff out and this is going to be the first time you get your hands dirty with scripting we're going to go on again with this and we're going to get more advanced as we go but this should be a good introductory lesson to you on how we can build a simple tool and automate a lot of this process fairly easily with just a little bit of command line syntax so we're gonna go ahead and move on to the next section and i will see you over there and we have reached the end of our video so thank you so much for taking the time to spend the last two hours with me again if you enjoyed the video please do consider subscribing to our channel it's as simple as just hitting the subscribe button and you get access to all of our content and the new content that we're releasing including courses similar to this one and while you're at it please do consider checking out the rest of the videos on our youtube channel we do have a 12 hour ethical hacking course we've got open source intelligence course course on buffer overflows we got a bunch of cool videos on open source intelligence and other things on this channel as well lastly if you enjoyed this course again this is part of a full length course a 25 hour course on ethical hacking this is just scratching the surface on what is to come you can come to the academy.tcm-sec.com and come down and check out the practical ethical hacking course as always i'll put everything down in the description below but we do cover a lot of great stuff and a lot of the information required to get you into the field of ethical hacking so that is it for this video i thank you again for taking the time to sit with me and learn linux with me and hopefully you took some valuable information away from this and i'll see you soon in the ethical hacking field thank you so much

Info

Channel: The Cyber Mentor

Views: 298,653

Rating: undefined out of 5

Keywords:

Id: U1w4T03B30I

Channel Id: undefined

Length: 120min 6sec (7206 seconds)

Published: Thu Jun 23 2022