Linux for Ethical Hackers (Kali Linux Tutorial)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

what is up everybody my name is Heath Adams and I welcome you to this course called Linux for ethical hackers so in this course we're going to be covering a lot of things we're really going to be going and hammering down on the terminal and the command line and if you've never learned Linux before this is a really great start for you especially if you're interested in becoming ethical hacker or a penetration tester so enough of my face let's go ahead and just dive right in alright everyone welcome to this course titled Linux for ethical hackers before we get started I'd like to do a little who am I so my name is Heath Adams I also go by the cyber mentor I am a husband first a hacker a military veteran gamer sports fan and animal dad I am a former accountant turned security geek so I've been in cybersecurity about three years now and before that I was an accountant hated it picked that bad field for all the wrong reasons so once I went into IT and cybersecurity I never looked back and I've never been happier on the day-to-day I am a senior security engineer I'm also a business owner at TCM security so before that I was a senior penetration tester doing penetration testing and ethical hacking I branched out and started my own business focusing on ethical hacking training and student development so now I'm doing that full-time along with a job as a senior security engineer okay so let's go ahead and talk about what we'll learn in this course so this course is going to be all hands-on besides this little introduction here you're not going to see a lot of PowerPoint besides quick overview of what the course or the video that you're about to see has coming so 95% hands-on course I will not kill you with PowerPoint that's not my goal we're going to be focusing on Kali Linux this entire course and really learning Linux and learning Linux for the purpose of becoming ethical hackers so we're going to install VMware which is a virtualized software virtualization software then we're gonna run Kali Linux inside of VMware after that I'm gonna give you a overview of Kali Linux show you some of the common tools what it can do why it's awesome and then we're gonna do a deep dive into the terminal so what that means is we're going to be hands-on doing commands and learning Linux so we'll be running navigating the filesystem so how to get around in the filesystem from the terminal will learn about users and privileges how to add users how to what kind of privileges and permissions are there what important files exist regarding those we're gonna talk about common Network commands so if you want to be a pentester ethical hacker you need to know networking at least had a basic minimum so we'll talk about those common network commands that you should know how to run them what they do we'll talk about viewing creating and editing files that's obviously important if you want to create a quick file or edit a file from the command-line how you can do that we'll talk about starting and stopping services such as a web server SSH sequel database etc we're going to talk about how to install updates how to install tools and how to update those tools and then lastly we're going to put everything we learned together and do some scripting in bash so we're going to write a basic bash script and then we'll improve upon it and then I'll show you some for loops some other logical scripting ideas and then we'll kind of put that together and hopefully come to a nice completion when it's all said and done so with all this being said I am excited to have you in the course with me I look forward to teaching you and let's go ahead and start with installing VMware alright the first thing that we're going to need to do is to install software called VMware Workstation Player now we have two ways to run Kali Linux we can either run Kali Linux through a virtual machine or we can stall it as an operating system on a hard drive for this course and this lesson we're going to be using a virtual machine and preferably we're going to be using VMware Workstation player I'm going to show you how to install VMware Workstation player and I'll show you some of the alternatives to it as well so let's go ahead and dive right in okay so if you go out to the interweb and you go to Google and you type in VMware Workstation player the first thing that will come up for you is this download VMware Workstation player link you're going to go ahead and just click on this and now I also want to introduce alternatives so there is a another software platform called Oracle VirtualBox and you will be able to install either my preference and the course that's going to be taught the rest of the way through is going to be in VMware Workstation pro but we will use player for the install you'll be able to follow along with player you'll also be able to follow along with Oracle VirtualBox if you so choose but we will not be showing that installation another thing that should be noted is there is this comparison page here and I will be using VMware Workstation Pro there's a nice little checklist here that shows what Pro can do versus player it has a lot of the same features here some of the nice things is running multiple VMs at once you can technically do that with VMware Workstation player there's workarounds for it but to have it in a single tabbed interface it's very very nice you see here the drag will tabbed interface that's another feature snapshots so basically making a backup of your machine all included in workstation Pro so if you have some money to shell out and this is something that you are interested in doing long term it may be worth looking into a workstation Pro license but by all means you can get away with a workstation Player installation and that's exactly what we're going to do so let's go back to the first tab here and you can see it says try a VMware Workstation player we're just going to scroll down and this install and everything is going to be running on top of windows for me if you're installing for Linux that's fine as well just follow your instructions for your respective OS go ahead and select download now I'm gonna save the file okay it downloaded I'm gonna hit run it's going to ask if we want to accept the changes yes okay now we're going to hit next we'll accept the license agreement and possibly give away our first board I'm gonna go ahead and check yes for the enhanced keyboard driver we don't need to check for a product update we don't need to join the VMware customer experience improvement we'll hit next on that you can leave both of these checked or check to your preference and then hit install and while this is installing I can actually show you what VMware pro looks like this is a pro instance running here you can see that I have the tabs and there draggable as it was notated in that that differential spreadsheet that you saw and I've got a Kali instance running that's actually my main Kali machine I've got Windows 10 running here and this is all actually sitting on top of a real Windows 10 machine as well so we're just installing workstation Player I'm going to run it a VM inside of the VM so it's gonna be a little bit of VM ception here and then we're just gonna hit finish and then we are going to restart this machine as it needs a reboot real quick okay now we are restarted and we're back to our desktop here you can see that VMware Workstation player has been added to the desktop let's just go ahead and double click that to open it and we're going to choose to use VMware Workstation 15 player for free for non-commercial use if we wanted the Pro Edition we would enter in our access key here or license key and continue on with the Pro Edition and now we will use the finish button here and will be brought to our VMware Workstation 15 player so you can see here that it's a much much different view it's very very basic we have the option to open a VM here and we'll have the one VM stored in this tab that we can open up and that'll be it there are ways around running multiple VMs at the same time but if you're looking to build a fluid lab out and have multiple VMs running similar to what I have here having the VMware Pro again it does have its benefits here so you can see this is a much much different look this is very generic as we we can see here so from here what we're gonna do is we're gonna go ahead and stop in the next video we are going to focus on downloading Kali Linux and we'll talk about what Kali Linux is and some of its features as well so I'll catch you over in the next video all right now let's move on to installing Kali Linux in our VMware software ok so picking up where we left off we had just installed VMware Workstation 15 Player and now we need a VM to actually be able to play with it so this whole course is going to be based on Kali Linux if we open up a internet browser here I've got a few tabs already opened so what I want you to do is go ahead and go out to Google and just type in Kali ka Li Linux download and leave it here what we're gonna do as well is I want to talk just a quick second about what Kali Linux is so Kali Linux is a debian-based Linux OS so it's based on pen testing tools and it's made for pen testers so what it does is it comes pre-loaded with a bunch of penetration testing tools a tool kit if you'll call it and it is just made for people who are looking to do pen testing so this is provided by offensive six if you come to Cali org and you look at the about us it provides a little bit of information about who the core developers were and some of the moderators but basically what it is is it followed up a tool called or a distribution called backtrack so the new the new tool is Kali Linux now there are alternatives out there one of the alternatives right now is called parrot so if you go to parent org and you look into what is parent you can see that they have different distributions and they talk about why parrot is different but they do have a pen test distribution here so for this course we're going to be using Kali Linux but I always do like to introduce the alternatives Kali Linux is probably more popular at this point parrot OS is kind of on the newer side some people are starting to get behind it and liking it but I would say Kali still dominates the third option is that you set up your own distribution so you have an OS that you like and then you install the tools on the OS that you like and you have your own custom build so some people feel like you know Kali or an even parrot they come with a bunch of tools that they'll never need so their system's bloated and they really just have a set amount of tools that they like and if there's a tool that they want to add into the system then they'll download that on their own they don't want to have a ton of bloatware coming with their system but with my experience in the industry mostly everybody that I've worked with is using Kali Linux some people are doing their own builds especially on like the web app pen testing side and then now parrot is kind of that up-and-coming OS that some people are transitioning to but it is predominantly Kali Linux so that is why we're doing this course in Kali Linux and I feel like it's the best option for us to learn some just some basic Linux skills and learn it in the OS that is the most dominant in the industry right now so let's go ahead and go back to that kali linux download while this link has been clicked on do not let it fool you were actually not clicking on the official Kali Linux downloads page we're gonna scroll down a little bit I want to go to the kali linux custom image downloads page and i'll show you why here so this is that offensive - security comm make sure that's the one you're following along with and if you scroll down just a bit you see that they're providing us VMware images in VirtualBox images so remember when I told you that VirtualBox was an option if you chose that option here you go right here you'll click on this tab and you will download the VirtualBox image now what we're gonna be doing is we're going to be running Kali Linux VM ware 64-bit and we're going to download the 7-zip right here you also have the option to download a torrent if you'd like the file size is going to be a 2.4 gigs so it might take you a minute depending on your your speed of your internet and they also provide a shot 256 um if you want to check the a file when you download it so I'm gonna go ahead and just hit download on this and I'm gonna save it and I will come back as soon as this file is finished downloading okay so my file has finished downloading I'm going to navigate to the folder where it has downloaded to which is the Downloads folder and you can see here that is a 7-zip file so my installation by default does not have 7-zip if you do not have 7-zip either we can go ahead and download that together so if you go out to Google and you just type in 7-zip the first thing that comes up is seven - zip org you'll see a download tab here just go ahead and click on that link and go ahead and download the executable for your respective operating system so for me I'm gonna be downloading the 64-bit Windows version here and I'm going to save I'm gonna hit run say yes I'm going to go ahead and install to the default directory okay now that's installed let's go back to our folder and let's select that we open with 7-zip here okay now you can drag and drop we can so all I'm doing is dragging and dropping I'm putting it in the Downloads folder you don't have to do that you can drag it and put it in a location that you would prefer this is going to extract I believe at a larger file size than just the 2.5 gigs that we downloaded or 2.4 gig so make sure that you have file space where you're gonna put this so I'm gonna go ahead and let this finish and then I will be right back ok so I successfully unzip this file and just for the record if we hover over it you can see that it actually extracted to be 10 point 4 gigabytes so let's make sure that wherever you extract it to you have the 10 point 4 gigabytes in order to successfully complete the extraction so from here let's go ahead and open up our vmware player and we're going to go to player up in the left hand corner we're gonna select file and then we're going to select open and then we're going to go to downloads and we're gonna go into our kali linux folder here and or wherever you put it if you didn't put it in the downloads folder and then just select the one item that should be here it's a little 4 kilobyte file and what this does for us is it automatically has a build that's just ready to go so this is really awesome we don't have to download the image itself and then install it and then pick all the features no this is just ready to go for us so we can also come down here and select edit virtual machine settings and there are a couple features here so depending on the amount of memory that you have on your machine so right now this is sitting at two gigs of ram that's fine if you want it to run faster i recommend going somewhere between 4 and 8 obviously the more ram you give it the the better it's gonna perform but if you're running on a gigs of ram for your machine really not going to do well for you my recommendation is no more than a fourth so if you're running on six and maybe give this for you could really try pushing it up to eight but I am running on 32 right now so I could crank this up to eight by my role here but just for working with you and following along I'm gonna set this to two and then we're going to perform in two that way that we are working at the same speeds across the board another thing that we need to note is the network adapter by default it's set to NAT we're gonna go ahead and just leave it at NAT here yours may come set to bridge if for some reason it's set to bridge you can try that but my default preference is NAT so let's go ahead and just hit OK okay and now we're just gonna hit play virtual machine and a little side note I am actually now on my OS I'm running on my my Windows OS as opposed to just running inside the VM if I was running a VM inside of the VM I would have a lot of issues degradation etc so now I've actually moved out of the VM and have this running and player on my Windows OS okay and then when we get this pop up here go ahead and just say I copied it and this will start the machine and you can see the other vmware player back here it's going to go ahead and directly just start loading up here and we get to this screen so we click in and if we try to just enter in our username password our username by default is going to be root our password is going to be root backwards so t0 R and then hit enter now we can make this full screen over here by clicking this button and we'll enter into full screen mode we are now successfully logged into our Kali Linux machine we've installed it successfully and now we are ready to start learning so that's it for this video in the next video what we're going to be doing is we're going to cover some of the tools and features of Kali Linux and we'll start talking about what it's capable of and then we'll dive right into the terminal after that and start learning some so command line and some useful tools with Linux so I will catch you guys in the next video all right now let's take a look around kali linux and just see what it has to offer us in terms of tools design etc so let's dive right in ok so we're at our desktop here inside of kali linux now you see the kali linux logo you see there's a couple of things on the desktop you don't have to worry about these these are just from vmware themselves put on your desktop if you install this as an actual OS this will not be here so when we talk about navigating around kali linux there's a couple of places that we can look if we look right away you can see on the left hand side over here we've got a favorites bar so we've got our folders so if we click on the folders or our files we can navigate around this feels like any other machine right we have our documents downloads music pictures if you're a Windows user or Mac user whatever this feels pretty common so this is a GUI or a graphical user interface way of interacting with the folders as you move on and we move on in this course we're going to be living in the terminal so the terminal is right here if you click on the terminal this is something similar to your command line so from here we can actually navigate to all these folders here and we can put files in there take files out anything that we can do in a graphic point of view we can also do from this command line point of view as well so as we learn we're gonna get a little less relying on the graphical interface and more on the terminal side of things however do know that there are ways to do a lot of things from a graphical side if you still need that that interaction with the machine and you don't want to be completely keyboard oriented there are also tools on the side over here if we look we've got a leaf pad so leaf pad is just like a notepad right or you know just your notebook here you can take some quick notes save it out should be pretty familiar for you as well so they've got Firefox it used to be called iceweasel and that's just your web browser down here are some of the tools that you may use now burp suite is a very popular tool for web application penetration testing we're not gonna be getting into any of these tools at the moment but I will cover what a couple of them do so again burp Suites a web application penetration testing tool if you ever get into web app or if you even get into some basic pen testing chances are you're gonna start using burp suite on a pretty regular basis over here is Zen map now this is the graphical version of a tool called nmap and you will be using an map pretty religiously when you're doing pen testing so if you like a visual view of doing scanning so nmap is a network mapper it allows you to scan machines for open ports and for vulnerabilities so if you want that in a more of a visual type of view a graphical interface type view then you have Zen map as a feature this little guy down here is Metasploit now Metasploit is a tool that can be taught all these are tools that can be taught in deep deep lessons all by themselves not to make that intimidating for you at all just know that that's how robust this is we're looking at three tools right here and they're all very very powerful and this isn't even the half of it or the quarter of what kali linux has to offer so Metasploit you may have heard of it if you've heard of anything in pen testing it is a framework that does just a little bit of everything so a lot of pen testers live and die by this it's a fantastic tool in my opinion and you're going to get very very intimate with it very very quick if you do move into pen testing down here is a tool called cherry tree and that's pretty much where I'm gonna stop we've got multi go in kismet these are just this is wireless base and this one here is is information gallery base but cherry tree is another useful one if we open that up this is actually another note keeping tool like I showed you leafpad leave paths just for quick little one-offs cherry tree is more of note keeping as a whole so you've got nodes that you can add so you can add a node here and just say say you're following along and you want to add notes you can say Linux you know and then you have a node you can add all of your notes in here and then you can actually add children nodes as well so maybe there's a command that you want to add in so say we're covering commands and you want to write all the commands in about Linux down here you could do that as well and then save this out a nice thing too is that you can take screenshots and put them in here and exports really nice and this is gonna be very very useful for anything in your career but when it comes to pen testing there are so many tools so many commands that I think it is incredibly important to be able to take notes and Cherry Tree is built in already personally I use what used to be in Linux which is a tool called I keep note but Cherrytree is a great alternative as well so either of them would work and is highly recommended by me that you use some sort of note keeping tool as you go through your courses and get better as a pen tester so I'm going to close out of this here and I want to show you a couple more things you have a feature here where you can show all of your applications so if you click on that it'll bring up all the applications including the ones that are grouped down here another way to do this is if we come up into applications at the top you can see that everything is grouped really nice for you so it goes through the steps of penetration testing and let's say that like hey I'm gathering information on a client ok well here are some of the built-in tools for information gathering right here say you want to do a wireless assessment and do you want to do that those sorts of attacks you've got all these wireless tools built in for you right here now chances are you're gonna be running these tools from the command-line so again you know you don't want to get too hung up on the graphical side of things as you may not always have access to that either but it's important to know what tools that you have in front of you and there are even tools like Wireshark in here so very very useful pretty much a little bit of everything that you can imagine so just you know take some time and go through the tools and if you're becoming a pen tester you're working on it you know just just you know look at a tool and do some research on it say you want to know what this Mac changer is it might be obvious it might not be obvious right so maybe you go google what Mac changer does how to use it what the syntax is and then you play around with that take a new tool every day figure out something that you can do with it how to use it what it does but so Kali Linux is a distribution full of useful tools and it it you know for a base OS it's fantastic and this is why so many people in the industry just download this install it and they're ready to go you know we talked about in a previous video how there are other OS Azure there are people out there that like to just do their their base install and you can see that there's bloat layer here if you want to call it that right like there's forensic tools and maybe you'll never do any forensics in your life and you don't need all this installed in your system so if you're a type of person that is you know it doesn't want this extra stuff this extra software on your system okay then maybe you do start moving towards that custom build eventually in your career you say hey I want I want to learn all these things first and then once I learned what tools I really like then maybe you moved to your own distribution that you create yourself and you spin that up every time instead of having all these tools built in but as a base OS as something that you can learn from and start with this is why I've chosen Kali and this is why we're gonna learn it today so let's go ahead from here what we're gonna do is we're gonna dive right into the terminal so let's just open this terminal and then we're gonna fullscreen it and move on to the next video so from here on out what we're gonna be doing is we're gonna be living in this terminal I'm going to back away from the graphical side of things and really just get your hands dirty in the terminal make you feel comfortable if you've never used Linux before this is perfect for you so I'm gonna give you the the pentester perspective on why we're doing a lot of these things some of these commands are going to be the same commands regardless if it's on a Kali Linux machine or if it's on another distribution of Linux so you'll be able to take a lot of these commands and just use Linux and another system as well so if you're interested in pen testing if you're interested in Linux this is where we really get into the meat of the course and it should get interesting for you so I will catch you over the next video when we're gonna start talking about how to navigate the file system and get comfortable with that all right on to navigating the file system so first let's talk about some of the commands we're going to learn today so we're gonna learn about PWD which is present working directory we're gonna learn about CD which is how we change directories we're gonna learn about LS which is going to be listing the files in a folder or in a directory and we're also going to talk about how to find some hidden folders with LS we'll talk about how to make a directory and to remove a directory we're going to talk about copying removing moving and locating files we'll talk about something called update DB and how that pertains to locating files we'll talk about the password and how to change our password and we'll talk about an important command called man so by the end of this first lesson you should be pretty comfortable with all of these commands it may seem a little daunting but they all kind of play in with each other again please make sure to take notes you've got cherry tree built in you can also use keep note or even just a notepad in front of you that'll help with the experience and also maybe watching the video more than once will help with the experience as well so let's go ahead and dive right into the command line so now our first lesson in Linux terminology is going to be navigating the filesystem so if you're a Windows user you're used to navigating your filesystem probably through folders through a GUI so a graphical user interface well in Linux we can do that but the majority of time we're going to live in this terminal here so we really need to know how to get around so the first thing we can do here is we can say hey where are we at and that's PWD so that stands for present working directory so you type that in you hit enter and it says okay we're in the root folder so we know that we're in the root folder but how do we get out of the root folder we can use a command called CD and that stands for change directory so if we want to change directory backwards we just type in two dots here and now we can say ok where we are so we're in a slash so we're just in a home folder here or just they are generic slash folder right so what we can do is well how do we know can we go backwards from here let's keep trying so we do PWD again no we can this is our base folder right so you have to think of this as the the lowest you can go so now how do we move around how do we know how to go forwards again well we don't know what's in our directories right so we're sitting in this the slash folder and how do we look around so there's a command called LS that lists everything that's in the folder so if we say LS we kind of see this color-coordinated here and the color coordination it just depends on if it's a folder if the folders read/write you know there's permission settings which we're going to get into later but the majority of these here are folders okay well we know we just came out of route so we can go back into route now how do we do that so we can say change directory route and we can actually hit tab to autocomplete I don't know if you caught that but there's no are any folder besides route so that our I can just hit tab and it should type it out for me oh I lied there is a run in here somewhere but it's hidden we're gonna cover that soon as well so our Oh hit tab autocomplete can change directory into route so let's LS and route and see what's in here okay this is more like our home folder right so we've got desktop documents downloads this is kind of what applies to the root user so what if we're sitting in this root folder here and we wanted to access instead this Etsy folder well could we do the same Etsy command here well I'm hitting tab and nothing's happening well because Etsy doesn't belong in this area right but if we put a forward slash in front of it because this is the base and then we hit Etsy they now we can navigate to the Etsy folder and we can actually double tab and see what's all in the Etsy folder like an LS say no another way to do that is if we wanted to LS what's in the Etsy folder without navigating to it we get this type ls' Etsy and you can see everything that's in here so there's some some tricks that we can do right so we don't have to actually navigate to the folder to know what's in there again if we LS and we want to know what's sitting in videos or even let's say what's sitting in desktop for our folder well if we start typing desktop and hit tab we can't do that either because everything in Linux is case sensitive so if we start typing desktop and then hit tab now we can LS and see what's in there so our vmware came with a couple of shell scripts here that are automatically placed on our desktop if we wanted to confirm that you can see that they're both right here so as of right now we are just sitting in our route home folder and we know how to navigate around so if we wanted to go to desktop we could we could hit LS now and see what's in there if we wanted to go backwards we could okay now we're back in our our root folder and you can also tell where you're at your present working directory sits right here right so this little a tilde is actually your home folder and you can see that we're in desktop so if we wanted to go back into our desktop instead of typing say you wanted to go to music from your desktop instead of going route music which will work you could also just say I want to go music and that'll put you there as well and notice you don't need the leading forward slash when you use the ax tilde so just some couple interesting trick so that you'll kind of pick up along the way tab is definitely gonna be your best friend if you run into something with multiple options say you're trying to CD and you say I want to go my desktop and you're tabbing it's not working you can hit double tab and then it'll show you okay well there's desktop documents downloads those are your three options that start with a D so now you kind of have an idea as to how to kind of move around but let's do a little bit more so what if we want to make our own folder well there's something called make directory mkdir so if we say make directory and we'll say I'm just gonna use my name Heat it's now hopefully LS we can see that this heat folder is now here we can go into the heat folder and there should be nothing in it right so we can go back and we can also get rid of the heat folder remove directory Heath if it LS again it's gone so now what else can we do well we can also look for hidden folders so we can say LS and - la and we can look for hidden files and folders here remember the color coordination so this dot cache right that in theory is a hidden folder so if we say CD cache we can go into there we LS and there's actually some some information in there but when you saw it originally you didn't see that we're going to cover more on this I just kind of want to show you that trick as you see over on the left side there's file permissions and properties so be aware that just because it looks like something's not there doesn't mean it's not there it might just actually be hidden similar to Windows where you have hidden files and folders so just a quick trick to show you that so another thing we can do so let's go back and don't worry about what I'm doing here you're going to cover these commands in a little bit I'm just gonna echo hi and we're gonna put that in a test dot text folder so now if we LS you can see that test dot text is here so if we want to actually copy this file we can copy this file to another location so we can say hey I've got this test text but I actually want to move it to downloads and if we go LS to downloads you could see that test SOT X is actually sitting in there and if we wanted to remove it we can just say remove from downloads or test that text actually sorry remove downloads test X we don't have to transition into that directory if we don't want to so another trick say we want to see now that it's gone and we want to LS but we want to keep typing this out if you hit the up arrow now you can just see your old commands so if you keep typing a command over and over you can see what's going on so LS shows that there's nothing in downloads now we were able to successfully remove that file so another thing that we can do is we can actually move so say we wanted to move test text and we wanted to put that into downloads okay now if we LS test text is now gone from this folder because we've moved it we haven't made a copy we've actually physically moved it away so now if we LS actually let's just tab up you can see that test text is now in there and I'm going to remove that here okay and now the last thing I want to show you is the locate feature so if we wanted to locate a file say I wanted to locate Bosch let's see so we're looking for a file and we're gonna get more specific along the way but if you type in locate you can kind of look through a system to see if you can find it now I'm looking for say any type of bin bash or bin our bash that's fine that's really what I wanted but it shows you everything with bash in it now this might not work right away what you might need to do is update the database so you type in update DB it updates everything for you and then you can use locate again so it has to build that database of the information that it's finding in order to locate what you're searching for so make sure that you use update DB sort of frequently okay so two more things I want to show you and then we'll close out this video and move on to the next one so an important thing you want to do with your new account is we're using a default password and that's not very secure so to change a password for our user we can just type in PA sswd and now it's going to ask us for do password so instead of using tor we can use something else I'm going to type in the very secure password as my password for an example here but if you plan on using this machine for future reference you can type in a secure password and kind of keep it so lastly I want to show you is something called man so man pages man pages are your instructions for any command that you're running most commands come with a man page so let's say we want to look at LS we can say man LS and then it's going to give us all this information here about LS so if you see it says LS is list directory contents awesome and then it gives you what options we can do well we can do a - a for all which you saw earlier and you can kind of scroll through here and just see exactly what it has to offer and that's kind of it so when you go through here you can kind of you know if you're struggling to like you know there's a command in there but you're not sure exactly what the command is you can type in man and search it and sometimes you can do LS I don't know if this is going to work but - Josh help and you get some information as well it doesn't provide you the full man pages but it provides you something pretty close so that's kind of just your way around if you ever get stuck something to look for okay so that's it for this lesson next we're gonna move on to users and privileges how to add users and how to how to change some pseudos and some modifications to our file permissions so until next time my name is Heath Adams and I thank you for joining me alright now let's talk about users and their privileges so what are we going to learn in this lesson we'll do a quick user privilege overview from there we're going to talk about the chmod command which is the change mode command that's going to let us change the permissions on a file or directory we're also going to talk about how we're going to add a user with the add user command from there we're going to take a look at a couple of important files one is the Etsy password file and the other is the Etsy shadow file so the Etsy password file is not actually where the passwords are stored on a machine that is the Etsy shadow file which stores the hashes but the Etsy password file does store it where the users what users are on the machine and you can correlate that to the shadow file so we'll talk about those in more detail and their importance to pen testing very very important and then we're going to talk about su which is the switch user command and finally we'll talk about sudo which is a command that allows you to elevate your privileges on a Linux machine so let's go ahead and dive right into our lesson ok so now we're going to cover users and privileges so in the last video we touched a little bit on privileges with our LS la and we touched a little bit on users by changing the password of our root account so now we'll cover a few more commands regarding those so if we look again at LS la you could see all this crazy jumbled wordage over here right so it actually means something so we look at the first line here if we see a dash like this a hyphen that means with the file if we see a de that means it's actually a directory and then you see our W and X so our W and X actually means read/write/execute it's the permission settings that this particular group has now there are three groups here there's the first second and then your third right here right so your first right here is the owner of the file so it looks like the owner of the file has full read/write execution right and then the next set of three here is actually the permissions for the members of the group that owned the file so this is a group ownership as opposed to actual ownership here so for the people that are in the group that has access to this file they can only read and execute they can't write to it now for the last one this is just all their users so any common user here you can actually just read and execute they can't write the document so that comes into play especially when we get into penetration testing because with penetration testing we're looking to have full access right so we're always going to be looking for that folder that has full read/write typically if we look at temp that's our temp folder a lot of times you see the temp folder has full read/write/execute so when we're doing penetration testing we're trying to upload some sort of exploit we might actually upload it into the temp folder because that's where we can execute those those files however we could also be looking for other full read/write/execute files where we need to modify them and give us root access to a system so it's all about insecure configurations and we're going to cover that more once we get into the actual penetration testing part of the course so for the linux essentials part of the course all we need to worry about is these file permissions another important feature of that is if we were to create a script our scripts not gonna be able to run until it has full access so how do we change access here so let's make a file I'm just going to make will just echo another text document right so we'll just say hello and actually I type that in backwards so hello and we'll call it hello text so if we LS here by default we only have read write and then read access for everybody else meaning if we wanted to read it we could say cat which we're going to get into later cat hello Tex it just says hello so what can we do here well we can use something called change mode in changing mode is CH LOD and we have a couple options here so we can do a plus right and we could say well we want read write execute or we just want execute but another way I like doing it is you have a number feature so the one you really need to know is all sevens sevens gives you full rewrite access across the board so if we say chmod 777 hello dot text now we LS la and you notice that hello dot Tex turns green that means it is full rewrite and here you go we've got the dash here saying it's a file and we got read write execute across the board so this is how we change file permissions you don't need to necessarily know about the other numbers in terms of penetration testing it becomes more in terms of configuration and security management of files if you were to get down that path so to stay on the easiest path just remember 777 or + X will work as well so changing the mode is is critical and we're going to cover it time and time again throughout the course once we get a little bit deeper so a couple more things we need to talk about say we wanted to add a new user well there's a feature called add user so we say add user and one or two names is allowed so we need to add user say John ok so it made something for John let's give him a password give them a password again and we'll just hit enter for the defaults it's all correct ok so we now have a user named John and we can confirm that we can actually cat the at the password file here and you see down at the very bottom we have this user John so this Etsy password file you're going to become very familiar with because it shows you all the users now this will there's a lot of times where you're doing penetration testing you're gonna have access to this Etsy passer file because it doesn't provide the password anymore it used to a long time ago passwords are now in the shadow file so you actually have a little bit of access and information disclosure here at the hands of poor configuration so you see that I've created a user John well that gives us a little bit for information say there's SSH on a machine or something else we can use that username of John to try to break into the machine so we'll cover that again later but if we wanted to see what the SC shadow file looks like now we come in here and you've got these these jumbled stuff here right so it's just a hashing format so what we're doing is we can actually use a tool like hash cat to break this down and crack these passwords now a password of password will be very easy but just know that if you have access to the SC shadow file you have a good chance of cracking a password depending on your capabilities and depending on the strength of the password that'll allow you access to a machine so something to think about there ok so now we have our user John let's go ahead and switch to him so we can use something called su which stands for switch user and we'll say switch user John ok so it automatically gave us John here let's see if we could switch back to root ok we can't just switch back to root because we need roots password right so we can type in password and that works but if we didn't know the password then we'd be stuck on John we are able to access John because we were already root so this comes into play in terms of users so let's go back to John here now if your user you have to be able to do certain things you need permission to do certain things should say right so root has full access and permission to do everything but John we just created John John doesn't have any sort of access so if we wanted to if we wanted to change the password say we want to change the password for for rude I can't modify the password information because I don't have that kind of access now there is something called the sudo which would provide John that access if we gave it to him so it's called a pseudo verse file and basically anybody in that sudoers file can change permissions given if they are a pseudo user right so we would type in sudo password root and it's going to ask for the password for John but you're gonna notice hey John's not in the pseudo or is file John can't do this so John has base permissions right and we're gonna counter that a lot of times in penetration testing where if we get in we'll get something called lower privilege and we'll get an account like John and we're gonna try to escalate in the root but we just can't do it you know the chances of doing a doing that and having a John in a pseudo horse file is just not high it's possible but it's not likely so for now just know that if you want a user other than root to have access to file permissions you need to have them in the su doors file that becomes useful too and penetration testing because you can look at the sewers file if you have access to see what users have sudo privileges okay so that is it for this lesson in the next lesson we're going to be covering Network commands and moving on gradually towards scripting so let's go ahead and get there and I will see when we get over there alright so now we're going to be covering common network commands before we dive into the commands we're gonna learn I'm gonna go on a tiny bit of a rant here so if you are not familiar with networking now is the time to become familiar with networking there are two things I think that a person needs before they really can dive into pen testing and that is Linux experience which you are gaining some linux experience now because most pen testing is done Linux and the other thing is to have a good network foundation so if you're looking at these commands here and I say ifconfig which if you're a Windows user and you hear IP config you know what that is okay that's basically the same thing if you know what ping is if you know what ARP is netstat route those should all be pretty familiar where you can guess what those are if you do not know what these commands are you might want to brush up on your networking as well because the better you are and networking the better you're gonna be when it comes to pen testing because you're gonna have to navigate around networks you're gonna have to understand where you are at in a network your going to need it for basic troubleshooting as well so just to understand these commands to be very important but what we're gonna be doing here is we're going to be taking common Network commands that we're gonna be running as a pen tester and we're just gonna apply those to their version in Linux some of these may be familiar to you some may be new to you but we're talking here ifconfig which is just going to show us some information very similar to IP config in Windows where we'll see our ipv4 ipv6 if we have it information our MAC address things along those lines our subnet mask etc the iw config is the wireless adapter version of that ping is a ping command where we talk over ICMP and we try to communicate to another machine to see if it's alive and responding back to us we've got the ARP command which just maps IP addresses to MAC addresses and we've got netstat which is just a command line tool that's going to allow us to display all connections and listening ports and then finally we've got route which displays our routing table so we'll go ahead and take a little bit of a deep dive into those in this next lesson and hopefully this is a refresher for you so again if not then you should be looking into some networking studies as well okay so let's go ahead and dive right in okay so now let's cover network commands so the first command I want to cover is ifconfig so you may be familiar with the Windows version of this which is IP config and they pretty much do the same thing so it shows you here your different interface types and the IP address associated with them so each 0 here Ethernet 0 has an IP address of 192.168.1 32.16 4 you can see the netmask the broadcast address and you can see the MAC address as well and we also have a loopback address here now if your machine has a wireless adapter or at some point you want to do wireless penetration testing you're going to need iw config and you should not expect to see anything on this at the moment unless you're using a laptop then you actually might see a configuration down here for it if you would see something under iw config you would see like a W LAN 1 wlan0 something along those lines ok and another common command that what you're gonna see is gonna be the ping command so we can just type in ping and the address that we're trying to talk to so for example I'm gonna try to ping my home router and I get talking back so if I tried to ping something that wasn't in my network like a 16.1 you're gonna see the results change so with ping here ping is going to be endless until we hit something like control C to stop it it'll ping forever so I'm going to hit control C again and kind of show you the difference so you see that we attempted to ping here and we got replies we got information back well that's good that means we're talking to the other machine it says hey are you there it says yeah I'm there and we try to ping this machine here but this machine's not talking back it could mean that the machine is not on the network or that the machine is just blocking ICMP traffic ICMP is a their word for ping so moving on to the next command I want to show you ARP so the best way I like to type in is ARP with a switch of a and ARP is just going to show you MAC addresses that it talks to and the IP address actually I said that backwards it's going to show you the IP address it talks to and the MAC address associated with it so if an IP address reaches out say 192 168 15.1 talked out to this machine it's gonna say okay hey who are you it's gonna send a broadcast message you're Alex and say who has this IP address and then the IP address will respond it says hey I do and this is my MAC address so ARP is just a way of associating IP addresses with MAC addresses and once you know that you can also look at net stat so net stat - ano is another one of my favorite commands and this shows you just the active connections that are running on your machine so if we scroll way up and you can just kind of see what's open and what's talking here where this really comes in handy on a penetration test is to see if a machine is talking to somebody else same thing with ARP you want to know what that machine is associated with and is it talking to something on a port so this is more just internal right now but it's still good to know so for example if I were to open up a Firefox page and connect out to the Internet then I went and I did a net stat again I would see information about that port being open and and that I am going out with it so just kind of keep that in mind these are not commands that you really need to know in depth right now networking does come into play when you are doing penetration testing but we're gonna cover these commands time and time and again I just wanted to give you a very brief introduction to them okay in the last command that I have for you today is route so if you type in a route that's gonna print your routing table in the routing table is important because it tells you where your traffic exits essentially so for this VM my traffic is exiting on 192 168 1 3 4.0 so any traffic goes out of this 0 to 0 to 0 that's 0 gateway in this range right so when it goes out this gateway it's doing NAT so network address translation and it's running off my computer so the best examples aren't here but it's important to know route as well because there could be a machine that you're attacking that has multiple routes so you might see a 134 and a 1:35 because it has a dual home NIC the meaning it has two NICs inside of it so it's actually talking to a completely different network that you didn't know existed so you might have been attacking one network on the 134 range and then 135 just out there and this computer can talk to both and until that point you had no idea and that's the idea of called pivoting when you switch a network from one to the other but you're using a machine so that's it for this lesson in the next lesson we're gonna talk about viewing creating and editing files okay so viewing creating and editing files this section sounds exactly like what it is we're going to talk about how to view create and edit files mainly we're just going to be showing how to create quick text documents but we'll teach you commands that will allow you to do further in the future as you will see as we get further in the course and get into scripting so let's go ahead and take a look at some of the commands that we're going to be learning so some of the commands that we're gonna learn we're gonna learn the echo command which echoes what we write right back out to the terminal we're going to look at the cat command which is going to print out a document for us it's similar to type in Windows we'll talk about replacing verse appending and which which function does which and how to do it we're going to talk about the touch command which can be used to create a file on the fly we'll talk about Nano which is a text editor that's built into the terminal and then we're going to talk about G at it which is also a text editor but it is a GUI text editor so we do get a little bit of GUI in this lesson so let's go ahead and dive right in okay so this is my second time recording this video the first time I forgot to turn my microphone on and performed for my cat so she approved of it let's see if you approve of it the second time around now that I have a little bit of practice so we're going to be talking today is we're talking about viewing creating and editing files so I've already showed you the echo command if you recall we used echo to create a file right we've created a hello Tex and we can just echo hello out to the terminal we could say echo hello and I'll say hello back so what we can do with echo is we can use it to write to a file so if we were to say echo hey and then we write it - hey dot txt well we can look and see that hey dot txt is here and you can see my files from the previous one so I'm trying to come with more ways of saying hello but we're going to use hey dot text here so if we cat hey dot Tex hey all cat does is print out to the screen what is in a file it says hey okay so let's say we want to append cat or we want to append hey dot txt well we can tab up here what if we just say hey again we've got this greater than symbol here and we're just putting it into the haida text file well that didn't work we didn't append it we actually overrode it so what if what can we use to actually over upend this here what we can do is we could say hey again again right just to give us something different and we can add a second greater than symbol here so now if we cat the file you can see that we actually append it to the end of it so this becomes incredibly useful when we are either adding stuff to a list say we're gathering IP addresses and we just want to combine our lists or when we're creating a series of commands and we're going to use those commands to send all at once we're going to cover that later when we're talking about file transfers in the penetration testing section where we use a set of commands like this on a Windows machine to actually transfer files via FTP it's just so much easier than typing them all in one by one we can create a little document and run the document so this becomes useful when we have a series of commands and for other reasons as well as you'll learn as you go on in your Linux career so we've talked about echo and we've talked about cat so let's talk about some other ways to create a file we can use something called touch and to say new file that tags and if we LS you could see that new file about Texas here but if we cat new file there's nothing in there because we haven't put anything in there yet so there's a few things that we can do we could use echo and append the file right we could also use a tool called Nano now Nano is a terminal text editor there are other terminal text editors like VY and vim I don't prefer those personally I like Nano the most some people have their preferences so I encourage you to play around with any of them as you wish by and them are the other two but for this course we're going to be using Nano so if I say Nano new file text I could type whatever I want in here and we're going to be using Nano a lot to create scripts to create Python scripts and to edit shell code as we get into a little bit of exploit development so I'm gonna hit control X I'm gonna hit Y for saving and then we'll save it to new file dot txt if we cap this now it says hey I could type whatever I want in here so that's one way of editing it another way of editing it is using a graphical interface so we can use G at it and say new file and if you don't like using a terminal you're more than welcome to use G edit here just type in a new line here and save it and I I like using G edit it's a lot cleaner cuz I can you know highlight and delete I don't have to use my keyboard and navigate around like I do in the terminal so if you have the option to use G edit for sure but sometimes you're gonna be on another machine that's not your own or it's headless and doesn't have a GUI that you're gonna have to use now so get comfortable using bolt so we save this let's go ahead and cat it out and see what happens okay you can see that the new line is in there so really that's the overview that I wanted to cover so just know that you can create files pretty much using echo touch I and actually you can create files using nano as well if you say Nano this is new text I'll just say hello control X save it you LS you can see this is new Texas right here so you can use all of these tools in different ways to create files it's completely up to you how you want to do it personally what I'm creating a file I use Nano and I just create a new shell script Python script a text document that way you could also do it using G edit as well so just know that we're going to be using these a lot and try to get comfortable with these and from here we're going to be moving into controlling Kali services so we're just gonna briefly talk about what services you need running on boot and how to do that alright in this video we're going to be talking about starting and stopping kali services let's go ahead and just take a quick look at the commands we're going to so not a lot of commands in this video only two we're going to talk about the service command and the system CTL commands so the service command deals with services it's going to allow us to start and stop services on the fly and the systemctl command is going to allow us to enable or disable services so that they load up on boot or do not load up on boot so let's talk a little bit more about services and look at how these commands can be useful for pen testing all right so let's talk about starting and stopping services so when we're in Cali there are a couple different ways that we can start and stop services and when I talk about a service I'm talking about something like a web server or SSH or maybe a sequel database so when we cover this video today I'm going to show you a few different services and how to start them and stop them I'll show you how to start them permanently on boot and we'll talk about which services are important to keep on boot which services are important to to start when you feel like that just starting them or when you need them etc so let's start with our first service which is going to be Apache - now Apache - is a web server so let's go ahead and do a proof-of-concept first let's start with a command that we learned in an earlier video which is ifconfig I'm gonna grab our ipv4 address right here and I just want to copy this I want to go out to a web browser over here and we're just gonna paste this address now you'll notice that it says it's unable to connect this is expected here we are not running a web server now let's go back in here and let's just say service Apache to start ok looks like it went through let's go ahead and hit enter again and now you can see that Apache to Debbie and default page has been loaded so what has changed well when we boot our machine this apache2 service is not running by default so if we want to run a web page then we actually have to start up the service for it to work as you just saw here now you can see that if we want to add files or replace files here well we're going to have to edit the bar ww HTML folder so if we come out here and we go into other locations computer and then we go into our bar ww HTML you'll see that the index.html page is here so if we actually wanted to maybe host a malicious web page and have it point back to us this is one way we might do it right here if we want to serve up some files say we have something that we want to upload to a machine that might be malicious or you know a file that we want to transfer to somebody else or download on another computer it doesn't have to be malicious we could host that file in this folder here now that is fine this is one way to do it right you could put your files all in one location but you know yeah it's not my favorite way it was my favorite way when I first got started there is a much easier way now and I will show you how to do that so let's go ahead and type LS you'll see we have no documents here so I'm just going to echo hello into hello text and then have that hello text here now what we can actually do is we can spin up a web server so we can just say Python - M for a module and say simple HTTP server you can auto tab it and then say 80 for the port Oh 80 is already in use so let's just give it 80 80 80s and use from the Apache server at the moment so instead let's look at what happens so let's just call it out at 8080 and you can see here that I can go to this hello dot text and actually get the file I have information in real time whether or not that file was captured and overall this just a webserver that's so easy to spin up I can put it in the directory that I wanted to so if I wanted to serve my desktop folder I would navigate to desktop and then spin this this Python module up I don't have to put everything into a var WW folder and it just makes life really really simple so just proof of concept we can do a service Apache to stop and we can come back and make sure that that web server has been stopped by going here and refreshing now you can see that it's gone we can CD into something like downloads we say LS there's nothing in here so we can tab up a couple times and just serve up port 80 now because you can see it's not in use anymore and come back here refresh you can see there's nothing in the directory listing because there's nothing in the folder so this is just an easy way to spin up a web server I think it's much easier than Apache - I'm showing you both because they like to give alternatives but using Python moving forward is a great great feature my challenge to you is to look up how to spin up a FTP server with Python so I won't get redundant here I do have future lessons and other courses that talk about this but if you want to challenge yourself to figure out how to spin up an FTP server that's my challenge to you there's a module out there that you can download quite easily and spin up your own FTP server so let's go ahead and ctrl C we're going to close out of this and now let's talk about spinning up a service permanently so let's say that we just had the Apache tube running and then we rebooted the machine when we reboot our machine Apache 2 is not going to be online because we're only doing a service start it only holds during this session once we reboot that session is gone that service is gone so if we want to keep something online the entire time what we can do is use systemctl so we can say system CTL enable or disable if you want to disable something and for example we could say SSH now I'm not going to hit enter here this is just an example well let's say that we wanted to have an SSH available on our machine so we can SSH into it we are opening up SSH for this feature here ok let's say that we want to have a server and this is one I do want you to hit enter in so this is going to be a database right this is a PostgreSQL so we're going to say systemctl enable PostgreSQL and we have enabled that so now we reboot this PostgreSQL will load every single time now why is this important well this is important because it's going to allow us to run Metasploit and have the PostgreSQL database running when we boot so it doesn't have to take the extra time to load it if we come over here and we just click on the Metasploit framework now PostgreSQL is working and it says database already started so it's already configured it's gonna skip initialization it's going to go ahead and get right into it so it just saves us a little bit of time mat is full you can take some time to to run and I think that if you continue on I know if you continue on with being a pen tester you're definitely going to be using Metasploit quite a bit so this is just one feature that if you're gonna be using it it doesn't hurt to have it enabled on your system boot now if you feel that you want to have Apache to on boot you can go ahead and do the same thing with the system enable systemctl enable but the only one that I recommend putting on is this system CTL PostgreSQL okay so that is it for this video in the next video we're going to be talking about installing how to install things from github and how to install using apt-get so let's go ahead and move right into that video alright welcome to the pen ultimate video we are going to be focusing on installing and updating tools so let's look at our agenda so what are we going to learn we're gonna learn how to install updates for Kali so we're gonna learn how to install updates using a tool called apt-get and we're also going to learn how to install tools using apt-get specifically we're going to be installing a tool today called git we're going to be using git than to clone from a website so sometimes when we have a tool that we want it's not always in apt-get it's not in the repository so we're gonna actually have to use github and maybe use a tool called git to download tools or other items from github but this is just going to be one example but it's a very very common example that you may have to do as a pen tester so let's dive in and take a look at how we can use these commands to install tools and update tools okay so one of the important things you need to know is how to not only install files on your computer but also how to install updates on your computer so for Kali since this is a debian base we're going to use something called apt-get and the first thing I'm going to show you is how to install updates so the common way to do this if you don't use the GUI and you want to use terminal is apt-get update and then we'll do and half get upgrade let's go ahead and just hit enter on this and let's explain what it's doing so the first command here is saying apt-get update so what we're doing is we're looking through packages now these packages are predefined their repositories and what it does is it says ok I'm going to check packages here for updates and it went through looks like they use archived Linux due to ITU they check these packages here and they update the packages and then once they update the packages they run this command so basically the and command is your gonna do something as well right so first we're gonna update and then we're going to upgrade so based on what's in these packages it's gonna say ok well we know the following packages were automatically installed and no longer required so all these things right here they're gonna be removed and then the following packages have been kept back ok they're fine they're not going to uninstall those and then we have the following packages that are gonna be upgraded ok so it's a long list that needs updating and then you come in here and you say ok well it needs 252 megabytes of additional disk space to continue you could hit enter for yes and they'll automatically start upgrading so if you want to update your machine to its newest and best form you can go ahead and do that I'm go ahead and just hit no on this guy okay and now it's also important to know how to install files so I'm going to show you two different ways one way is through apt-get similar to what we just did and the other way is going to be through git itself so let's go ahead and install git we're going to use apt-get to install git so it'll look something like this we'll just say apt-get install git and we'll hit yes on this and another way to do this is to add a dash Y at the end of this so you'd say app - git install git - y and that'll automatically say yes if you just want to accept whatever is coming out for you you go ahead and just hit YES on that and it may take a minute for these to install while this is installing let's go ahead and talk about what get does so git works with github so when we talk about github we're talking about a lot of people update their projects their code their frameworks onto github especially in the penetration testing / hacking community it's often that you're gonna find some cool tools that are out there than are installed on Kali Linux can't be found through apt-get and you have to actually download them from github so it's very important to know how to use git and it's very very simple so we're on a page like this this is Vale framework it's a very popular tool in penetration testing in malware analysis as well so say we wanted to install this well there's a couple things we could do the first thing we could do is always read the directions and see what they recommend there is a quick install here and if you look they have a app install veil here with the - why so that will work or you can use gits install where you have to install get first okay and then we do a git clone and we run the configuration setup so that's what we're gonna do here we're going to install veil just for the fun of it just you can kind of get used to how to use github how to use git and go from there so let's go ahead and just alt-tab back over it looks like we have it we can check it by typing git and hitting tab okay so git is here and we're just going to hit space we know the command is clone and while it provides it for us down here it says hey get cloned copied this the other place you can do it is right here where it says clone or download you just copy this bad boy right here we'll alt tab back over to our terminal and just hit paste okay and this is going to install in the directory that you choose so I just put it in this root folder here and actually our our home folder I should say and it's installed right here the folder is Vale right here typically when I install things I like to put them in the opt folder so here CD opt but since I went ahead and downloaded here let's just go ahead for an example purpose if you do want to install to opt you're more than welcome you can move the folder there as well so what we're going to do is we're gonna see the into Vale and then we'll hit LS now remember there were instructions so let's go ahead and look at what those instructions were these instructions said you're gonna run dot forward slash config setup that Sh force silence let's go ahead and just copy this guy we'll come back in here and we'll hit paste and it's just going to run out of this config folder setup that Sh and now it's installing so we could have easily installed this with app - git which if you look look what it's doing it's actually rolling through the packages here and it's updating the repositories right at these packages and then it's going to go ahead and download what it needs so it's running apt-get anyway if you see updating apt it's installing the dependencies so the easier way the quick way which you suggested was to do it through there and it's right they don't always have the installed packages in apt-get so that's why I wanted to show you the github version of it so you can go ahead and let this install let's just go ahead and recap quickly what we just did so we used we used apt-get update and upgrade to install updates in our system we used git clone to be able to download packages and clone packages off of github and we used apt-get to be able to download git itself so that's really it for this lesson what I do encourage you to do is go through the man pages of git and go through the man pages of apt-get because you're also able to remove programs update specific programs etc so this lesson really just wanted to introduce you to the basics of downloading an updating for your system I encourage you to learn how to remove files as well as a little bit of homework for yourself so thank you for joining me and I will catch you over in the next lesson alright welcome to the last lesson video so in this video we are going to be scripting with bash now this may seem a little overwhelming at first what we're going to be doing is building out a ping sweeper script it's going to be pretty basic and what I want you to do is maybe just watch this video once and then the second time through really try to follow along with it take notes etc I think first time watched through you know just to get the concepts understand what I'm doing and then the second time really really get hands-on with it and I think that'll be probably the best way to learn but if you have a different learning style please do go ahead and try that as well the only thing I could say is don't let this intimidate you hopefully by the time the videos over with you will have a pretty good understanding on a basic scripting and how scripting can really be beneficial and improve our timing improve automation etc so let's go ahead and quickly talk about some of the things are going to learn in this video okay so some of the commands and items are going to learn we're going to talk about grep which is going to allow us to narrow down some results we're also going to talk about cut and TR both of those are also going to help us narrow down some results so basically we're going to start with a ping that we're going to send out and we're going to want to gather information back that says that ping was valid so we want to know any computer that responded to us well how are we going to do that well we need to identify what a valid ping looks like we're going to use grep to to kind of narrow down a string or a sentence or something that identifies with a positive ping and then we're going to cut out everything we don't want and use TR as well to cut some things out that we don't want so we're going to put this into a script when it's all said and done and we're also going to be talking about the usage of for loops and their importance not only with using them in this script but how we can use simple one-liners to do everyday things for us so I'll show you at the end of the video how we're going to use like a end map and use a for loop with n map to run through an end map script so stay tuned through the video again if you are a hands-on learner maybe first time through you you try hands on but my recommendation here is to just sit back watch the video understand what's going on second time really follow along with it take notes and get the most that you can know this lesson so let's go ahead and get started alright so now we're going to be covering bash scripting so the first thing we're going to need to cover before we get into writing our scripts is how to narrow down results and we say narrowing down results what we're saying is for given a block of text and we want to extract some information from that block of text how are we going to do that so that's what we're gonna cover in this lesson okay so let's go ahead and get started what we're going to be doing today is narrowing down a ping result so if we come into here and we need to ping an IP address within our system so I'm going to be pinging 192.168.1.1 you're going to see that it returns a 64 bytes from that address so it looks like we're getting a response I'm going to hit control-c here so if you remember from the networking section we actually get a response unlimited until we cancel it right like we just controlled see here from ping so there's another thing that we can do if we only want to send one packet and see if it's alive or not we can do a dash C of one so we're just going to do that so that's a count of one we're sending one packet over if we set ten it would send ten packets over if that makes sense so now what we're going to do is we're going to put this into a text file so if you remember from previous video we just use this little caret here and I'm going to call this IP dot text okay and if we cat IP dot text you'll see the same results there so now what we're going to want to do is we're going to want to narrow this down what do I want to extract from here well I want to extract this IP address and it'll make more sense when we get into the scripting part but what we're going to do is we're going to get out specifically of this this IP address from this line now what we're interested in actually is a returned IP address that has a valid response right so if I were to tech or if I were to enter in here say 15.99 Dov what it looks like when it doesn't get a response back it just kind of lingers and then we hit ctrl C and it says zero ping statistics right nothing was was received back so what we see when we get a response back as we see 64 bytes when there's no response back we don't have any bytes so if we're doing a sweep through a network which we're going to be doing later we need to be able to narrow down these results so if we're sending say 192.168.1.1 all the way through to 55 and we want to see who responds back and then take that list and narrow it down to the IP addresses which is exactly we're going to be doing we need to know how to narrow that down so what we're going to be narrowing down on specifically is the 64 bytes so let's tab up a couple times to this cat IP address and we're going to do a pipe and the pipe just means we're going to add an additional command here so the additional command we're going to do is called grep grep is going to grab any line with what you specify so let's specify 64 bytes and see what happens see now if you noticed we had all of these lines before and now what grep is doing is grep is taking only the lines that contains 64 bytes so again a valid response so we have 64 bytes here and we have achieved a response so what we're going to do now is we're going to narrow this down some more okay we've got this line here but again we're still trying to extract this IP address so how can we do that well there is a tool called cut so if we tap up again we do another pipe because they're sending a new command we're gonna say cut and cut syntax looks like this and I'll explain it once I type it out here okay so we have cut and then this - D that's a delimiter so the delimiter is what we're going to be cutting on so we're giving a delimiter of a space meaning here's a space here's a space here's a space so we're going to be cutting on these spaces and then we give a field we say okay what field we want to retrieve back from this cut okay we want field four if you look one two three four and the fourth field is our IP address so it's gonna say okay I'm gonna cut on this space I'm gonna cut on this space I'm gonna cut on this space and then I'm going to take it right here now if we identified Phil five we would be taking this if we identified Phil three we'd be taking from so let's go ahead and just hit enter and see what that looks like okay so now we are narrowed down even more but there's an issue here if we were to try to send this IP address we would have this little colon here attached on to it and you can't ping with that IP address so we're going to be doing a sweep or narrowing down this list then we're gonna actually need to remove this guy here so let's take a look at how we do that so if we tab up again and again we're going to add a pipe now we're going to use a command called TR and TR just means translate what we're going to be doing is another delimiter so - D there and we're going to be taking out that colon so it should look something like this if we hit enter now you can see that that colon has been removed okay now let's talk about how we can use this information to write out a script we're going to start with a basic script and we can add upon it as we go so I've gone ahead and written out a script but we're going to talk about it very slowly so you can actually look at it and copy it down so what we're going to do is go ahead and say G edit and I call this IP sweep SH so go ahead and do the same or something similar and hit enter so let's take a look at this script so at the very top here we have to declare what we're doing so we're going to give a hash bang and we do this with any scripting language so if we this or Python we'd be entering Python here but this is bash so we're going to be doing a forward slash bin forward slash bash that declares that we're running a bash script and the dot sh also indicates that were running a bash script so I want you to ignore this line here in this line here for now let's talk about this line this should look very very familiar so what we're doing in this line we are saying we're gonna ping with a count of 1 which we talked about and then we're gonna do something here we've got a dollar sign 1 and a dollar sign IP let's just ignore that for now okay so we're going to go ahead and do the rest that should look familiar we're gonna say we're going to grab 64 by we're going to cut the delimiter of a space feel before and then we're going to do a translate right and take off that little bit at the end okay I added an ampersand here at the end so an ampersand allows us to do threading so that's exactly why it's in there if we didn't we'd have to let the process go one IP at a time and we'll talk about that in a second as well so let's talk about this four line so a four loop is what we're actually running here and the loop is saying I want to do an IP address we're just declaring a variable here you can call it whatever you want we're saying hey for this IP in a sequence of 1 through 254 we're gonna do something and that do is a pain so what this means is for IP and if we think about it in sequence 1 thru 254 what it's saying is 1 2 3 4 all the way up to 254 ok so think about it this way if we say 4 1 in this ping sweep we're gonna do that right so we're gonna say 4 1 4 2 4 3 all the way through 254 that's what this loop is doing so it's a very very simple loop now IP is replaced down here at the very end now we're also calling out this dollar sign 1 now this dollar sign one is user input so we're gonna actually do something this is called IP sweep right so we're gonna have to call out this IP sweep something like this dot SH and then we're gonna have to give out some information it's going to request information if we don't provide it it won't know how to ping so what we're gonna do is we're gonna say the first three octets of our home network so if yours is 192.168.1 like mine is then you just enter 192.168.1 now we could also for simplicity just hard code this so we can say 192.168.1.2 it would be fine we don't have to build this in the only reason we're not hard coding it is because you can do multiple pink sleeves this can be a pink sleep script for you in the future if you're on a different network or you just want to write something out really quick dollar sign one works perfect but if you want to leave it a hard-coded like this it'll also work so let's go ahead and just delete this out I'm going to put this into dollar sign one again to have a proof of concept and then we are going to run this so all we do here at the end is declare done if we didn't run this with an ampersand here we would have to add a semicolon similar to this but because we are having an ampersand we can actually get rid of that and just put that back just for some syntax clarity here okay so let's go ahead and save this and remember for my lesson we're going to have to change the mode of our script because it's not executable by default so we're going to do a plus X here and then we're gonna call out IP sleep Sh we can LS and make sure it's green here's IP sleepy Sh and then we'll do a dot /ip sweep to SH and I'm not going to enter anything in I just want to show up with a concept so see it ran through every single number here in threading and name or service not know because we didn't provide an IP address so what we can do here is we need to provide that IP address one six eight dot one hit enter okay and it pulls back some information so what we can do with this information let's write this out to a file so let's just call this IP list dot text something like this okay it's done now let's just cat out the IP list text okay now we have an IP list of the IPS in our network that we just swept right and we can use this information later on but before we go into that I do want to go back and just improve our script a very very tiny bit so let's go ahead and just tab up a couple times so we get to our G edit and let me show you how we can improve this script it doesn't have to be overly complicated what we can do is we can say something like this we can come in here and give an if statement so an if is conditional right we're going to say if this exists then do something and if it doesn't exist do something else so we're going to say if dollar sign one is equal to nothing we're just going to give it blank space here and then we're going to say then we want to do something so what are we going to do we can echo out something similar - you forgot an IP address and then echo out what you need to do like syntax dot slash ping sweet or IP sweet is what we call this IP sweep that Sh and then IP or we can even write it out an example right like something like that so that way our user if they're using it we wrote this for somebody else they know what we're talking about and at the very end we just need to write if backwards we'll put a Fi so what this is saying is if this is not then echo here right we're gonna echo these and then we need to add one other thing here which is it else let's go ahead and hit enter just to space it out a little bit so if we have no dollar sign one declared right if we have nothing entered in we're gonna say echo you forgot an IP address and syntax here if we do have something in dollar sign one okay well we're gonna do something else we're gonna do our ping sleep and that's it so this is very similar and modified from Georgia Weidman's that I've got a long time ago so full credit goes to her for this little script it was very very easy to learn and it's also very easy to teach so let's go ahead and just run this one more time we're gonna say IP sweep - Sh and look what happens now it says you forgot an IP address now we can declare a number in there or anything and the scripts not perfect right we're expecting three octets and we could give it a one and it's still gonna do something like that which isn't correct right so we need to be able to to modify this down more but that gets really advanced scripting into declaring that needs to be three octets and if you don't provide those then what and that just gets more advanced so we really just need to know hey what we're doing here very basic script for ourselves and something to remember okay so let's clear our screen last thing I want to show you so we've been able to write a script out but we can also do looping in one line and this is where it becomes kind of fun so we have this IP list right we did cat IP list X now let's say we've got this IP list together and we want to do an nmap scan on all of these IPs now we could just say and map and type in the syntax you want and the IP address of it for every single one of these starting to have and let that happen or you could do something in a for loop so we can write the same for loop that we did before we're going to say for IP and then we're going to do is we're going to write a dollar sign and we're going to cat the IP list dot txt so all it does is it's bringing out this list that we have here and it's saying okay for this IP this IP this IP etc we're going to run through all of these that's what the loop does right okay we're gonna do our semi colon and then we're going to tell it to do something right so what do we want to do okay let's run it in map script so we're gonna say do and map and we'll ping or we'll do a port port 80 on all these and we'll say stealth scan that on port 80 and we'll do t-44a speed and that should be it so then we can do done like this and let it run through one at a time we can also do the ampersand and let it run multiples like the we could hit enter and see what that does but I also forgot one thing here forgot to declare the IP address so let's talk about it real quick so we've got a very very simple one-liner and you're gonna see one-liners a lot if you get into ethical hacking and just allows us to do things quickly and scripted so we got four IP address in this list so every IP in this list we're going to loop through when we do that loop we're gonna do and map we're gonna do a quick stealth scan a port 80 T 4 and we're gonna say declare the IP address if you're not comfortable to end map that's okay this is purely an example and something you will see in your career I will make a scripting video at some point for nmap and we'll cover and map more in detail so let's go ahead and just hit enter okay I messed up my syntax so what's going on okay so for IP in just got deleted for IP and cat IP list let's try this one more time okay so we just did all these scans seven scans at once and what we did is you see these are the processes that are starting so it started up eight processes actually not seven and it's just running through this list doing the scans and we're gonna go ahead and just kind of look at it so it says okay on 1.74 is 80 open it's open okay and then on 254 is 80 open its open and then you see filter down here or it's not running filtered filtered same thing so we can hit control C or hit enter if we're done and that's pretty much it so what we just did is we ran AMF scans at one time instead of having to copy and paste these so there's just a little bit of what scripting can do it does get more advanced but to be able to know a one-line for loop is really really important if you go into penetration testing and it's just important in basic bash scripting as well so that's really it for this lesson and that's really it for this course so I hope you really learned something from this course if you did find it valuable please do share it with others please subscribe if you haven't please do like the video word of mouth is the best thing for me it helps me grow my channel and helps me give content back to you as I get more feedback and I grow as a channel so I'm looking to do more courses in the future and appreciate you taking time with me if you like this course and you want to chat with me check the descriptions down below I've got a disc or channel we've got quite a few people in there and I've also got a Twitter if you want to hit me up there lastly I do have a patreon if you felt like this course is valuable and you would like to support me any dollar amount goes a long way for me recording equipment recording software all that's very expensive and the time spent on this is also very detailed long hours so if you want to support me or or anything a like subscribe etc it goes a long way I appreciate you taking the time to watch this course and until the next one thank you so much for joining me alright and now some bonus material so I'm adding in some additional resources these are for those of you that want to continue on you've learned the Linux now and you're like hey I really want to be a pen tester I think this is for me I'm gonna provide you a whole lot of different resources here so take notes these are some of the best resources I can think of for those wanting to get into the field I'll briefly cover each of them and then leave you at it to do your own research and hopefully see you in the field someday as a pen tester so let's take a look at some of these resources okay so first resource is a shameless self-promotion and I only do this because I do think that I'm a valuable resource I'm trying not to be biased here but I've got some good good stuff that's completely free if you are interested in it so if you come to youtube.com slash see slash the cyber mentor you can come to my page here and you can check out all the videos I have one video is a day in the life of an ethical hacker so if you want to know what it's like to be an ethical hacker if you're still not sure if this is the field for you this might be a video for you to view it talks about the day in and day out stuff that you might do or kind of assess work you might be asked to do and what's really like to be a an ethical hacker on top of that I've got another video on cyber career paths about penetration testing and ethical hacking so if you're looking to get into the field and you want to become a pen tester or ethical hacker and you're not quite sure where to go this is probably the better video for you it kind of talks about all the knowledge that you'll need for a junior perspective and really the knowledge that you'll need to be successful in the field including certifications etc so if you're watching this video as an additional resource this would probably be additional resource part 2 is a good way to call it this is the one like really detail on penetration testing and ethical hacking on top of that over here I've got playlists so if you come into the playlist I've got a few courses most importantly is our zero to hero course so if we come to the cyber mentor comm and you go to courses over here and you go to zero to hero pentesting you can find more information on the syllabus so I put it into lesson plan as well here but there are let's see eleven episodes we start with Linux kind of like you've already learned note keeping some introduction we do Python for two weeks we do information-gathering ascent recon scanning enumeration exploitation we do internal attacks as well so we'll build out an Active Directory lab and we'll learn how to do these internal attacks that aren't really taught in a lot of courses and then we'll end it with some file transfers maintaining access etc report writing as well and career advice so this is like my complete course it's called zero to hero to take somebody from from a complete zero and bring them into a hero where they can start doing some pen testing on their own so again if your interest in that course you can come to my website and check it out with the lessons plan you can just click in the tab and play the video or on my youtube channel you can click right on the playlist and play it from there as well so leaving the shameless self-promotion let me talk about some more cheap alternatives hack is a great great alternative if you're just getting started so for hack the box what it is is it's a series of vulnerable machines so you could think of it almost like a game so if you want to do some hacking this is a great place to just start practicing and learning the ropes what we can do is like say we could pick something on the easy side you want to look for something like that's more green right on the left because that shows easy you would pick a box like this you would scan against it and you know if you don't know I'm talking about that's fine but you would scan against it and try to find vulnerabilities and hack it so a really really great website if you have the VIP they're starting to move it it's in beta right now but they have 20 boxes that you can attack on active side and 20 in the VIP but to the nice thing about the VIP is they're about to open up all 97 that I've been retired so they retire one every week and they bring a new one in so you gain access it's like $13 a month this is free completely for your platform if you don't want it but this is 13 bucks a month for the VIP access and you can come in here and do some of these machines that are super duper easy and if you click into them they'll have write-ups for them and they'll also have video walkthroughs for a lot of these machines so that's a really really great stuff right if you have no idea what you're doing this is a great place to start because these retired boxes are boxes that have already been done you can watch how somebody else did them you can learn their methodology and this is really good for just getting the basics down and understanding you know some basic hacking same thing here with the virtual hacking labs it's very similar they've got a labs they've got a course and they've got different pricing so you can try these out if you're interested in them so they are you know just alternatives to just practice online then you've got Voland hub as well you'll have to search through this and try to find something that's like beginner level or Google online which which are realistic boxes or what what are good boxes on Bolin hub they've all had basically you just download the VMware file and you play it on VMware and you try to attack the the machine so you download a machine you try to attack it and these are intentionally vulnerable machines all of these right here on these top so let's say that that's not really where you want to start you think maybe you could use a little bit more hand-holding and you like a certification to come behind it I'm going to show you the top three in my order that I think for pen testing at least at a beginner to mid to your level what the top three are so allure and security gets number one slot in my mind if you come into here and you go onto certifications so they've got a couple different ones the ECP PT or actually let's go to courses so the penetration testing student and the penetration testing professional the student is for the beginner the professionals a little bit more advanced it leaves off for the beginner ends so if we come in the student you can see some of the things that you'll learn so they've got you know it talks about the preliminary skills that you might need and teaches you those it's got some programming and then just the basics of penetration testing but it gives you an idea what it's like on top of that this PTP course they have is like more in depth more advanced you start getting into assembly language and buffer overflows you get into network pen testing some powershell linux web app Wi-Fi some ruby four Metasploit so i think this is really well-rounded really up-to-date the downside of this course is that it's not it's not really well known on the HR side of things so and then the pricing can get a little expensive on the elite side right now it's $1,600 the cheapest is the 1200 I would at least get the middle tier but as of right now they're offering that pts and the PTP if you buy the PTP they give you the pts for free but that won't be going on much longer but you can always hold out for deals like this as well another resource in a very very well known resource probably the best certification in terms of being known is the OS CP so it starts out at eight hundred bucks as you can see here you're probably going to spend more money than that because that's just 30 days so the nice thing about this is it comes with labs there's a certain amount of machines in there that you can try to hack against sort of like a hack the box but there's an so you can you notice attack whatever you feel like and try to navigate your way through the network and then when you are done and you want to test for the certification you have to actually hack in an environment of misete number of machines you have to hack against and you have to be successful in hacking those machines to get your certification so it's considered one of the more difficult certifications out there to achieve and you'll see it come up a lot of times in HR or job applications that they want this osep so this is something to look into and consider as well the cost isn't as bad as the elearn but the con here is that office and security courses haven't been updated in five or so years so you really need to you know it's kind of the the best of both worlds if you were able to do both but this one will get you into more doors this one will get you a little bit more current but there are plenty of resources out there all these tabs I've shown you that you don't have to spend a ton of money to get this stuff these are more things that if you want that certification you want that that coursework that knowledge these are great resources all three of these so last is the G pen now the G pen is just an exam by itself at seventeen hundred dollars it is by sans right so this is showing GE IAC you actually have to take the corresponding sans course that goes with it and that course is upwards of $6,000 so unless you can get a employer to pay for this and certification probably not the best but the thing that I like about sans is that it stays up to date they are constantly updating their courses and that they look good on a resume it's one of those really high tier high level certifications and the exam from what I hear is actually pretty good it's not a practical exam but it's a fairly good exam and the nice thing I didn't mention elearn security is also practical so this OS CP is practical the ealer and security exams practical you have to hack your way through to two pass and write a report as well this one is a multiple-choice exam I do believe so these are three certifications that you can look into if you're wanting to go down that route I would start with the pts if you can it's dirt cheap you know if I have to make a recommendation just to make sure that you're you're really interested in this if you know for sure and you want to do that pts PGP combo this might be a good choice here but other than that I mean the free resources like I've got my channel there's a ton of videos the zero two here of course is like at least twenty to thirty hours of material hack the Box you'll spend a lot of time on there's plenty of write-ups if you just google like honestly if we go in here and we say like apocalypse here if you say that and you google at with write-up you're gonna find the right up for this or you'll find a video for this or some kind of walkthrough right so you just want to look through these and try to try it on your own and then go back and then watch the write-up and see how you could have improved if you've got through it or where you can improve an enumeration or whatever is you need to to get better to actually succeed the next time you try attacking these machines so that is it you have reached the end of this course and the end of the bonus material if you need anything I provided my contact info again in the beginning you know I'm at the cyber mentor on Twitter you can reach me on youtube as well and I really do thank you for joining me I look forward to seeing many of you take the next step from this Linux if you made it this far you've already gotten through the beginner Linux and that's awesome I hope you take this next step and that you are intrigued by penetration testing because we need more people in the field so I look forward to seeing you guys and girls come through and hopefully I'll work with some of you someday so until next time my name is Heath Adams and I thank you for joining me

Info

Channel: freeCodeCamp.org

Views: 1,863,478

Rating: 4.9240403 out of 5

Keywords: linux, kali linux, ethical hacking, hackers, bash, command line, terminal, linux tutorial, linux course, vmware

Id: lZAoFs75_cs

Channel Id: undefined

Length: 120min 59sec (7259 seconds)

Published: Fri Jul 05 2019