g1 s17 II

1. SESSION 17
2. ==========
3.  
4. Introduction to Linux Basics
5. ====================
6.  
7. Linux word derived and evolved from UNIX.
8. Unix was the first operating system came to existence with CLI environment and mainly used for server side working as per today's requirements. It is the most flexible and customizable OS used by skilled individuals.
9.  
10. Advantages of using Linux OS
11. =============================
12. 1. It was very tough to operate as you need to have some high end skills to operate in this operating system.
13.  
14. 2. Used by Govt Officials Private Organisations hence not much popular for a general user to operate because it is more secure..
15.  
16.  
17. Unix : Server Side OS
18. File Extension : .tar.gz / .deb and other compressed packages
19. Popular OS : Red Hat, Fedora, CENT OS etc.
20.  
21. Linux : Is derived from Unix and to engage more users (simple users) Linux was developed under a open source community began in 1991 and hence is the most popular non commercial os on the planet.
22.  
23. File Extension : .tar.gz , .deb etc.
24. Popular OS : Ubuntu Flavours, Linux Mint, Kali OS etc.
25.  
26. For Personal/Home Usage : How to Install Kali Linux in VMware.
27. At Work Places : Never Install Kali Linux only use LIVE CD.
28.  
29.  
30. INTRODUCTION TO PENTESTING OS - KALI
31. =====================================
32. 1. Virtual Box (Vmware)
33. 2. Kali Linux (Image download : kali.org)
34. 3. Run it LIVE
35. 4. Shutdown
36.  
37. = Installation of Kali Linux.
38.  
39. -----------------------------------------------------------------------------------------
40.  
41. DIRECTORIES ARCHITECTURE IN LINUX
42. ==================================
43.  
44. 1. /root : This is known as the home directory for the root user. Every single file path in Linux begins from root in one way or another.
45.  
46. 2. /bin : Binary folder, this is where most of your binary files are stored, typically for the Linux terminal commands and core utilities,
47.  
48. 3. /boot : This is where all the needed files for Linux to boot are kept which helps in loading the operating system.
49.  
50. 4. /dev : This is where your physical devices are mounted, devices are those whenever we insert a Mouse, or any other device via peripheral ports they always go in dev folder.
51.  
52. 5. /etc : Configuration files specific to the machine are stored in the "/etc" folder. Configuration files of each and every thing present in the linux is stated as “.conf”
53. extensions.
54.  
55. 6. /home : It is like the "Users" folder in Windows os. The Desktop, Documents, Downloads, Photos, and Videos folders are all stored under the /home/username directory of every particular user.
56.  
57. 7. /lib : This is where libraries are kept which are having basic utility files of the operations performed in the OS.
58.  
59. 8. /proc : This includes a directory for each running process, including kernel processes, in directories named /proc/PID, where PID is the process number for every processes.
60.  
61. 9. /media : Removable Media Devices Folder. It is a place where external devices such as USB drives can be mounted. it holds and mounts the external devices attached to the devices
62.  
63. 10. /mnt : This is basically a placeholder folder used for mounting other folders or drives. When we want to mount or place any internal drive or folder in the operating system we will use "/mnt" folder.
64.  
65. 11. /usr : Contains files and utilities that are shared between users. This folder is use for sharing data and other stuffs between two different users on the same OS.
66.  
67. Basic Commands of Linux
68. =======================
69.  
70. 1. cd: Changes directories.
71.  
72. 2. ls : List directory
73.  
74. 3. man : To get the manual page of any command or tool.
75.  
76. 4. mkdir : To make a directory in linux
77.  
78. 5. cp : Copy a file to another folder
79.  
80. 6. mv : Move a file to another location
81.  
82. 7. rm : To remove a file only.
83.  
84. 8. rmdir : Remove Directory.
85.  
86. 9. grep : To check whether the work is in file or not
87. man grep
88. grep sairam kar.txt
89.  
90. 10. cat : To read the contents of the file.
91.  
92. 11. locate : To locate the specific file.
93.  
94. 12. echo : For printing something on the terminal.
95.  
96. 13. date : For viewing the current date and time
97.  
98. 14. cal : For finding the Calender.
99.  
100. 15. uname : Finding out your OS Version.
101.  
102. 16. uname -a : Finding out all the information of the OS. Like User Information, OS Information etc.
103.  
104. 17. init 0 : Shutting down the OS.
105.  
106. 18. reboot : Restarting the OS.
107.  
108. 19. Starting a Python Server : python -m SimpleHTTPServer portnumber
109.  
110. 20. sudo : Sudo allows a system admin to give certain users the ability to run some (or all) commands at the root level and logs all commands and arguments.
111.  
112. 21. ifconfig : Interface configuration and details
113.  
114. 22. iwconfig : Wireless Configuration and details
115.  
116. 23. route -n : Gateway IP Details
117.  
118. 24. apt-get install applicationname : Installation of Application through terminal.
119.  
120. 25. python -m SimpleHTTPServer 4444 : To ceate a simple server in lunux for transferring files.
121.  
122. ---------------------------------------------------------------------------------------------------
123.  
124. WORDLISTS GENERATOR
125. ===================
126.  
127. CRUNCH
128. ======
129. Usage : TERMINAL : crunch minlength maxlength characterset
130.  
131. ---------------------------------------------------------------------------------------------------
132.  
133.  
134. Users and Groups
135. =================
136.  
137. 1. Root account : This is also called superuser and would have complete and unfettered control of the system. A superuser can run any commands without any restriction. This user should be assumed as a system administrator.
138.  
139. 2. System accounts : System accounts are those needed for the operation of system-specific components. These accounts are usually needed for some specific function on your system, and any modifications to them could adversely affect the system.
140.  
141. 3. User accounts : User accounts provide interactive access to the system for users and groups of users. General users are typically assigned to these accounts and usually have limited access to critical system files and directories.
142.  
143.  
144. Understanding Privileges and Permissions
145. ========================================
146.  
147. 1. Read - a readable permission allows the contents of the file to be viewed. A read permission on a directory allows you to list the contents of a directory.
148. 2. Write - a write permission on a file allows you to modify the contents of that file. For a directory, the write permission allows you to edit the contents of a directory.
149. 3. Execute - for a file, the executable permission allows you to run the file and execute a program or script. For a directory, the execute permission allows you to change to a different directory and make it your current working directory.
150.  
151. = Command : "ls -al" - Show Privileges
152.  
153. -rw-r--r-- 1 root root 1031 Mar 14 05:22 /etc/passwd
154.  
155. In this example, the file owner has read and write permissions only.
156. - The first three characters (rw-) define the owner’s permission to the file.
157. - The next three characters (r--) are the permissions for the members of the same group as The file owner (which in this example is read only).
158. - The last three characters (r--) show the permissions for all other users and in this example it is read only.
159.  
160.  
161. Command "chmod" : chmod changes the permissions of each given file according to mode, where mode describes the permissions to modify.
162.  
163. Syntax : "chmod 754 filename"
164.  
165. 4 stands for "read",
166. 2 stands for "write",
167. 1 stands for "execute",
168. and 0 stands for "no permission."
169.  
170. Here,
171. 7 is the combination of permissions 4+2+1 (read, write, and execute)
172. 5 is 4+0+1 (read, no write, and execute)
173. and 4 is 4+0+0 (read, no write, and no execute)
174.  
175. ------------------------------------------------------------------------------------------
176.  
177. OWASP ZAP - LINUX TOOL
178. ======================
179. The OWASP ZAP (ZAP) tool is one of the most popular free penetration testing tool. It can help you automatically find security vulnerabilities in your web applications while for experienced pentesters to use for manual security testing. The main goal is to allow easy penetration testing to find vulnerabilities in web applications.
180.  
181. ZAP tool in Kali Linux.
182.  
183. Steps
184. =====
185. 1. Adding the Target site to the testing scope.
186. 2. Setting up Proxy for ZAP. - ZAP tool > Tools Menu > Options > Local Proxy > Change Address = 127.0.0.1 Port = 8080.
187. Setting up the Proxy in the Browser : Mozilla browser > Tools Menu > Options > Advanced tab > Network > Settings > Select Manual Proxy configuration:- HTTP Proxy = 127.0.0.1 Port = 8080.
188. 3. Attacking on the Websites through ZAP.
189. 4. Saving the ZAP Session.
190. 5. Generating Report = ZAP tool > Report > Generate HTML report > Save and share the report.
191.  
192.  
193. -----------------------------------------------------------------------------------------