Kali Linux Fundamentals and Transforming Data

 Kali Linux Fundamentals and Transforming Data


Kali Linux is a form of debian linux operating system that specializes in penetration testing, digital forensics, and other forms of security research. This OS is maintained by Offensive Security, a popular security firm that develops security research materials worldwide.


This platform relies upon the linux platform to manage its memory, cpu, and other devices. The kernel basically oversees the operations that the applications requests for.


Diagram of Kernal’s relationship with one’s resources and apps



Some Key File Directory Areas

  • /bin/: Basic programs such as ls

  • /root/: administrator’s personal files

  • /mnt/: temporary mount points typically performed by the user/admin

  • /media/: temporary mount points typically performed by the system

  • /etc/: configuration files such as passwd where one keeps plaintext form of user passwords

  • /sbin/: essential system binaries

  • /usr/: read-only user application support data & binaries

  • /var/: variable data files

  • /dev/: device files

  • /home/: user home directories

  • /lib/: libraries & kernel modules

  • /opt/: optional software applications

  • /proc/: process & kernel information files

  • /root/: home directory for root user


Diagram of the typically file system the linux operations systems have


Basic Commands for Beginners within Linux

  • man: displays the manual to using various commands that may be executed

  • cat: outputs contents of a file

  • echo: displays lines of text, typically useful to out the results of certain operations such as scripts

  • df: displays the amount of disk space one’s system is using on how

  • ping: a networking troubleshooting tool that attempts to send data packets to a set destination

  • ifconfig: details the networking configuration of the OS

    • Ifconfig (interface) promisc: allows the OS to view packets not assigned to this OS

  • traceroute: details the route packets must take to reach a domain

  • iwconfig: examines one’s wireless configurations 

  • netstat: examines the status of network connections made by the OS such as details of the type of communication that processes use

  • nslookup: a tool that details how the OS is looking up a specific domain such as DNS (uses internal libraries to resolve to a domain)

  • dig: collects DNS information to a particular domain

  • ps: list out ongoing process. With the aux flag it would show all the following

    • a = show processes for all users

    • u = display the process's user/owner

    • x = also show processes not attached to a terminal

  • service: client side tool to interface with processes that execute upon booting up the OS

  • more: reads out the text from a file to the screen

  • sort: organize text from input

  • uniq: locates unique patterns within text

  • sed: search and replace text from a given stream of text

  • sudo: runs a given command under root privileges

  • su: switches to another user, typically defaults to root

  • apt-get: tool that allows that installation of other programs

  • whoami: displays current user

  • uname: displays OS characteristics

  • id: displays information about user and group accounts

  • kill: terminates an ongoing process

  • lsof: list open files that are used across a network

  • nc: (netcat) a tool that establishes connections between other systems

  • &: runs a command in the background

  • 2> /dev/null: drops any standard error prompts

  • i {1…5} $i: loops commands for given number

  • while true; do …; done: loops commands file flag is true


Basic Commands for Beginners within Windows

  • cd: change directories

  • dir: list out the contents of the current directory

  • type: reads the contents of a text file 

  • cls: clears the current text within the screen

  • icacls: a tool that changes file permissions

  • echo: a tool that returns information to a prompt

  • fc: used to compare the differences of two files

  • robocopy: similar to copy but can support logging, mirroring, and purging of files

  • copy: creates another copy of a file

  • move: moves a file to another location in the file system

  • xcopy: used to copy files and entire directory trees

  • date: displays current date or change it

  • time: displays the current time or change it

  • systeminfo: displays information about the current OS

  • shoami: displays current user account info

  • doskey/history: shows the list of commands that had been used

  • sc: starts and stops services

  • tasklist: displays all running processes

  • taskkill: ude to end a running process

  • fsutil: a tool that performs tasks related to FAT and NTFS file systems

  • sfc: a tool that checks protected system files’s integrity and recovery from corruption

  • chkdsk: examine and troubleshoot the sectors of a disk

  • ipconfig: displays information of network interfaces

  • getmac: retrieves the mac address of an interface

  • nslookup: tool that attempts to troubleshoot dns settings

  • ping: sends packets to test the network connection to a given destination

  • tracert: tracks the amount of hops to reach a ip address

  • arp: requests for MAC address via a given ip address

  • ftp: file transfer protocol tool that lists and download files

  • setstat displays network interface information

  • ssh: securely access a terminal across a network

  • net: add users, groups, start/stop services, and connect to other computers

  • ||: double pipe runs the second command in case the first command fails

  • &: executes the second command after the first, useful for several commands that need to run. Does not check for failure.

  • &&: executes the second command after the first, useful for several commands that need to run. Does check for failure.

  • >: direct output, will overwrite

  • >>: append to an existing file

  • <: use the following as input

Understanding Some Forms of Translation of Data


Hashing: One-way algorithm that translates its input to a pattern of characters only unique to it.

Encoding: an algorithm that translates one form of data to another, this method is reversible.

Encryption: a process of preserving one’s data into unreadable code.


Base64: a binary to text encoding text, developed to preserve the transit of data across devices via 64 characters.


Example of base64 translation

Comments

Post a Comment

Popular posts from this blog

Questions and Answers to some TTPs involving Malicious Processes

Image
When examining ongoing processes for any signs of a breach, is it possible that a malicious process can go under the same name of a legitimate process?  As someone who runs multiple windows of chrome, I expect to see more than one chrome.exe amongst my processes. Malware may run another process under the same name. Additionally I often see malware run processes under a misspelled name at least in some CTFs, is this seen in other breaches?
Read more

Taking a Closer Look on IPv6 and Portable Executable Files

Image
These were other materials that I learned during my investigation. Pointing these out here for my own benefit, for whenever I need to return to in the future. When reading out netscan results, most were not in the IPv4 format but rather in IPv6. After some researching I learned I was looking at the link-local IPv6 addresses (LAN) because of the “FE80” denotation, the first 10 bits within a IPv6 address. This introduced me to telling the difference of examining a local address and a global address (for the public).
Read more