diff --git a/ls/ex-1_ls.adoc b/ls/ex-1_ls.adoc index a4ed8ee..4c1a1df 100644 --- a/ls/ex-1_ls.adoc +++ b/ls/ex-1_ls.adoc @@ -46,8 +46,7 @@ Assuming you're already logged in |======================= - -== Key combinations +=== Key combinations .Key combinations [options="header,footer"] |======================= @@ -60,324 +59,149 @@ Assuming you're already logged in |Shift+PageUp and Shift+PageDown| Browse terminal buffer (to see text that has "scrolled off" the screen). |======================= - -== Find IP - -[source,bash] ----- -# ifconfig - -eth0: flags=4163 mtu 1500 - inet 172.21.0.2 netmask 255.255.0.0 broadcast 172.21.255.255 - ether 02:42:ac:15:00:02 txqueuelen 0 (Ethernet) - RX packets 61 bytes 9309 (9.3 KB) - RX errors 0 dropped 0 overruns 0 frame 0 - TX packets 0 bytes 0 (0.0 B) - TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 - -lo: flags=73 mtu 65536 - inet 127.0.0.1 netmask 255.0.0.0 - loop txqueuelen 1000 (Local Loopback) - RX packets 248 bytes 14260 (14.2 KB) - RX errors 0 dropped 0 overruns 0 frame 0 - TX packets 248 bytes 14260 (14.2 KB) - TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ----- - -TIP: inet ***172.21.0.2*** netmask 255.255.0.0 broadcast 172.21.255.255 - -== Find live hosts +=== ls -l [source,bash] ---- -nmap -sP 172.21.0.* - -Nmap scan report for 172.21.0.1 (172.21.0.1) -Host is up (0.00028s latency). -MAC Address: 02:42:56:48:D0:61 (Unknown) -Nmap scan report for testnetwork2_worker_1.testnetwork2_net (172.21.0.3) -Host is up (0.00015s latency). -MAC Address: 02:42:AC:15:00:03 (Unknown) -Nmap scan report for testnetwork2_worker_3.testnetwork2_net (172.21.0.4) -Host is up (0.00018s latency). -MAC Address: 02:42:AC:15:00:04 (Unknown) -Nmap scan report for testnetwork2_worker_4.testnetwork2_net (172.21.0.5) -Host is up (0.00015s latency). -MAC Address: 02:42:AC:15:00:05 (Unknown) -Nmap scan report for testnetwork2_worker_2.testnetwork2_net (172.21.0.6) -Host is up (0.00017s latency). -MAC Address: 02:42:AC:15:00:06 (Unknown) -Nmap scan report for 9110d42e466b (172.21.0.2) - - -nmap -sP 172.21.0.* | grep Nmap | cut -d' ' -f5-6 - -172.21.0.1 (172.21.0.1) -testnetwork2_worker_1.testnetwork2_net (172.21.0.3) -testnetwork2_worker_3.testnetwork2_net (172.21.0.4) -testnetwork2_worker_4.testnetwork2_net (172.21.0.5) -testnetwork2_worker_2.testnetwork2_net (172.21.0.6) -9110d42e466b (172.21.0.2) - +# ls -al +drwxrwxr-x 4 zeus zeus 4096 Οκτ 23 21:55 . +drwxrwxr-x 9 zeus zeus 4096 Οκτ 15 14:28 .. +drwxrwxr-x 8 zeus zeus 4096 Οκτ 23 21:55 .git +drwxrwxr-x 4 zeus zeus 4096 Οκτ 14 20:24 install +crw------- 1 root root 5, 1 Οκτ 23 21:22 console +lrwxrwxrwx 1 root root 11 Οκτ 23 21:21 core -> /proc/kcore +drwxr-xr-x 4 root root 100 Οκτ 23 21:22 cpu +crw------- 1 root root 10, 59 Οκτ 23 21:21 cpu_dma_latency +crw------- 1 root root 10, 203 Οκτ 23 21:21 cuse +-rw-rw-r-- 1 zeus zeus 1517 Οκτ 23 21:55 INSTALL.md +-rw-rw-r-- 1 zeus zeus 33883 Οκτ 15 14:28 LICENSE +-rw-rw-r-- 1 zeus zeus 691 Οκτ 17 11:13 README.md ---- -.What is Nmap? -[NOTE] -==== -Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks. - -See https://en.wikipedia.org/wiki/Nmap -==== +==== File types +This table gives an overview of the characters determining the file type: +> **d**rwxrwxr-x 4 zeus zeus 4096 Οκτ 14 20:24 install -== Scan Ports - -=== Scan a Single Port, All Ports, or Series - -[source,bash] ----- -Nmap commands can be used to scan a single port or a series of ports: ----- - -=== Scan port 80 on the target system: - -[source,bash] ----- -nmap –p 80 172.21.0.3 ----- - -=== Scan ports 1 through 200 on the target system: - -[source,bash] ----- -nmap –p 1-200 172.21.0.3 ----- - -=== Scan (Fast) the most common ports: - -[source,bash] ----- -nmap –F 172.21.0.3 ----- - -=== To scan all ports (1 – 65535): - -[source,bash] ----- -nmap –p– 172.21.0.3 ----- - - - -=== Scan All TCP UDP Ports - -Scan all UDP and TCP ports in a single command. We will use -sU for UDP and sT for TCP protocol. -[source,bash] ----- -nmap -sU -sT -p0-65535 IP ----- - - -.What Are Ports? -[NOTE] -==== - -On modern operating systems, ports are numbered addresses for network traffic. Different kinds of services use different ports by default. - -For example, normal web traffic uses Port 80, while POP3 email uses Port 110. One of the ways that a firewall works is by allowing or restricting traffic over a particular port. - -Because the ports into your computer can cause a security risk, it’s critical to know which ports are open and which are blocked. - -==== - -== netstat - -=== Listing (Almost all) - -[source,bash] ----- -netstat -antlupe ----- - -=== Listing TCP Ports connections - -[source,bash] ----- -netstat -at ----- - -.Netstat -[NOTE] -==== -Netstat command displays various network related information such as network connections, routing tables, interface statistics, masquerade connections, multicast memberships etc., -==== - - -=== Listing UDP Ports connections - -[source,bash] ----- -netstat -au ----- - - -=== Listing all LISTENING Connections - -[source,bash] ----- -netstat -l ----- - - -=== Listing all TCP Listening Ports - -[source,bash] ----- -netstat -lt ----- - -=== Listing all UDP Listening Ports - -[source,bash] ----- -netstat -lu ----- - - -=== Listing all UNIX Listening Ports - -[source,bash] ----- -netstat -lx ----- - - -=== Showing Statistics by Protocol - -[source,bash] ----- -netstat -s ----- - -=== Showing Statistics by TCP Protocol - -[source,bash] ----- -netstat -st ----- +.File types in a long list +[options="header,footer"] +|======================= +|Symbol| Meaning +|-| Regular file +|d| Directory +|l| Link +|c| Special file +|s| Socket +|p| Named pipe +|b| Block device +|======================= -=== Showing Statistics by UDP Protocol +> -**rw-**rw-r-- 1 zeus zeus 1517 Οκτ 23 21:55 INSTALL.md -[source,bash] ----- -netstat -su ----- +==== Access rights -=== Displaying Service name with PID +.Access rights +[options="header,footer"] +|======================= +|Code| Meaning +|0 or -|The access right that is supposed to be on this place is not granted. +|4 or r|read access is granted to the user category defined in this place +|2 or w|write permission is granted to the user category defined in this place +|1 or x|execute permission is granted to the user category defined in this place +|======================= -[source,bash] ----- -netstat -tp ----- +==== User group codes -=== Displaying Promiscuous Mode +.User group codes +[options="header,footer"] +|======================= +|Code| Meaning| +|u| user permissions|-**rw-**rw-r-- +|g| group permissions|-rw-**rw-***r-- +|o| permissions for others|-rw-rw-**r--** +|======================= -Displaying Promiscuous mode with -ac switch, netstat print the selected information or refresh screen every five second. Default screen refresh in every second. + +==== Exercises [source,bash] ---- - netstat -ac 5 | grep tcp ----- - -=== Setting Promiscuous Mode - -[source,bash] +touch example +chmod 400 example +ls -l example +chmod 500 example +ls -l example +chmod 600 example +ls -l example +chmod 644 example +ls -l example +chmod 660 example +ls -l example +chmod 700 example +ls -l example +chmod 755 example +ls -l example +chmod 775 example +ls -l example +ls -l example +chmod 777 example +ls -l example ---- - ifconfig eth0 promisc -OR -ip link set eth0 promisc on ----- -=== Remove Promiscuous Mode -[source,bash] ----- - ifconfig eth0 –promisc ----- -.Promiscuous Mode -[NOTE] -==== -Promiscuous mode is a mode for a wired network interface controller (NIC) or wireless network interface controller (WNIC) that causes the controller to pass all traffic it receives to the central processing unit (CPU) rather than passing only the frames that the controller is specifically programmed to receive. +== Linux file system layout -When a capable NIC is placed in Promiscuous Mode, it allows the NIC to intercept and read each arriving network packet in its entirety. +.Subdirectories of the root directory +[options="header,footer"] +|======================= +|Directory| Content +|/bin| Common programs, shared by the system, the system administrator and the users. +|/boot| The startup files and the kernel, vmlinuz. In some recent distributions also grub data. Grub is the GRand Unified Boot loader and is an attempt to get rid of the many different boot-loaders we know today. +|/dev| Contains references to all the CPU peripheral hardware, which are represented as files with special properties. +|/etc| Most important system configuration files are in /etc +|/home| Home directories of the common users. +|/lib| Library files, includes files for all kinds of programs needed by the system and the users. +|/mnt| Standard mount point for external file systems, e.g. a CD-ROM or a digital camera. +|/opt| Typically contains extra and third party software. +|/proc| A virtual file system containing information about system resources. +|/root| The administrative user's home directory. Mind the difference between /, the root directory and /root, the home directory of the root user. +|/sbin| Programs for use by the system and the system administrator. +|/tmp| Temporary space for use by the system, cleaned upon reboot, so don't use this for saving any work! +|/usr| Programs, libraries, documentation etc. for all user-related programs. +|/var| Storage for all variable files and temporary files created by users, such as log files, the mail queue, the print spooler area, space for temporary storage of files downloaded from the Internet, or to keep an image of a CD before burning it. +|======================= -If the NIC is not in Promiscuous Mode, it will only receive packets that are specifically addressed to the NIC. Promiscuous Mode must be supported by the NIC and by the operating system and any associated driver. Not all NICs support Promiscuous Mode, however it is pretty easy to determine if you have a NIC and OS capable of Promiscuous Mode. -==== -=== check if promiscuous mode is enabled on network interface +== Find IP [source,bash] ---- +# ifconfig -netstat -i - -Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg -eth0 1500 8352 0 0 0 12677 0 0 0 BMRU -lo 65536 14656 0 0 0 14656 0 0 0 LRU - -ifconfig eth0 promisc - -netstat -i - -Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg -eth0 1500 8352 0 0 0 12677 0 0 0 BMPRU -lo 65536 14696 0 0 0 14696 0 0 0 LRU - -ifconfig eth0 -promisc - -netstat -i - -Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg -eth0 1500 8353 0 0 0 12677 0 0 0 BMRU -lo 65536 15232 0 0 0 15232 0 0 0 LRU - - ----- - -.Promiscuous Mode -[NOTE] -==== -Look under the last column “Flg” for value “P”. If it’s there, it means promiscuous mode is enabled for that network interface + -B flag is for broadcast + -M flag is for multicast + -P flag is for promisc mode + -R is for running + -U is for up + - -==== - - - - -[appendix] -== How to use Nmap - -While the basis of Nmap's functionality is port scanning, it allows for a variety of related capabilities including: - -- Network mapping: Nmap can identify the devices on a network (also called host discovery), including servers, routers and switches, and how they're physically connected. -- OS detection: Nmap can detect the operating systems running on network devices (also called OS fingerprinting), providing the vendor name, the underlying operating system, the version of the software and even an estimate of devices' uptime. -- Service discovery: Nmap can not only identify hosts on the network, but whether they're acting as mail, web or name servers, and the particular applications and versions of the related software they're running. -- Security auditing: Figuring out what versions of operating systems and applications are running on network hosts lets network managers determine their vulnerability to specific flaws. If a network admin receives an alert about a vulnerability in a particular version of an application, for example, she can scan her network to identify whether that software version is running on the network and take steps to patch or update the relevant hosts. Scripts can also automate tasks such as detecting specific vulnerabilities. - +eth0: flags=4163 mtu 1500 + inet 172.21.0.2 netmask 255.255.0.0 broadcast 172.21.255.255 + ether 02:42:ac:15:00:02 txqueuelen 0 (Ethernet) + RX packets 61 bytes 9309 (9.3 KB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 0 bytes 0 (0.0 B) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +lo: flags=73 mtu 65536 + inet 127.0.0.1 netmask 255.0.0.0 + loop txqueuelen 1000 (Local Loopback) + RX packets 248 bytes 14260 (14.2 KB) + RX errors 0 dropped 0 overruns 0 frame 0 + TX packets 248 bytes 14260 (14.2 KB) + TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 +---- +TIP: inet ***172.21.0.2*** netmask 255.255.0.0 broadcast 172.21.255.255