Week 1: Setup

Introduction, Notekeeping, and Introductory Linux

Setting Up A Penetration Testing Environment - This will focus on setting up a lab environment, specifically VMWare, Kali Linux, and our lab VMs. The lesson will briefly introduce important aspects of each set up (e.g. Snapshots in VMWare, the Kali Linux toolset, etc.) with the intention to build upon those aspects in later lessons. How to Keep Notes Effectively - This lesson will cover the importance of note taking from a pentester standpoint. The lesson will introduce the Kali Linux built-in note-taking application, KeepNote, and discuss how to take notes effectively. Taking notes during a penetration test is incredibly important as it allows a pentester reference points when writing their final report, discussing timelines with their team or manager, or even discussing specifics of a pentest with a client. Introductory Linux - This lesson will briefly cover the important Linux terminal commands needed to use Kali Linux. Some of the topics that will be covered are: navigating the file system, users and privileges, common network commands, bash scripting, and much more.

Setup

apt update && apt upgrade
#     update checks the repos for new versions and indexes
#     upgrade downloads all the newest versions

#     selected GRUB partition sda instead of sda1
    
#     need to install postgresql 12 and uninstall 11

apt autoremove

# download into /opt/ directory
#     /opt is for "the installation of add-on application software packages"

# installed impacket into opt from git
#    in directory, pip install .

# use systemctl to turn on services by default (on boot)
systemctl enable ssh
systemctl enable postgresql  # useful for metasploit

# just for this session use “service”
service enable apache2
service enable ssh

root@kali:~# ping -c 1 10.0.2.2 | grep "64" | cut -d " " -f 4 | tr -d ":"
10.0.2.2

root@kali:~# cat iplist.txt
10.0.2.3
10.0.2.4
10.0.2.2
10.0.2.15

root@kali:~# for ip in $(cat iplist.txt); do nmap -p 80 -T4 $ip & done
[1] 5115
[2] 5116
[3] 5117
[4] 5118

Useful Locations

/etc/passwd
- contains the user list
- most users will have permission to read the file
/etc/shadow
- contains the hashed passwords
- only root can read the file
/var/log/auth.log
- stores all security related messages including authentication failures

root@kali:/var/log# grep bob auth.log
Dec  8 11:53:12 kali groupadd[2915]: group added to /etc/group: name=bob, GID=1000
Dec  8 11:53:12 kali groupadd[2915]: group added to /etc/gshadow: name=bob
Dec  8 11:53:12 kali groupadd[2915]: new group: name=bob, GID=1000
Dec  8 11:53:12 kali useradd[2921]: new user: name=bob, UID=1000, GID=1000, home=/home/bob, shell=/bin/bash
Dec  8 11:53:21 kali passwd[2931]: pam_unix(passwd:chauthtok): password changed for bob
Dec  8 11:53:25 kali chfn[2932]: changed user 'bob' information
Dec  8 12:00:12 kali su: (to bob) root on pts/0
Dec  8 12:00:12 kali su: pam_unix(su:session): session opened for user bob by (uid=0)
Dec  8 12:01:24 kali sudo:      bob : user NOT in sudoers ; TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/cat /etc/shadow

/var/log/syslog
- everything, except auth related messages
/var/log/messages
- storing valuable, non-debug and non-critical messages
- "general system activity"

PreviousTCM - Zero to Hero Nextipsweep.sh

Last updated 4 years ago

Was this helpful?

Setup

apt update && apt upgrade
#     update checks the repos for new versions and indexes
#     upgrade downloads all the newest versions

#     selected GRUB partition sda instead of sda1
    
#     need to install postgresql 12 and uninstall 11

apt autoremove

# download into /opt/ directory
#     /opt is for "the installation of add-on application software packages"

# installed impacket into opt from git
#    in directory, pip install .

# use systemctl to turn on services by default (on boot)
systemctl enable ssh
systemctl enable postgresql  # useful for metasploit

# just for this session use “service”
service enable apache2
service enable ssh

root@kali:~# ping -c 1 10.0.2.2 | grep "64" | cut -d " " -f 4 | tr -d ":"
10.0.2.2

root@kali:~# cat iplist.txt
10.0.2.3
10.0.2.4
10.0.2.2
10.0.2.15

root@kali:~# for ip in $(cat iplist.txt); do nmap -p 80 -T4 $ip & done
[1] 5115
[2] 5116
[3] 5117
[4] 5118

Useful Locations

/etc/passwd

contains the user list
most users will have permission to read the file

/etc/shadow

contains the hashed passwords
only root can read the file

/var/log/auth.log

stores all security related messages including authentication failures

root@kali:/var/log# grep bob auth.log
Dec  8 11:53:12 kali groupadd[2915]: group added to /etc/group: name=bob, GID=1000
Dec  8 11:53:12 kali groupadd[2915]: group added to /etc/gshadow: name=bob
Dec  8 11:53:12 kali groupadd[2915]: new group: name=bob, GID=1000
Dec  8 11:53:12 kali useradd[2921]: new user: name=bob, UID=1000, GID=1000, home=/home/bob, shell=/bin/bash
Dec  8 11:53:21 kali passwd[2931]: pam_unix(passwd:chauthtok): password changed for bob
Dec  8 11:53:25 kali chfn[2932]: changed user 'bob' information
Dec  8 12:00:12 kali su: (to bob) root on pts/0
Dec  8 12:00:12 kali su: pam_unix(su:session): session opened for user bob by (uid=0)
Dec  8 12:01:24 kali sudo:      bob : user NOT in sudoers ; TTY=pts/0 ; PWD=/root ; USER=root ; COMMAND=/usr/bin/cat /etc/shadow

/var/log/syslog

everything, except auth related messages

/var/log/messages

storing valuable, non-debug and non-critical messages
"general system activity"