Gus Khawaja - Kali Linux Penetration Testing Bible

Use the grep command to get more granular results.

To find an application path, use the whichcommand. This command will use the $PATHenvironment variable to find the results that you're looking for. As an example, to find where Python is installed, you can do the following:

$which [application name] root@kali:/# which python /usr/bin/python

It's important to understand that a Linux system will use $PATHto execute binaries. If you run it in the terminal window, it will display all the directories where you should save your programs/scripts (if you want to execute them without specifying their path):

root@kali:/# $PATH bash: /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin: No such file or directory

Let's look at a practical example; I saved the test.shfile in my home directory. Since the home folder is not in the $PATHvariable, this means that I can execute it only if I specify the path or else it will fail:

root@kali:~# test.sh bash: test.sh: command not found root@kali:~# ./test.sh test

Another useful command to find files with more flexible options is the findcommand. The advantage of using the findtool is that it allows adding more granular filters to find what you're looking for. For example, to find file1.txtunder the root home directory, use this:

root@kali:~# find /root -name "file1.txt" /root/temp/file1.txt

Let's say you want to list the large files (1GB+) in your system:

root@kali:~# find / -size +1G 2> /dev/null /proc/kcore

Appending 2> /dev/null to your command will clean the output results and filter out errors.

The following is a convenient find filter that searches for setuidfiles in Linux for privilege escalation (you will learn all the details in Chapter 10, “Linux Privilege Escalation”):

$ find / -perm -u=s -type f 2>/dev/null

There are multiple ways (compression algorithms) to compress files; the ones that I will cover in this section are the .tar, .gz, .bz2, and .zipextensions.

Here's the list of commands to compress and extract different types of archives:

To compress using tar extension:$tar cf compressed.tar files

To extract a tar compressed file:$tar xf compressed.tar

To create compressed.tar.gz from files:$tar cfz compressed.tar.gz files

To extract compressed.tar.gz:$tar xfz compressed.tar.gz

To create a compressed.txt.gz file:$gzip file.txt> compressed.txt.gz

To extract compressed.txt.gz:$gzip -d compressed.txt.gz

Let's extract the rockyou.txt.gzfile that comes initially compressed in Kali:

root@kali:~# gzip -d /usr/share/wordlists/rockyou.txt.gz

To create compressed.tar.bz2 from files:$tar cfj compressed.tar.bz2 files

To extract compressed.tar.bz2:$tar xfj compressed.tar.bz2

To create compressed.zip from files:$zip compressed.zip files

To extract compressed.zip files:$unzip compressed.zip

To print the current working directory, you must use the pwdcommand to get the job done (don't mix up the pwdcommand with passwdcommand; they're two different things):

$pwd

To change the current working directory, you must use the cdcommand:

$cd [new directory path]

You can use ..to traverse one upward directory. In fact, you can add as much as you want until you get to the system root folder, /:

root@kali:~/Documents# pwd /root/Documents root@kali:~/Documents# cd ../../ root@kali:/# pwd /

As a final hint, for the cdcommand, you can use the ~character to go directly to your current user home directory:

$cd ~

To create a directory called testin the root home folder, use the mkdircommand:

$mkdir [new directory name]

To copy, move, and rename a directory, use the same command for the file commands. Sometimes you must add the ‐r(which stands for recursive) switch to involve the subdirectories as well:

$cp -r [source directory path] [destination directory path] $mv -r [source directory path] [destination directory path] $mv -r [original directory name] [new directory name]

To delete a folder, you must add the ‐rswitch to the rmcommand to get the job done:

$rm -r [folder to delete path]

Let's see a practical example of how to mount a directory inside Kali Linux. Let's suppose you inserted a USB key; then mounting a directory is necessary to access your USB drive contents. This is applicable if you disabled the auto‐mount feature in your settings (which is on by default in the Kali 2020.1 release).

Figure 1.7 USB Mount

To mount a USB drive, follow these steps:

1 Display the disk list using the lsblk command.

2 Create a new directory to be mounted (this is where you will access the USB stick drive).

3 Mount the USB drive using the mount command.

Figure 1.8 Mount Using the Command Line

Now, to eject the USB drive, use the umountcommand to unmount the directory:

root@kali-laptop-hp:~# umount /mnt/usb

Knowing how to handle files in Kali Linux is something that you'll often encounter during your engagements. In this section, you will learn about the most common commands that you can use to get the job done.

There are many ways to display a text file quickly on the terminal window. 90 percent of the time, I use the catcommand for this purpose. What if you want to display a large text file (e.g., a password's dictionary file)? Then you have three choices: the head, tail, and moreand lesscommands. It is important to note that you can use the grepcommand to filter out the results that you're looking for. For example, to identify the word gus123 inside the rockyou.txtdictionary file, you can do the following:

root@kali:/usr/share/wordlists# cat rockyou.txt | grep gus123 gus123 angus123 gus12345 […]

The headcommand will display 10 lines in a text file starting from the top, and you can specify how many lines you want to display by adding the ‐noption:

$head -n [i] [file name] root@kali:/usr/share/wordlists# head -n 7 rockyou.txt 123456 12345 123456789 password iloveyou princess 1234567

The tailcommand will display the last 10 lines in a file, and you can specify the number of lines as well using the ‐nswitch:

$tail -n [i] [file name] root@kali:/usr/share/wordlists# tail -n 5 rockyou.txt xCvBnM, ie168 abygurl69 a6_123 *7!Vamos!