ECCouncil CEH V9 312-50 – Linux Overview
In this section we’ll discuss Linux history. We’ll discuss linus plus. Good. We’ll discuss the Linux GUI desktops as well as a bass shell. We’ll also discuss file formats. We’ll give you a couple demos on account management. We’ll discuss cartwes and zips. We’ll talk about some vulnerabilities like the shellshock and Poodle as well as our most popular distros like security distros such as Kali Linux.
So starting off our section on Linux, let’s just talk a little bit about the history and how it came into being. It was actually in the spring of 90 91 with the commencement of a personal project by a Finnish student named Linus Torvalds to create a free new operating system. Since then, the resulting Linux kernel has been marked by constant ghost throughout its history. Since the initial release of its code and 1991 it’s grown from a small number of C routines to more than 16 million lines of code in 2013. In 1991 Linux began a project that later became the Linux kernel. He wrote the program specifically for hardware he was using and independent of an operating system because he wanted to use the functions of the new PC with an 83 86 processor.
Today we called this the X 86 processor. So everything relies primarily on the 386 instruction set or more popularized as the X 86 instruction set. Development was done on Linux using a new C compiler. And that’s kind of the focus of what I wanted to talk to you about today. This is still the main choice of compiling Linux today. The code, however, can be built on with other compilers such as the Intel C compiler. Most people don’t even know this, but the main individual that did most of the work on what we call today is Linux was a gentleman by the name of Richard Stallman. He created a foundation called the GNU Project.
He was trying to create a Unix like operating system that would be free of anybody’s software. The main individuals at that time were Dec and a couple of other people and they were charging exorbitantly high prices for the software. And so Richard Stallman created all of the various routines and then he was going to create the kernel. But since Linus had already created the kernel and since it was free, they just merged the two together.
But you can see it turned, turned out that Linus pretty much got the credit for everything. You probably haven’t even heard of Richard Stallman. So the Ghana Project was started in 1984. So you can see 1984 is a long way from 1991 and they wanted to develop that kernel. Variants of the GNU operating system which use the Linux kernel are now widely used. Really we should be calling this the Ganu Linux system instead of just Linux.
Going to talk about the Linux desktop and there are several Linux gooey desktops. There are three main desktops environments you’ll typically encounter with Linux that’s KDE, Nome, and Fluxbox. Fluxbox is more of a lightweight windowing system and you don’t typically see that on a desktop type model. Gnome is a desktop environment composed entirely a free and open source software. It’s an international project that includes creating software development frameworks, selecting application software for the desktop and working on the programs which manage application, launching file handling, window and task management.
The Nova is part of the GNU project as you can probably imagine, which Richard Stallman heads up and can be used with various Unixlike operating systems, most notably on top of the Linux kernel and the GNU user land as part of the Java desktop system in Solaris. Now, KDE on the other hand, is a free software project based around its flagship product a cross platform development environment designed to run on Linux, Windows and even Mac OS system.
The goal of the project is to provide basic desktop functions and applications for daily needs as well as tools and documentation for developers to write standalone applications for the system. In this regard, the KDE project serves as an umbrella project for many standalone applications. Fluxbox is more of a stacking Windows Manager it’s known as a lightweight windowing manager.
You could see it on a lot of specific things that are used for things that have a Linux kernel and primarily are two desktop environments that you’ll see are KDE and Gnome. And that’s more of a preference than it is anything else than it’s a technical one as an example. So it’s kind of like do you drive a Ford or do you drive a Chevy? The old Diehards that buy pickups in Texas, they’re either a Ford man or they’re a Chevy man. And when one person does not familiar with either of them, well, one as good as the other. But try and tell the Ford or Chevy guys that.
The next thing we’ll want to discuss is something called the Linux shell. Now, the shell is simply a program that acts as a buffer between you and the operating system. It can also be used for simple programming and in Linux case, very complex program. Now, in reality there are three main uses for the shell interactive use, which is when the shell is used interactively it waits for you to issue commands, processes them to interpret special characters such as wild cards and such and then executes them. Shells also provide a set of commands known as built ins to supplement the Linux commands. You can also customize your Linux session.
A Linux shell defines variables such as location of your home directory, mail spool to control the behavior of your session. Some variables are present by the system you can define others in startup files that meet your needs or you can interactively use it for a single session. Startup files can also contain Linux or shell commands for execution immediately after login. Now, the reason that most people are in Linux is because of the last one, which is programming. Until PowerShell came out, Linux was a much, much more powerful programming language.
It executes a series of scripts called shell script basically is a series of individual commands. They could be shell commands or other Linux commands available to the system combined into one executable file called a shell script. Batch files are really the only thing that’s close to what is going on but they don’t have nearly the power. Bash is considered to be a powerful programming shell and mainly it’s because of this one thing everything in Linux is treated as if it’s a file. Now, the Bash shell, simply put, is a shell that takes your commands from the keyboard.
As we talked about before, most Linux systems use a system called Bash. Bash back when I took Linux back in the 80s it was either a seashell, a corn shell or a born shell. B-O-U-R-N-E. Well, they kind of did a play on words because they took two shells that were very popular and put them together meaning the seashell and the Bourne shell and they called this Bash for born again shell. The bash is simply used to run a huge amount of powerful programs and you need to use it to do things like doing an Su which stands for Switch User. You can switch to Root and now you can start programs under the security purity context of fruit.
Next we’re going to talk about the password and shadow file format. Typically most Linux installations will use a past WD format. This is the default. Modern day ones also use something called the shadow format and it basically is using the past WD with a pointer into the shadow format.
When I first learned Linux they used to say that the past WD was world readable. And I thought to myself what idiot thought this up? Well, what they really meant by world readable was anybody who had access to that Linux system could read it. And if you have the password hash you’ll see in later chapters that I can probably crack that. And so it’s not such a good idea to let everyone have access to the password hashes except for the root or administrator of the system.
And that’s just what the shadow file does. The shadow file only gives root access to it whereas the password gives anyone access to it. Although those anyone it does no longer have the password hashing, it points to where it is in the shadow form. Now shadow passwords, the etc password file contains account information that looks maybe like what’s shown right here.
We have Smith j, but it has an x where the hash used to be number 561 and Joe, so it would be Joe Smith, I would imagine. The etc shadow format contains a password and account and expiration information for users and looks kind of like this smith j. Here’s the password hash and so on. Now you can see what each one of these stands for. The root x has the login password password which is pointed to our shadow format. This is the user ID, this is the group ID, this is the user info, the user directory and the user shell that they would like to use in doing this.
The next thing we want to talk about is user account management and we can actually view all the user account information by just looking at that past WD file etc. Past WD or forward slash etc shadow. So let’s take a look at this real quick. I’m going to go ahead and open up my Kali Linux and I’m going to type in root and and it uses tor always has its password, which is roots spell backwards and it’s going to go ahead and bring up, as you can see here’s, the desktop screen that we would normally see. And I’m just simply going to go out and I’m going to click on, open up a terminal. Now after opening up the terminal I could do this by clicking on the little terminal or I could also right click here on the desktop and open a terminal. Whichever way it doesn’t matter which one you use.
So if I just simply want to use so let’s try this, let’s try and change the password for root just for grant it may not let us do this. You would type in PA SSWD and then the user that you want to change the password for if I just typed in past WD it would assume it would be wanting to change my password. Now I’m logged in as root and you can tell that by the hash right here. If you’re logged in with just a greater than sign it’s a standard user. So I type in password root, let’s see if it lets me oh yeah, that’s going to let me do this. So I’m just going to change it to the same thing it was. So here entering the new Linux password to r and T-O-O-R.
Okay, so it basically updated your password completely. The things that I want you to understand now are when you type in passwd without any username it would be doing what’s called a password hash insertion. That means that you as root can change anyone’s password. You as a user can only change your password. Let’s look at a couple of other commands that are going to be very helpful for us. This is configuring network interfaces with Linux.
So the Linux command to use to configure the network interface is if config and when I’m teaching a class with a lot of Windows users I’ll tell them to type in if config now backspace up and type in if config because normally they’re going to type in IP config. The command is much more powerful than the Windows cousin and you can change nearly any aspect of the configuration at the bash prompt. And we’re going to show you just this only root account has allowed the permissions required to configure the network. If I wanted to display the interface configuration I could type if config ethel this is going to show me Ethos configuration. If I want to bring the interface up or down I simply type in down or up, whichever.
I prefer configuring an interface with a subnet mask. I just put in the IP address and it picks the class of the IP address, which in this case would be a C class. Anything above 191 is C. So 192, 168, one two is a C class, and it would put in a two to 55 255. At 2550 address mask. If I wanted to use an address, for example, ten, one, one two, I’m going to have to supply it a net mask, or otherwise it’s going to put in just the 2550. And what I really want is this one. So you have to specify otherwise. And then we just simply add a default gateway, which is nothing more than another route. And in Windows is nothing more than another route. We just have a separate field for it. So we do route, add default GW and then tell it what interface it’s going to go out on. So let’s take a look at these. And if I type if config, I’m going to show all of my interface configurations, ETH and a local interface.
The one I’m primarily interested in is this one. You can see right here, it’s gotten the IP address 192 168, 14 128. Okay, that’s fine. If I type in ifconfig Ethrow, it shows me just the Ethernet interface. If I type in if config Ethan, you can see by type in ifconfig, again, you can see that the Ethernet interface is indeed down. Now, if I type in ifconfig ETH zero up, it brings that interface back up and more than likely is going to use DHCP to assign an IP address to it.
So let’s try it and see. Okay. Yes, and it assigned the IP address to it right now at 192, 168, 14 128. I can type in if config. Okay, so I typed in something completely different here, and you can see it has indeed changed that IP address to the IP address of the one that I typed in. And so you can see some of the addresses are pretty easy to put in. And likewise, if I was doing a ten dot ifconfig ETH 1223, I guess, as I said before, if I just press Enter right here, watch what it puts on it. It puts a subnet mask of 255, because 100 is a class A address. I’m really wanting to put in a separate mask. So Ethan and then net mask. All right, now, if I type in if config, you can see it’s got that ten dot address on there.
Now the next thing we want to talk about is mounting drives with Linux. And this is not nearly as big of an issue as it used to be because a lot of the distros today will mount the drives for you. So if you plug in a thumb drive it will automatically mount it as a drive if you need to get access to another directory, that kind of thing. It’s not nearly as big of a deal as you would think. And to illustrate that I’m going to actually go ahead and install something on my Linux machine. But before we do that, let’s go ahead and see what actually is happening. So Linux is like one great big file system. So each of it doesn’t have a designation of drives like we do in Windows. It’s one great big file system. So our thumb drive is part of a subdirectory, our network share is part of a subdirectory. So we change directory to get into that device, if you will. When we mount these devices we typically will mount them as HDA One if it’s an IDE type of a device and if it’s a scuzzy device it’ll typically be mounted as SDA for scuzzy. And most of our thumb drives actually are referred to as scuzzy.
Now this tripped me up for the longest time. If I want to unmount a drive you would sure think we would type in unmount, right? It’s not unmount, it’s you mount for the drive. What I’m going to do is I’m going to go ahead and install the VMware tools. I’m going to tell it I want to install VMware tools. It basically says that VMware tools is launched. Notice it mounted this drive for me. So if I click on this right here it will show me the VMware tools. This drive was not mounted before so the CD is nothing more than a subdirectory of this.
Now what I’m going to do is I’m going to change down to the temp directory CDMP and in the temp directory what I’m going to do is I’m going to type in copy and I want to copy the VMware tools to that. So if I just drag this over here you notice that it has created a directory here called Media CDROM. And then inside of that CDROM directory is my VMware tools. So if I wanted to manually get down to this I would have to type in CD and this whole string right here. So I want to copy CPY this particular file and I want to copy it to here.
In other words, the TMP directory. I can illustrate that by just typing in the period sign. So if I press Enter right here. So like I said, I don’t want the Y on there. I copy CP instead of copy. So let’s just do CP, okay? And you notice that it took just a moment or two for it to copy here. If I type in LS. You can see that it did indeed put my VMware tools in here. The next thing I’m going to do is I’m going to want to unbundle this because this one is a Tar file which is similar to a Cab file in Windows where we’re grouping all of it together. But it’s also zipped. It zipped with a GNU version of Gzip. So ganon zip. So it’s zipped. I’m going to need to untar and unzip that.
So what I’m going to do is I’m going to type in Tar xvf and then the name of the file. Now here’s what xvf tim? Now here’s what makes Linux so powerful. All I have to do is type in as much of the file name to make it non ambiguous. Now we have a VM there, that’s a directory and we have a VM lowercase W which is Linux that makes that. So all I have to do is type in VMW and hit the tab key it puts in VMware and I want to put in capital T which makes it non ambiguous and it fills in the rest of that. Now you notice that it’s unzipping or untarring all of those files.
So if I type in LS now you can see we have another directory in there called VMware Tools Distribution. I want to change down to that directory. I’m going to type in VMware all lower case. And you can see it’s got the press tab, I’ve got the VMware tools distribution. I’m going to type in LS to see what we’ve got here. And you can see we have a Perl script in here called VMware Install. So I’m just going to type in VMware. Let’s see if it puts the whole thing in there for me. And I’m just going to step through by pressing Enter, taking all of the defaults on this, installing the most up to date VMware tools on this particular distro. Okay, and now it’s done. Now I’ve got the new VMware tools installed and it’s running.
A couple of things I want to point out to you is when I went through installing the VMware tools, it really ran a shell script, a perl script to actually do some of these things. It used what is called the GNU C Compiler or GCC O and then some program the object of subprogram and here is the source code of that for standalone executables. You may have noticed when I typed in Linux, unlike Windows, does not assume you’re in the current directory. So dot represents current directory and then the program. In my case that was VMware install PL. So some programs make you compile it and configure it. So you would do a make to do that and then a make install. Most of them now use the app Get utility to do this anymore. Let’s look at some of the vulnerabilities. The biggest one is probably the Shellshock vulnerability or the Bash bug. This allows us to do remote execution on a computer. Let’s take a look at this real quick. If we do the environment x colon and then echo an exploit to Bash, we’re trying to get it to run whatever is right here.
The Bash Cell C cat is the command like type is in Windows we cat out a file. So I’m going to type out etc past WD. So what is this doing? It’s printing the past WD file to the screen. So that’s a pretty good size vulnerability that we had. The Pool vulnerability, which actually stands for Padding oracle on Downgrade legacy Encryption. What it’s doing right here? Is it’s trying to tell us, oh, I don’t understand this TLS stuff. Could you downgrade to SSL. Now most of you may not know it, but SSL and TLS are two separate things. SSL is the older version of Secure Socket Layer. TLS stands for Transport Layer Security. So this is what it actually looks like. SSL one, SSL two, SSL three one is really TLS 10. We have TLS one TLS dot two. Let’s say we’re at TLS one two and we’re trying to get it to do something. Oh, I don’t understand TLS one two. Could you relax your encryption back to SSL three where they had found a vulnerability.
And here’s just a real quick little overview of the Poodle vulnerability. So as you can see, we start out here and we make a request to the website at TLS one, two and he says no, no, I don’t understand that. What about one? No, I don’t understand that either. What about 10? No. Nope, nope. SSL three. Okay, yeah, that will work. He can get access to it because SSL 30 is vulnerable. So he does this downgrade rate attack in doing this and you can see Muhaha from an adjacent network.
I can decode the intercepted SSL communication with that. I can hijack sessions, log in to other users to read confidential material so another person sniffing that session can now do this. Why do we want to use Linux boot CDs? Because most of the time we can get whatever flavor of Lens we want in a CD that’s booted. Well, it’s basically because Linux has always been more difficult to do an install on. It’s kind of like if you’re a music conductor, you add a tuba to the band and the trumpet stops playing. They don’t really have a good add remove programs for Linux like they do in Windows.
That is actually changing quite a bit with the App Git series and it’s not nearly what it used to be, but still having everything already installed and doing what you needed to do all in one bootable CD makes for a really nice setup. The most popular security distro on the market is Kali Linux. And Kali Linux has preceded backtrack and you may have seen some of my slides, it said backtrack because this course I’ve been teaching now for about 15 years in reality the most advanced penetration test distribution ever. They’re primarily giving this away at offensive security so they can sell you training. And now these individuals that want to have their new tools put on Kali, I would imagine he’s probably saying, well, that’ll come out of charge. The guy goes by the name of Mutt.
Popular posts
Recent Posts