CompTIA Security+ SY0-601 – 4.1 Tool to assess organizational security. Part 4

  1. Managing Linux Permissions

In this video I’m going to be showing you two commands to change ownership and permissions in Linux. The first one I’m going to show you is a command that allows you to change ownerships of files on Linux and it’s particularly it’s called Change Owner Cho Wn or Shawn. And the other one is going to show how to change permissions on file also known as change mode also pronounced as Chode or C-H-M-O-D. So these two commands here are basically what we’re going to use in order to manipulate files and folder permissions and ownerships. Now I remember studying MCSC and I was a big time Microsoft guy and then I started doing Linux and then when I got to it I was like oh my God, what are all these permission things? It was like seven, seven seven. I’m like what the hell is seven seven seven? And then I found out what it was and it wasn’t that difficult.

So if you’re coming from this Windows background and you know of permissions, linux is going to be a little bit harder for you to learn. But once you get it, it’s not that difficult and you pretty much never forget it. So let’s get right into it here. So I want to show you a file that I have here. So I got this data file. This is the file we created in the last section and we just typed some text. I hope all of you guys pass your exam on the first try. If I go in there on the first try for core two and I close it you’ll notice it allows me to save it. You just click save. Remember this right? Something’s going to happen coming up later so I’m going to click Save. So you’ll notice that I can just go in there and I can save it. Now I want to explain to you ownerships. The first thing we’re talking about is ownerships and Linux.

So I’m going to right click on this. I’m going to go to Properties and I’m going to go to the permission tab. You notice how it has an owner. Now the owner is me, Andy, the user on this computer. Andy owns that particular file. So what you should know about this is I’m going to change the owner, I’m going to make a user, I’m going to change the ownership. Now change in ownership basically you have to remember something to change in owner change in order gives other people the permission to open that file change of file, change permission because they become the quote unquote the owner. Now there’s two things with it there’s groups and users. So users first and groups. So basically users belongs in groups. So you could create groups on Linux and then add users into groups and then assign permissions by groups not necessarily by users.

But in this one here we’re just looking to see how to change a permission how to I’m sorry, change the ownership into particular users and groups. So to do this now, I’m going to keep this open so you could see it as it’s changing. So I’m going to open up my terminal and there’s a couple of things I want to do before I get into the actual change owner command. The first thing I want to do is I want to create a user so I don’t have any other users on this computer. If I go to the settings, you’ll notice that if I scroll down users, I don’t have any just Andy. So what I’m going to do is I’m going to make a user. I’m going to show you a command. I could literally just unlock this and make a user right there. But I’m going to show you guys how to make a user. So we’ll do pseudo. Add user Bob password for Andy new password.

See, Bob just got created in the background. So that’s how you would create a user from the command prompt from the terminal. All right? So we don’t need the full name. You don’t need all this is not needed. Yeah, that’s fine. All that’s needed is basically the username and the password. Now I have two users on my computer, Bob and I have Andy. So I got so don’t forget I created that user. What I want to do, I want to get to my desktop CD space desktop. And if you do LS, it’ll show you that we have the data. TXT and we have the Linux permission. What I want to do is I want to show you guys how to see the permissions. Basically see this when I’m seeing the permissions tab through the terminal. So to do that, you do LS with A and you press Enter and you notice something.

Look at this. You see, now it says Data. TXT. And then it has all these things here. We’re going to come to that later. But you notice how it says Andy? Andy. That means Andy is the user and there’s a group named Andy that’s the owner. So you have all so basically Andy owns this folder, the Andy user and the group. So we could use a command to change this. We could save. Now let’s give Bob the ownership notice that that thing says me. So we’re going to say command you need to know for your exam. Here we go. Owen Tron we’re going to say Bob is taking ownership in this folder and the folder not the folder. I’m sorry, the file is called Data. TXT and we’re going to press Enter. Operation not permitted. You guys know why? Because you forgot to put pseudo.

Okay, so pseudo worked and you noticed right away the me disappeared and but you noticed the Andy group is still there. You see that? So if I do if I do LS s you’ll notice Bob is the user. So Bob basically is the owner that has read Write but Andy still has read, right? So what we could do is we could say Tron and we’re going to give Bob and his group so if you put the user, you put a colon, you put the next thing after that will be the group name we’ll say Data. Now you notice Bob has read Write so his group has read Write All Others is basically read only. So let’s see now I’m going to open this you see, everything says Read only before I change the ownership remember watch this remember I could have added something to this I’m going to try to add and watch what happens now the save is gone.

right? Because I’m not the owner anymore I fall into the category I’m not going to say this I fall into the category of others or also known as Everyone. Right? Now Bob has a read Write. Bob group has read Write and everybody else in the world that can possibly ever get to this file including you at home could only read this file because Bob has read Write, his group and his users. So if I want to take it back now from Bob I would say sudo I’m going to take back my file like Bob and me I want ownership of that thing and I want my group to own it too because I’m going to take ownership of everything to Data. TXT now I am back in the clear here, look me and Andy is replaced if I close that and I open it up, the read only is gone. Now look, I can actually go in there, add stuff to it and look at that.

Now I got the save button so I basically took ownership of the file that’s your own. Now the hard one if you’re thinking that was hard, I’ll come to Linux permissions. Hopefully you guys get this. What I’m about to teach you where I’m going over this in depth it’s really probably beyond the scope of your test all you need to know for your exam is probably that Chamod or change mode changes permission on Linux file. That’s probably all you need to know about. I’m going to show you guys some pretty cool stuff so what we’re going to do is we’re basically I am going to show you guys how to change the permissions. Let’s arrange this so we can see everything nicely. Put the command prompt at the top.

So I am going to show you guys some interesting stuff watch. You see first of all, let’s clear it up you notice how I have owner group others there’s three sets of permissions in Linux owners which is the user, the group is what group they belong to and everybody else so there’s always three sets of permissions. So in Linux, when you set permissions, you set it to these three sets and in Linux there’s only three set three permissions execute and execute really belongs to like executables to be able to open them. Write allows you to open a file, change the file, rename the file, add to the file, delete the file, and read. Just gives you the ability to read to that document. So it’s just three permission. It has execute, write, and read.

And you see those numbers next to them? Those numbers matter because those numbers would give you more permission than is needed combined. So when somebody says seven seven seven, it means that you’re giving somebody the ability to read, write and execute. Why? Because four plus two plus three is seven. And the seven seven seven means the owner gets read them, sorry. The seven seven seven means the owner has read, write, execute the group. Remember there’s three of them, right? So the owner gets read, write, execute. The group gets read, write, execute, and everybody else gets read, write, execute, seven seven seven. So let me put this into play for you and then we’ll explain more of it. I think it’s better showing when I actually do it.

So we are going to do pseudo chamad. And right now you’ll notice. So remember, there’s three levels, right? Me, the group and the others. So right now this group, Andy, has read, write. I have read, write, and others have read. So what I’m going to do is I’m going to change it. I’m going to say that I have rewrite. I want the group to have read, write, and I want everybody else in the world to also have read, write. Maybe it’s a file that everybody in the world should edit. And we’re going to say this to data. TXT. Now, I’m not sure if you saw that, but this changed. This used to say read. Now it’s saying read, write. And now we’re saying allow, execute and file as a program, right? Because we gave them that one that’s with this command, you see watch again, you’ll see a change.

So let’s say you only want everyone in the world to just to be able to read like it was before. So to do that, we’ll change the third one. So remember, the third one represents others. So we’ll say, hey, they only need to read. So we’ll give them four. Now watch the bottom here. See that change? And notice this went away, right? So instead of being checked, I was like, no, we’re not giving them. They cannot execute as a program. And I’ll show you what, I’ll play around with the permissions and you’ll see what I mean. Look, I can open this thing right now. And sometimes these things does give problems when you try to open them.

You know what, I have a check that’s openness and executable. I’m going to open this here and you see, I can edit this. No biggie save, sure. So I could save it, right? But watch what happens if I change this. I’m going to deny my own self permission because I’m only going to give me read so I’m going to say 44 so me and my group can only read. Now watch this so right now I have read, write and I have read so I’m going to say enter that. Now look at this read only, read only. Watch what happens when I open my own file. See, now it says read only. See if I add to it and I can’t save it now you got to save it as something else. Why? Well, because I changed it to permission but maybe I’m going to give myself right, access.

So write access would be a two, so a two, let’s see now so you know what? I give myself write access, you know what, I need that read also so what happens if I want to do read and write? There’ll be a six, right? You just got to add them up. Let’s see so now I have read and write, you can see how that changed and I can go ahead and open this now I have the ability to read and write to it. The group is also the same thing. So when they say seven seven seven basically what that means. Now that really when you start giving people execute me, they can really open the executable realistically, you may just want to give everybody me read, write you may want to give my group read, write and maybe I just want to give the outside world just read.

I think six, six, four is good permission, especially on a text file. This is how it was before, so now I can read write, my group can read write and everybody else can read on this. If you want the world to edit it, then give them a six also. So there’s all kinds of permissions you can do read and execute it if you want to just open a file with the five you could go in there and put in the actual permissions. If I do LSL, you could go in there and then put these instead so you don’t have to use the command by using numbers. I use the numbers in this one because I thought it was pretty easy it’s much easier with the numbers because then you can go in there and you can put a X, you can put a dash W if you want for just for read you could put a WX.

This is read and this is right and execute. You see all the command seven is basically rewrite execute. All right? Lots of different things there. Hopefully you guys got that. As your career goes up in Linux, you’re going to be using these commands a whole lot more, especially when you start doing file permissions, maybe when you take your Linux. Plus, not to mention if you’re going to be doing my other classes, my more complex hacking class. And we do a lot of file permissions and changing permissions, especially when we’re getting into the core of this. You’ll need to know this. All right, so these were some Linux permission commands. Let’s keep going.

  1. Shell and script environments

In this video, I’m going to be talking about shell and script environments, basically environments that allows us to control and connect to our computers, an environment that secures our environment, so I should say, ways of securing our environment. Okay, so let’s get started. So when it comes to administering Linux boxes, the Goto is SSH. In previous videos, I had shown you how to set up SSH on Kali Linux in order to make it work, and in order to SSH into the box, we even use tools to get in there. SSH is the default and should be the default way to administer command line systems such as Linux, Cisco routers and switches, and other devices. Windows not so much, because Windows uses PowerShell. So PowerShell is basically the Windows command line that allows you to do more stuff than just the regular command line that Windows has.

If you’re a Windows administrator, you’re going to be using PowerShell a whole lot. Even nowadays of installing and manipulating Active Directory objects and setting up different objects requires PowerShell. If you’re manipulating and editing Python scripts, you have a Python environment for that that you can download and install. This would allow you to edit Python scripts and Python programs if you have access to the source code. Now, OpenSSL OpenSSL is basically a framework, and basically it’s a framework that application administrators will use to install in their applications so they can achieve SSL connections, allowing them to set up secure connections between the applications and the users. Okay, really quickly, a quick video here on some different shell and scripted environments that are out there.

  1. Exploitation frameworks

In this video, we’re going to be talking about exploitation Framework, password crackers, and data sanitization. Let’s get started. The first one up is Exploitation Framework. So these are giant frameworks that are made that contains all the vulnerabilities that are posted in the CVE. What this allows you to do is basically conduct talk to remote exploits against machine from a giant database of exploit. Without a doubt, the most popular exploitation framework is Metasploit. Now, Metasploit is something that you can pay for it or you can also get a free version. It is in Kali Linux as a free tool. Now, if I go into it, okay, this is memory dump here. If I go into it into Metasploit, notice everything called exploit database, right? So Exploitation Tool, the Metasploit framework okay, give it a second here is already initialization.

Starting the metasploit framework. Now, the Metasploit framework, here it is. It’s up and running. I was thinking about doing some commands to it, but Metasploit deserves its own class. I mean, Metasploit is something that I spend about 3 hours going over in my ethical Hacking class. What I want you guys to know in this course is Metasploit is an exploitation framework. It allows me, let’s say I have a server over there that has its old it’s running an old copy of Windows, doesn’t have any updates. Metasploit confined vulnerabilities and exploited furman. It’s used by security administrators as an amazing tool to help tell us where our weaknesses are. But it’s also used by hackers to exploit us. Remember, we could use a knife to commit murder or make dinner.

So just know what it is. I would suggest not going down this rabbit hole of Metasploit right now. It will consume your time. There is a beautiful Windows interface to it too, if you want to use that too. I wouldn’t suggest doing this finisher certification that you’re doing, then have some fun and you’re ready to study Pen test and you’re ready to get your Ce certification. Definitely. You’re going to be using this a whole lot. Okay? The other thing here we’re talking about is password crackers and this is something that I’ve covered with you guys. At the beginning of this course we talked about using hashcat. We used the rainbow tables like crack station. We had used the Cane enabled to do brute force them. The other thing that we talked about is data sanitization is removing data permanently.

Now, there’s two ways of doing this. You can do it physically or logically. So the physical way would be like shredding the drive, incinerating the drive, degossing the drive. And then the logical way would be to use basic software to do it. Like Bleach bit is a piece of software that basically races the drive completely. Bleach bit works well in lee, raised the drive or write the drive multiple times. But the true way to do Data sanitization and get rid of it would be to physically disrupt, such as shredding the driver, the Gloss in it, at least. Okay, just a quick video here on just some different things here. Remember, don’t get into metasploit yet. I know what I’m telling you.

I remember getting into it a long time ago, and it consumed so much of my time. I want you guys to keep going, to keep moving forward. Finish up this course and finish up the certification.

  1. Forensics tools

In this video, I’m going to be talking about some forensics tools that you may see pop up on your exam. Now, we haven’t really gotten to data forensics yet, but you got to remember something about forensics. It’s about gathering evidence and it’s about preservation of the evidence. Where is the evidence? The evidence is on your computer. When crimes are committed today, where does people store the evidence on the computer? Maybe they murdered someone, but they were looking at they were looking online to how to dispose of a body. They may have been looking at the easiest way to kill someone. Maybe if they were hacking businesses, they would have searched up different tools.

So getting emails and stuff like that, there’s a lot of tools that are available to help forensics investigators go through it. Now, this is not a forensics class. I’m basically going to explain what they are to you. Some of these tools, they do have. One of them autopsy that I’ll show you. That’s a free one that you can get. But let’s take a look at some of these tools here that’s mentioned. So the first one up is DD. Now DD is basically it allows you to copy files in Linux, right? So the DD command is a copy files. If you took my A plus class, we went over that. So if you’re doing forensics, you want to make sure that you copy the entire drive. You never work on the actual hard drive because you don’t want to tamper with the evidence.

So you got to make a direct copy of that drive, of that disk. The other one is memdump. So Memdup is basically a command that dumps the memory. This is a Linux command that dumps memory, the Ram of itself because you want to capture the Ram. You see the last couple of actions that was taken when the hacker was in the machine, that basically is in the Ram. So if you turn the computer off, you lose it. One of the things you must do when gathering evidence is never to turn the computer off. You don’t want to lose the contents of Ram. You want to dump the Ram and store the Ram. Now another thing here is Win Hex. Now, Win Hex is a utility that does quite a lot. It can help to image rise. It can help to edit Ram and copy the contents of Ram.

You know what, this one I could show you here, you can actually download a you guys can actually download a trial of this thing, I believe. So this one here is a Hex editor. It’s a disk editor. It’s used for forensics data. It does allow drive images, does allow for backups, does allow for encryption. It makes hashes of drive. So if you edit them, it’ll be able to tell you that. Great piece of utility here. The other one we want to mention is the FTK imager. So Ftkd access data forensics toolkit. This here is going to allow us to take and make perfect images of hard drives. Now remember, when you gather evidence, you never want to work on the actual drive. You want to take an image of the drive. Now generally you’ll send the drive to forensics labs for them to take the image.

They do what’s called a bit by bit image or duplication of the drive, the original drive. Let’s say a hacker hacks the organization and the evidence is on this computer. When the forensics investigator comes, they take out the drive out of the machine and they send it to forensics lab with the image. It the original drive must never be used because you can be tampering with the evidence. So you don’t want to boot it up. If you boot up the drive, it’ll kill all the timestamps. We’ll talk about the order of volatility coming up later in the class when I’ll tell you what is it that you want to preserve in a certain order. But this particular software is going to allow us to take an image of it. Now the other one here is a free software that you can download to help do forensics investigation.

And I have downloaded it and I’ll quickly show you what it looks like. So this autopsy is basically a free forensics tool that you can use. I actually have this installed on my desktop. I installed it there because it’s good at recovering files, not just if you want to do forensics analysis. So here I have it and it’s installed. This is the tool of itself. And basically when you open it, you create what’s known as a case and you assign an examiner to it. Then you get to add in what’s called data sources. We want to add another one. You would add in data sources. You can add in log file on located space. You can even do an imager. You can do a disk image. So what I did was I added in a local disk and the local disk that I added in here was this edrive. And you notice how I have some messenging.

I have a couple of Outlook messages. I got a couple of pictures here that I added in. I just added this in just to put that there. And basically this thing goes into an analysis mode and it starts to analyze all the files that are there. And you can see I can go down here and I can go by extension. And now look at this. It’s telling me that there are three images that is on this drive. So this thing categorizes. It shows you when the images was made, shows you where they’re stored. It even tells me this metadata is a couple of email messages here. So we can look at the metadata for spring this up. You can look at the metadata for it. You can see that this was created in Microsoft Outlook. It had some keywords attached to it. Here’s a hello message. And so this here very useful utility. Now if I had deleted any files it’ll try to bring those files back to them.

And this is what I was using it for that computer to recover files. Forensic software, especially this free one are amazing utility because you think about it when the hacker finished completing the hacker completing the crime, basically they delete the files. But this software can bring it back for you. Okay? This is just a scratch of the surface of introduction of what you need to know for your exam. You guys can play around with some of this utility. Of course this can put you into the whole world of forensics, which is an interesting world. Maybe one day, maybe in another time in my life or if I were to walk this earth again, maybe I would have got into this. I really like this concept of doing this. I just never got got into it. I stayed with Pen Test and okay, have some fun with this. Let’s keep going.

img